Beruflich Dokumente
Kultur Dokumente
However
Copyright Daon, 2009 5
How Do We Compete?
Countermeasures are required:
Enhanced Capture Software Secured Systems New Capture Devices Multi-factor Multi-modal Supervision & Oversight guiding standard and principles Ability to react through flexible technology and process
Biometric matching has been a technology- and tool-centric field. A Defense-in-Depth method of dealing with biometric & identity-related concerns takes a more holistic approach:
People
Technology
Copyright Daon, 2009
Operations
8
11
10
Data Collection
Signal Processing
Matching
Decision
Key Considerations: There is no perfect identity authentication method every form of authentication has vulnerabilities The entire identity eco-system is vulnerable to attack Dont just secure the point of authentication Consider systemic weaknesses as well Must provide a defense-in-depth strategy
Copyright Daon, 2009 10
Security by Design
Security should be designed into a solution and not bolted on after the fact All solutions MUST be designed using industry-best security principles Encryption of data both in transit and at rest Use of strong cryptographic techniques (e.g. HSMs) Robust key management Non-repudiation of events Authorization of function Integrity protection data and system Uses industry proven techniques no security by obscurity Biometrics systems are vulnerable to attack at several points in the process: data collection, signal processing, data storage, and decision/action point
Copyright Daon, 2009 11
Defense in Depth
So How do We Design in the Countermeasures? Location Threats
Device substitution
Person Perspective
System Perspective
Storage
Verifier
11
10
Data Collection
1 2
Signal Processing
3 4
Matching
8
Decision
Example Countermeasures
Liveness detection - Challenge/response Multi-modal, policy-based Mutually authenticate device Vendor agnostic architecture Sign data, timestamp, session tokens/nonces, HSM, FIPS Sign components Debugger hostile environment Coarse scoring, trusted sensor, secure channel, limit attempts DB access controls, sign/encrypt templates, store on secure token Audit, digital signature Protected function, data protection
12
Replay attack (Software) Component replacement Manipulation of match scores Hill climbing Database compromise (reading/replacing template, changing bindings) Threshold manipulation
7 - Storage
9 Decision
13
In Summary
Biometrics enable stronger defense against cyber security attacks but biometric systems need to ensure that they dont become a platform for launching an attack themselves Design Security In Dont just bolt it on
Protect biometric systems using a holistic approach Ensure all data is encrypted (in motion and at rest) Ensure robust key management and distribution Signing of all parties in a transaction Tamper evidence and integrity checks throughout system Audit trails and non-repudiation Consider all points in a solution and look for vulnerabilities
15
Universality/Inclusivity becomes a major issue for large populations Multi-Modal solutions work best Systems need an adaptive architecture that can incorporate these new modes and leverage technology improvements over time
The most progressive, modern systems begin as a multi-biometric platform with built in systemic security & privacy safeguards and add different biometric capabilities as needed over time!
16
Multi-biometric Fusion
Use fusion to improve accuracy and robustness
Increase accuracy beyond single biometric matching Reduce FTE (broaden population) Spoof/denial resistance Cope with poor quality data Sensor/user fault tolerance
100.0000% 100.0000%
Choose a platform that enables multiple biometrics to ensure optimized performance Multi-biometric systems provide key advantages:
Increased accuracy (noise reduction) Enhanced Usability Greater Universality Improved Security Improved performance (FMR, FNMR)
10.0000%
1.0000%
Performance of large scale identity programs can be significantly improved through the use of multiple biometrics. Large scale systems should establish a core multi-biometric platform first and then choose the most applicable algorithms to suit their population, commercial and performance needs
Copyright Daon, 2009 18
In Summary
There is NO perfect biometric type There is NO perfect biometric device or algorithm Biometric performance will continue to increase over time, costs will decrease Spoofing attacks will continue and gain in frequency and complexity A flexible framework is needed to counteract these attacks Multi-biometric systems provide best defense with ability to continually add new technology components Policy based normalization and fusion should be kept independent of biometric matching algorithms Adopt a platform that enables you to take advantage of technological improvements over time
19
20
Answer: Deploy an analysis and adaptation engine that enables you to do what-if analysis and understand consequences of changes ahead of implementation Identify and correct weak points ahead of cyber attackers Automate performance analysis of what-if scenarios:
Algorithms: Matching, Quality, Fusion Devices/sensors Interoperability: Cross-device analysis, multi-algorithm scenarios Protocols e.g. 1:1, 1:N, #attempts, preferred sample types
Copyright Daon, 2009 21
1.0E-01 517_Face_C 517_Finger_LI SUM: MinMax SUM: Zscore SUM: MAD SUM: TanH PROD: FNMR PROD: Liklihood 1.0E-02
22
23
In Summary
Vendor independence provides both a monetary ROI and a cyberthreat risk mitigation Leverage concept of master broker to orchestrate operations of biometric components Ensure a vendor independent framework is put in place Ensure (i.e. prove positively) that your solution is independent of any single biometric technology provider Maintain strict data independence from underlying device or matcher technology Large scale programs can clearly benefit for performance analysis tools to ensure optimum use of biometrics Deploying a system that leverages synergies between an identification broker and analysis tools enables systems to be self optimizing over time yielding better performance and mitigating against cyber security threats
Copyright Daon, 2009 24
25