Security Risk in a Border

parathyroidsanchovyΤεχνίτη Νοημοσύνη και Ρομποτική

17 Νοε 2013 (πριν από 4 χρόνια και 1 μήνα)

75 εμφανίσεις

©
Cukic

2010

CITeR

The Center for Identification Technology Research

An NSF I/UCR Center advancing integrative identity management research

Balancing Throughput and
Security Risk in a Border
Management System

Bojan Cukic


Lane Department of CSEE

West Virginia University


Dagstuhl Seminar 10431



©
Cukic

2010

2

Framework

UML Model with performance
annotations

Performance Model

Risk
Model

Application’s

Performance/risk feedback

©
Cukic

2010

Risk function

Risk in Border Management

Traveler Queues

Watch Lists / Identity DB


Legend

=Required Signal

=Optional Signal

= Movement

Public Key Directory


Secondary Inspection /
Detainment

Border Access

=Optional Movement

Inspection Stations

(w/ biometric )

Local,
distributed,
or central?

Modality,
quality,
scalability,
update, access ?

Acceptance,
modality,
quality?

Modality,
vulnerability,
exceptions,
throughput?

False Non
-

Match Rate,
Inconvenience acceptance?

False
Match Rate

©
Cukic

2010

Risk Model Parameters


Which biometric modality /algorithm meets
security requirements?


Impostor arrival rate varies


One in thousand passengers (10
-
3
)


One in hundred thousand passengers (10
-
5
)


One in ten million passengers (10
-
7
)


Misclassification cost ratio

μ
=C(+|
-
):C(
-
|+)


It is 100 times more costly to miss an impostor
(10
-
2
)



10,000 times more costly to miss an impostor
(10
-
4
)


1,000,000 times more costly to miss an impostor
(10
-
6
)


100,000,000 times more costly to miss an impostor
(10
-
8
)

©
Cukic

2010

5

Modeling Approach


System architecture is nontrivial


Static and dynamic architectural aspects using UML.


Quantitative performance models using LQN.


Risk analysis


Border security systems rely on identity verification.


Validity of traveler’s biometric information.


Checks through
watch lists.


Cost Curve modeling.


©
Cukic

2010

Face Recognition Classification

2006 Face

Recognition

Vendor

Test (FRVT)

©
Cukic

2010

P(+)=0.01

P(
-
)=0.99

Face recognition cost curves

1E
-
3

1E
-
2

1E
-
1

1E
-
4

P(+)=0.001

P(
-
)=0.999

P(+)=0.0001

P(
-
)=0.9999

©
Cukic

2010

Feasibility Analysis:

In feasible implementations, FMR is NOT ACCEPTABLE!

©
Cukic

2010

Performance considerations

Top performance drivers


A
:

Fingerprint

capture


B
:

Face

capture


C
:
Inspection

Data


D
:
Review

Documents


E
:
ReviewDocuments

Secondary

Inspection

A:20 sec

B:8 sec

C: 3 sec

D: 13 sec

E:450sec


A:10 sec

B:3 sec

C: 2 sec

D: 16 sec

E:450sec

Total waiting time:15.4 min


A:11 sec

B:3 sec

C: 2 sec

D: 10 sec

E:430sec


High Cost
,

High Benefit

Low Cost
,

High Benefit

High Cost
,

Low Benefit

Performance

options under

the same risk

factors, one

arrival rate…

Low Cost
,

Low Benefit

©
Cukic

2010

Summary


Framework to integrate an analytical performance
model with a security risk model. .


Minimize the risk of identity management errors, while
maintaining acceptable passenger throughput.


Currently


Developing and evaluating adaptation control options.


Evaluating the impact of biometric fusion algorithms.


Challenges


Contexts
:


Unseen arrival distributions (A380!).


Requirements:


Proactive risk management (country of origin
-

based)


Can workload impact security risk?


Justification and explanation

of operational configurations.


Are
human operators
subject to adaptation suggestions?