Biometric Authentication - FSU Computer Science

dashingincestuousΑσφάλεια

22 Φεβ 2014 (πριν από 3 χρόνια και 4 μήνες)

59 εμφανίσεις

Computer Security

Biometric
authentication


Based on a talk by

Dr J.J. Atick, Identix, “Biometrics in the Decade of Security”,

CNSS 2003



Biometric authentication

Framework for security

Trust

Identification

Biometrics

fingerprints

face

iris

Biometric authentication

Framework for security

Physical or logical access

should be based on

trusted gated actions

Biometric authentication

Biometrics are uniquely qualified for

this purpose:


Individual uniqueness


universality


accuracy


easiness


permanence


non
-
intrusiveness


cannot be lost, forgotten, stolen

Biometric authentication

Fingerprints


Image


Minutiaes


Fingerprint


based on irregularities (minutiae)


Biometric authentication

Face recognition


Image


Nodal points


Face print


based on facial skin irregularities
(the skull is 3
-
dimensional, the kin
is 2
-
dimensional)


Biometric authentication

Iris recognition


Image


Iris pattern


Iris
-
print

Finger-scan
Facial-scan
Middleware
Hand-scan
Iris-scan
Voice-scan
Signature-scan
Keystroke-scan
Biometric Market

Market Evolution

Government


Law enforcement


Federal Agencies


DoD


National ID Programs


Regulated Industries


POS


Financial Healthcare


Transportation



Commercial


E
-
commerce


Transactions

Common Access Card

DoD Common Access Card



Biometric Smart Card to enable trusted identity
throughout the enterprise


Logical and physical access


Evaluating fingerprint biometrics for military ID cards


Already half way through (expected roll
-
out by 2005)

Enhanced Border Security

Entry/Exit Program



Protect, control & monitor access & entry into US


Background check on visa applications


Finger & face opportunity


Visa reform


Ability to check on visa applicants


Biometric smartcard as new visa


Worldwide reverberations

International ID Programs

Several Foreign countries are in the process

of implementing national ID programs



Fingerprint, facial and iris biometrics for national
ID cards


Fingerprint biometrics for national healthcare
programs


Fingerprint biometrics for passports


Platform for security


Enrollment & Registration


Qualification


Requirements of Trust


Biometric Identification


Only: finger, face, iris


Secure Credential Issuance


Access


Physical, logical


Surveillance

Platform for security


Enrollment & Registration


Qualification


Requirements of Trust


Biometric Identification


Only: finger, face, iris


Secure Credential Issuance


Access


Physical, logical


Surveillance

Enrollment & Registration



Critical step, could be costly if not


done properly


Data must be in vendor independent
formats


Standard formats: e.g.ANSI/NIST
-
ITL 1
-
2000


Data can be very valuable

Qualification

Answer two questions


Is the identity unique?


Can it be granted trusted status


Requires


Search in a registration database


Submission to watch list & criminal database

Requirements of Trust


State mandates


Healthcare, school workers, banking state
employees insurance


Federal Mandates


Transportation workers


Airlines, airports


Postal workers


Government employees


Visa applicants, trusted travelers


Passport and National IDs


Corporate enterprise

Biometric Identification

Only finger, face, iris



Finger & face have unique position
because of existing databases


Finger requires live scan 10 print
rolled fingers


Major breakthroughs in imaging make
it easier to capture high quality prints


Quicker turnaround


Low rejection & rechecks

Facial for Identification


In many cases face is only available only
finger, face, iris


Performance


Rank 1 identification


80%


Compare with single finger 90% (db size
10,000)


NIST & FRVT2002



Not perfect yet delivers significant value


Improving performance

Secure Credential Issuance

Impedes tampering & forging.


1.
Badging screened applicant

2.
Smartcard

1.
On Chip


Credentials, PKI certificate, Applications

2.
Secure Markings

3.
Photo

4.
Color Coding

5.
Basic info: name, exp date, signature, etc

6.
Magnetic stripe and/or Barcode data

Access


Physical access


Buildings, offices, Safe Deposit boxes,
Parking lots, etc


Logical access


Authentication, Authorization,
Internet, WAN, LAN, Wireless, etc


Universal access


Home, office, any location, travel, etc



Detection


Watch lists: facial & fingerprint
databases


Biometrics can be used to detect in
real time individuals on the watch
list


On demand screening


Checkpoint surveillance

Detection: on demand screening


Fingerprint systems for INS
enforcement


border checks


Mobile identification


IBIS
(Identification Based Information Systems)


Travel document screening

Mobile identification
-
IBIS

Mobile PDAs with finger sensors &

Cameras.

Access to


Secure wireless communication


ID Document surveillance


Travel documents readers


Watch list alarm


Use standard existing travel
documents


Creates manifest

Checkpoint surveillance


Security tool just like metal
detectors & luggage scanners


Ensures that each face passing
through a checkpoint is checked
against the watch
-
list database.

ID Document surveillance


Travel documents readers


Watchlist alarm


Use standard existing travel
documents


Creates manifest

Biometric smartcards


the trust triangle




Discuss Security

Issues

Smartcard


-

PK, certificate


-

SK


-

Else???

User

-

Password ???

-

Smartcard


Reader

Application