Beruflich Dokumente
Kultur Dokumente
Agenda
Statistical Research Background on Biometrics Overview of Biometrics
Empirical Data
Yearly cyber crime cost in the US is over
$377 million and rising CSI/FBI Study Federal Trade Commission found that identity theft accounted for $48 billion in losses to business over the past five years
First introduced in the 1970s and early 1980s This technology gathers unique physiological or behavioral attributes of a person for storing it in a database or comparing it with one already found in a database. Reason for biometrics include the positive authentication and verification of a person and ensuring confidentiality of information in storage or in transit
Biometrics
2 Categories of Biometrics
Physiological also known as static biometrics: Biometrics based on data derived from the measurement of a part of a persons anatomy. For example, fingerprints and iris patterns, as well as facial features, hand geometry and retinal blood vessels Behavioral biometrics based on data derived from measurement of an action performed by a person and, distinctively, incorporating time as a metric, that is, the measured action. For example, voice (speaker verification)
The user submits a sample that is an identifiable, unprocessed image or recording of the physiological or behavioral biometric via an acquisition device (for example, a scanner or camera) This biometric is then processed to extract information about distinctive features to create a trial template or verification template Templates are large number sequences. The trial template is the users password.
Overview of Biometrics
Biometric Iris Acquisition Device Infrared-enabled video camera, PC camera Sampl e Black and white iris image Feature Extracted Furrows and striations of iris Fingerprint Desktop peripheral, PC Fingerprint image (optical, card, mouse chip or silicon, ultrasound or reader embedded in touchless) keyboard Microphone, telephone Voice Recording Location and direction of ridge endings and bifurcations on fingerprint, minutiae
Voice
Signature
Image of Signature and record Speed, stroke order, pressure of related dynamics and appearance of measurement signature Relative position and shape of nose, position of cheekbones
Face
Video Camera, PC camera, Facial image (optical or single-image camera thermal) Proprietary Wall-mounted unit
Hand
3-D image of top and sides of Height and width of bones and hand joints in hands and fingers Blood vessel patterns and retina
Retina
Strengths
Very stable over time Uniqueness
Weakness
Usability
Potential user resistance Information security access Requires user training control, especially for Dependant on a single vendors Federal Institutions and technology government agencies Physical access control (FIs and government) Kiosks (ATMs and airline tickets)
Fingerprint
Most mature biometric technology Accepted reliability Many vendors Small template (less than 500 bytes) Small sensors that can be built into mice, keyboards or portable devices Most proven over time Temperature stable
Optical
Large physical size Latent prints CCD coating erodes with age Durability unproven
Strengths
Small physical size Cost is declining
Weakness
Requires careful enrollment Unproven in sub optimal conditions
Usability
Ultrasound
Voice
Good user acceptance Low training Microphone can be built into PC or mobile device
Unstable over time Changes with time, illness stress or injury Different microphones generate different samples Large template unsuitable for recognition
Signatures
Unstable over time Occasional erratic variability Changes with illness, stress or injury Enrollment takes times
Portable devices with stylus input Applications where a wet signature ordinarily would be used.
Hand
Small template (approximately 10 bytes) Low failure to enroll rate Unaffected by skin condition
Physical size of acquisition device Physical contact required Juvenile finger growth Hampered by temporary physical injury
Retina
Requires user training and cooperation High user resistance Slow read time Dependent on a single vendors technology
IS access control, especially for high security government agencies Physical access control (same as IS access control)
Biometric cannot be lost, stolen or forgotten; it cannot be written down and stolen by social re-engineering By implementing biometrics organizations can positively verify users identities, improving personal accountability In conjunction with smart cards biometrics can provide strong security for Public Key Infrastructure (PKI)
Misuse of Data
Health/Lifestyle Specific biometric data has been linked with the information beyond which it is set out to be used for such as AIDS. Is a person able to control the information gathered on himself/herself? Law Enforcement The template database may be available for law enforcement Credit Reporting The template database may be cross referenced against other databases including those held in hospitals and the police departments, by a credit reporting agency
Function Creep
for identification. A British company, Mastiff Electronic System Ltd. Is working on such a system DNA Matching The is the ultimate biometric technology that can produce proof positive identification of an individual Keystroke Dynamics Keystroke dynamics, also referred to as typing rhythms, is an innovative biometric technology
Conclusion
1.
2. 3.
All authentication methods are prone to errors. Nevertheless, reliable user authentication must ensure that an attacker cannot masquerade as a legitimate user Biometrics is uniquely bound to individuals and may offer organizations a stronger method of authentication Biometric systems are not foolproof; they can be compromised by:
Submission of another persons biometric Submission of enrollees biometric with the user under duress or incapacitated
4.