BIOMETRICS - UL.com

nauseatingcynicalSecurity

Feb 22, 2014 (3 years and 4 months ago)

234 views

Biometrics
ul.com/newscience
new science
trANsActioN secUritY
cAse sTuDY
SPRING 2013
2
2
NEW SCIENCE TRANSACTION SECURITY
new science
trANsActioN secUritY
oVeRView
Technological advances in payments, mobile commerce and identity
management are rapidly transforming Transaction Security. While these
innovations enhance convenience, speed and security, they have also
created new risks related to reliability, interoperability and cybercrime.
Consumers, merchants, third-party processors, wireless carriers, financial
institutions and governments all are affected.

Through New Science, UL is working with customers across the industry,
conducting state-of-the-art experiments; analyzing and assessing
the security, functionality and interoperability of new and existing
technologies; and enhancing implementation processes and developing
unique migration architectures to help transition disparate systems to
a new platform.
3
UL was brought in by Natural Security to help ensure the functionality and security
of their entire biometric payment system. UL worked with Natural Security for three
years, developing and implementing a validation plan that covered every aspect of the
technology, including the payment device and the biometric terminal.
UL was responsible for test specification and implementation for the system’s wireless
technology. Specifically, we designed and developed the radio frequency (RF) protocol
test specifications.
5
UL specified and tested functionalities in a many-to-many context
to identify any performance issues that arose when the different aspects of each
Driven by a variety of concerns, including identity theft and violence, it is projected
that the global biometrics industry will expand by 140 percent in five years — from
$5 billion in 2011 to $12 billion by 2015.
1
A separate report from Global Industry Analysts
forecasts additional global biometrics industry growth to $16.7 billion by 2017.
2
The
report shows that the U.S. is the largest market for biometrics, with strong industry
growth in Asia Pacific as well.
Using fingerprint or facial scans and iris or voice recognition to identify users,
biometrics is an authentication method that converts biometric data (a fingerprint
scan or iris pattern) into digital information that can be interpreted and verified by
a computer. Since it is more difficult for a hacker to gain access to a person’s biometric
data and it is unlikely that a user will misplace or misuse his or her own biometric data,
this form of technology provides a greater level of assurance than do other methods
of identification.
3
Widely acknowledged as the most secure of the security technologies, biometric
technology is relevant to a number of industries and applications. Specific to
payment transactions, biometrics promises to enhance convenience and speed at
the point of sale. A biometric system that couples an innovative wireless technology
with fingerprint authentication can cut the time to process a payment transaction by
more than half. The combination of wireless technology and biometry offers excellent
performance together with increased security.
4

context
What did UL do?
Biometrics is an authentication
method that converts biometric
data (a fingerprint scan or iris
pattern) into digital information
that can be interpreted and
verified by a computer.
NEW SCIENCE TRANSACTION SECURITY / BiomeTRics
Biometrics represents one of the most advanced security technologies available
today. Given the depth of concerns about safety, privacy and security around the
world, this technology can play a large role in both convenience and peace of mind. By
helping Natural Security, a French biometrics technology company, make its biometrics
solution market-ready, UL is at the forefront, facilitating the advancement of security.
WhY BioMetRicS MatteRS
4
NEW SCIENCE TRANSACTION SECURITY / BiomeTRics
With the help of UL and other partners, Natural Security has a commercially
viable technology solution available today. This technology enables both payment
and nonpayment transactions to be reliably authenticated and securely controlled
across many different environments, including in store, at home, at work or online.
7
iMPact
element in the system interacted with each other. We also tested and analyzed data
related to potential interference with device functionality from identical wireless
technology (i.e., Zigbee versus Zigbee) and from other wireless technologies operating
in the same frequency band (e.g., Zigbee versus Bluetooth or WiFi). With insight from
its testing, UL was able to provide advice to enhance Natural Security’s biometric
payment technologies.
6
UL assessed the human health impact of the system, analyzing the RF performance
of the payment device in close proximity to the body. We defined specific absorption
rate (SAR) procedures for device radiation in compliance with existing standards and
provided solutions to improve system safeguards.
With our state-of-the-art measurement equipment, UL tested the system for EMV
(Chip and Pin smart card technology) compliance, based on a variety of ISO7816 usages.
Our testing also covered a nonstandard use of ISO7816 based on our knowledge of
EMV interface modules.
For the system’s proprietary applications, UL defined and implemented a functional
test strategy based on experience accumulated on existing methodology (e.g., Visa,
EMVCo). We tested the terminal, the wireless access device (WAD) and wireless
payment device (WPD) to determine their compliance with the specification. We also
examined the complex system functionality based on how the multiple applications
that are part of the system would interact.
Last, as an accredited security laboratory for EMVCo, PCI PTS and Common Criteria,
UL was responsible for a comprehensive security analysis of the payment device
and the biometric reader. The aim was to assess the system assets with regard to
advanced attack techniques, taking into account the impact of the system relative
to the convergence of wireless, biometry and multiple applications. We examined the
system’s wireless and biometric features in order to preserve its privacy, confidentiality,
integrity and strong authentication characteristics. Following industry best practices,
the vulnerability analyses for both the WPD and the wireless biometric intelligent
reader (WBIR) were conducted. This enabled us to identify threats to system security
and define security requirements. From this analysis, security testing was executed
using cutting-edge techniques to assess the security of real devices promoted by
Natural Security. This included laser testing, cryptographic analyses and logical
techniques.
5
JoURnaL iSSUe 1
VULNERABILITY ANALYSIS
BRAND TEST TOOL
SMARTWAVE BOx
TSM TEST SUITE

caSe StUdieS

BIOMETRICS
NFC IMPLEMENTATION MODEL

SoURceS
tRanSaction SecURitY JoURnaLS and caSe StUdieS
NEW SCIENCE TRANSACTION SECURITY / BiomeTRics
1
“Biometrics Market Expected to Hit $12 billion in 2015,” Homeland
Security News Wire, 18 Jan. 2011. Web: 12 Mar. 2013. http://www.
homelandsecuritynewswire.com/biometrics-market-expected-hit-12-
billion-2015-0.
2
“Strong Growth in Biometrics Industry Projected,” Homeland Security News
Wire, 17 Nov. 2011. Web: 12 Mar. 2013. http://www.homelandsecuritynewswire.
com/strong-growth-biometrics-industry-projected.
3
“Biometric Authentication Know-How: Devices, Systems and Implementation,”
SearchSecurity, 2013. Web: 12 Mar. 2013. http://searchsecurity.techtarget.
com/tip/Biometric-authentication-know-how-Devices-systems-and-
implementation.
4
Interview with Hugues Thiebeauld, UK Security Laboratory Manager at UL, 7
Mar. 2013.
5
Thiebeauld, H., “RFI’s Consultancy in the Convergent Technologies,” RFI Global
Presentation, 1 Nov. 2010.
6
Thiebeauld, H., “RFI’s Consultancy in the Convergent Technologies,” RFI Global
Presentation, 1 Nov. 2010.
7
Natural Security, Web: 12 Mar. 2013. http://www.naturalsecurity.com/about.
SOLAR
ENERGY
NEWSCIENCE@UL.COM
+1 847.664.2040
New Science Transaction Security cannot be copied, reproduced,
distributed or displayed without UL’s express written permission. V.26.
UL and the UL logo are trademarks of UL LLC © 2013
Visit us on

ul.com/newscience

To learn more, explore the New Science of Indoor Air Quality,
Transaction Security, Sustainable Energy and Fire Safety.
Watch our videos, read our journals, articles and case studies,
scroll through our galleries and meet our experts.