Biometrics

Agenda
Statistical Research Background on Biometrics Overview of Biometrics

How they work

Strengths, Weakness and

Usability of Biometrics Conclusion

Empirical Data
Yearly cyber crime cost in the US is over

$377 million and rising CSI/FBI Study Federal Trade Commission found that identity theft accounted for $48 billion in losses to business over the past five years

Background on Passwords & Biometrics

Biometrics

First introduced in the 1970s and early 1980s This technology gathers unique physiological or behavioral attributes of a person for storing it in a database or comparing it with one already found in a database. Reason for biometrics include the positive authentication and verification of a person and ensuring confidentiality of information in storage or in transit

Biometrics
2 Categories of Biometrics

Physiological also known as static biometrics: Biometrics based on data derived from the measurement of a part of a persons anatomy. For example, fingerprints and iris patterns, as well as facial features, hand geometry and retinal blood vessels Behavioral biometrics based on data derived from measurement of an action performed by a person and, distinctively, incorporating time as a metric, that is, the measured action. For example, voice (speaker verification)

Biometrics How do they work?

Although biometric technologies

differ, they all work in a similar fashion:

The user submits a sample that is an identifiable, unprocessed image or recording of the physiological or behavioral biometric via an acquisition device (for example, a scanner or camera) This biometric is then processed to extract information about distinctive features to create a trial template or verification template Templates are large number sequences. The trial template is the users password.

Overview of Biometrics
Biometric Iris Acquisition Device Infrared-enabled video camera, PC camera Sampl e Black and white iris image Feature Extracted Furrows and striations of iris Fingerprint Desktop peripheral, PC Fingerprint image (optical, card, mouse chip or silicon, ultrasound or reader embedded in touchless) keyboard Microphone, telephone Voice Recording Location and direction of ridge endings and bifurcations on fingerprint, minutiae

Voice

Frequency, cadence and duration of vocal pattern

Signature

Signature Tablet, Motionsensitive stylus

Image of Signature and record Speed, stroke order, pressure of related dynamics and appearance of measurement signature Relative position and shape of nose, position of cheekbones

Face

Video Camera, PC camera, Facial image (optical or single-image camera thermal) Proprietary Wall-mounted unit

Hand

3-D image of top and sides of Height and width of bones and hand joints in hands and fingers Blood vessel patterns and retina

Retina

Proprietary desktop or wall Retina Image mountable unit

Strengths, Weaknesses and Usability of Biometrics

Biometric
Iris

Strengths
Very stable over time Uniqueness

Weakness

Usability

Potential user resistance Information security access Requires user training control, especially for Dependant on a single vendors Federal Institutions and technology government agencies Physical access control (FIs and government) Kiosks (ATMs and airline tickets)

Fingerprint

Most mature biometric technology Accepted reliability Many vendors Small template (less than 500 bytes) Small sensors that can be built into mice, keyboards or portable devices Most proven over time Temperature stable

Physical contact required (a problem in some cultures)

Association with criminal justice

Vendor incompatibility Hampered by temporary physical injury

IS access control Physical access control Automotive

Optical

Large physical size Latent prints CCD coating erodes with age Durability unproven

Strengths, Weaknesses and Usability of Biometrics

Biometrics
Silicon

Strengths
Small physical size Cost is declining

Weakness
Requires careful enrollment Unproven in sub optimal conditions

Usability

Ultrasound

Most accurate in sub optimal conditions

New technology, few implementations Unproven long term performance

Voice

Good user acceptance Low training Microphone can be built into PC or mobile device

Unstable over time Changes with time, illness stress or injury Different microphones generate different samples Large template unsuitable for recognition

Mobile phones Telephone banking and other automated call centers

Signatures

High user acceptance Minimal training

Unstable over time Occasional erratic variability Changes with illness, stress or injury Enrollment takes times

Portable devices with stylus input Applications where a wet signature ordinarily would be used.

Strengths, Weaknesses and Usability of Biometrics

Biometrics Strengths Weakness Usability
Face Universally present Cannot distinguish identical siblings Religious or cultural prohibitions Physical access control

Hand

Small template (approximately 10 bytes) Low failure to enroll rate Unaffected by skin condition

Physical size of acquisition device Physical contact required Juvenile finger growth Hampered by temporary physical injury

Physical access control Time and attendance

Retina

Stable over time Uniqueness

Requires user training and cooperation High user resistance Slow read time Dependent on a single vendors technology

IS access control, especially for high security government agencies Physical access control (same as IS access control)

Comparison of Different Biometrics Technology

Promise that Biometrics hold for Privacy

Increased Security

Biometric cannot be lost, stolen or forgotten; it cannot be written down and stolen by social re-engineering By implementing biometrics organizations can positively verify users identities, improving personal accountability In conjunction with smart cards biometrics can provide strong security for Public Key Infrastructure (PKI)

Perils that Biometrics hold for Privacy

Privacy is one of the leading inhibitor for

biometrics technology. Main issues:

Misuse of Data

Health/Lifestyle Specific biometric data has been linked with the information beyond which it is set out to be used for such as AIDS. Is a person able to control the information gathered on himself/herself? Law Enforcement The template database may be available for law enforcement Credit Reporting The template database may be cross referenced against other databases including those held in hospitals and the police departments, by a credit reporting agency

Function Creep

Future Trends in Biometrics

Body Odor Body odor can be digitally recorded

for identification. A British company, Mastiff Electronic System Ltd. Is working on such a system DNA Matching The is the ultimate biometric technology that can produce proof positive identification of an individual Keystroke Dynamics Keystroke dynamics, also referred to as typing rhythms, is an innovative biometric technology

Conclusion
1.

2. 3.

All authentication methods are prone to errors. Nevertheless, reliable user authentication must ensure that an attacker cannot masquerade as a legitimate user Biometrics is uniquely bound to individuals and may offer organizations a stronger method of authentication Biometric systems are not foolproof; they can be compromised by:

Submission of another persons biometric Submission of enrollees biometric with the user under duress or incapacitated

4.

A prudent balance between Security and Privacy needs to be achieved