The Basics of Biometric Authentication

licoricebedsSecurity

Feb 22, 2014 (3 years and 6 months ago)

77 views

1
The Basics of Biometric
Authentication
Dr. James L. Wayman
2
Proposed ISO/IEC
Definition
•“Biometrics” is the automatic recognition of
individuals based on biological and behavioural
traits
–If a person is recognized, a record for that
person can be returned. That record is the
“identity”.
•Validity of the data in the record is
independent of the biometric data
•The connection to informational privacy
–If a person is not recognized, a flag “not
recognized” can be returned
3
A Variety of
Applications
•Prevent multiple users of a single identity
–Recognition is good
•e-Passport
•Prevent multiple identities of a single user
–Non-recognition is good
•EURODAC
•UAE
•Programs can do both
–National ID card
•But biometrics does not validate the data in the record
•Biometrics cannot substitute for “identity management”
4
U.K. Leadership in
Human ID
•Grew (1641), Londonderry (1691)
•The need for continuity of recognition of humans over time
–1853 –Penal Servitude Act (Parole)
–1869 –Habitual Criminals Act (Perversity of perpetrator)
•Galton, Faulds, Hershel, Henry (1888+)
•Watson (1953)
•NPL and AEA (1970s)
•Jefferys(1985)
•AfB(1992)
•Daugman(1994)
•BWG (1999)
•SC27/37
5
The Major Technologies
•Face
•Fingerprint
•Hand/finger geometry
•Iris
•Voice
6
The Varieties of the
Human Condition
Office
Worker
Adult over 55ChildCollege
Student
Office
Worker
+ 6 weeks
7
Errors, Accessibility
and Public Systems
•Humans are problem prone!
•The analogy to public transportation
–Provision for those with special requirements
•Luggage, prams
•Wheelchairs
–Provision for assistance
•Confused non-Londoners
–Provision for security
•Gate jumping
8
Successes
•National Law Enforcement
–NAFIS
•Border Crossing
–BAA trial
–SmartGate
–SchipolPrivium
•Large-scale Access Control
–Disney World
•Local Access Control
–BarlinniePrison
•Benefits Management
–EURODAC/IND
–US State Department Consular Consolidated Database
9
Difficulties
•Inadequate provision for human problems
–1990 Barcelona World Games
•Cost/benefit uncertainties
–INSPASS
–US State Welfare Programs
•Security failures
–Schipol“Travel Pass” (1992)
•Legacy record management
–Argentina National ID
•Integration
–IAFIS/IDENT
•No commercial acceptance
–Intellitrak, Innoventry
10
Distinguishing “Known”
from “Unknown”
Does relate to professional criminals
•INTERPOL exchange of fingerprint data
–Border crossing presents unique opportunity for
detection
•EURODAC search for professional asylum
seekers
•National uses against professional benefit
seekers
11
Distinguishing “Known”
from “Unknown”
•Relationship to terrorism?
–Most terrorists are “unknown”
–Lists of “known” terrorists may be highly
protected
–Even terrorists can become “registered travelers”
•Use of biometrics at the intersection of terrorism
with organized crime
–“Narco-terrorism”
–Illicit arms trade
–Professional asylum seekers
12
Conclusions
•Biometrics can distinguish between unknown and
unknown people
•Biometrics can indirectly point to other information
(which may or may not be correct, up to date, etc.)
–The connection to privacy
•Biometrics can be used to tighten border processes
–Border crossing represents a unique opportunity to search
for criminals
•Biometrics has only indirect application to terrorism
•Systems must account for the human factor