BIOMETRIC AND NETWORK AUTHENTICATION - Openloop

utterlypanoramicSecurity

Nov 30, 2013 (3 years and 8 months ago)

63 views

BIOMETRICS AND NETWORK
AUTHENTICATION

Security Innovators

Identification Methods


Traditional identification


Something that you have


E
ntrance permit, key


Something that you know


U
ser
-
id and password, PIN


Problem
s


Unauthorized person takes control of these
traditional identification


Difficult to remember password and PIN

Secure Authentication


In a PKI world:


C
ryptographic key pair (private and public
key)


If someone gains access to the password
that secures the cryptographic keys, he
also gains access to every
cryptographically protected application.


Solution


Something that you are


Biometric

What is Biometrics?


Biometric technology uses a physical or
psychological trait for identification and
authentication


Key properties:


Universal
-

common characteristic


Unique
-

no two persons is the same in term of
characteristic


Permanent
-

time invariant


Collectable
-

quantitatively measurable


Why Biometrics?


Enhance security


"Who you claim to be"


NOT "what you know"


Convenient


F
ast, easy
-
to
-
use, reliable, and less expensive
authentication


Avoid



L
ost, stolen, duplicated, or left at home


F
orgotten, shared, or observed

How Does Biometrics Work?


Signal processing


Minutia extraction


Representation


Compression


Encryption


Transmission


Decryption


Decompress


Template generation

If Match…


Smart card data convert
ed

into a number


U
sed as a symmetric cryptographic key to decrypt
the private key


A nonce passed from the computer
application to smart card


Private key on smart card encrypted nonce.


The application verifies:


certified public key obtained from the network
-
based directory service


decrypt the encrypted message from the card

Types of Biometrics


Fingerprint


Face Pattern


Voice Pattern


Retina Identification


Hand


DNA


Signature


Etc…

Fingerprint


Reasons to use


100 to 600 bytes of data size can easily be fitted
into the smart cards


It cannot be easily reproduced from the templates


Possible Attack


Surgery to alter print


Latex finger


Solution


Monitor pulse, sweat, temperature and more


Best solution: Measure the amount of oxygenated
hemoglobin in the blood

Fingerprint Matching Algorithm


Three types of minutia features:


Ridge Ending, Bifurcation, and Short Ridge








mi = (type, xi, yi, θi, W)


where


mi is the minutia vector


type is the type of feature (ridge ending, bifurcation, short ridge)


xi is the x
-
coordinate of the location


yi is the y
-
coordinate of the location


θi is the angle of orientation of the minutia


W is a weight based on the quality of the image at that location

Face Pattern


Face recognition algorithms create a
numerical code from facial measurements
called “face print”


Possible Attack


Surgery


Artificial mask


If only 2
-
D scan,


duplication of photo


Protection


3
-
D images from varies


viewing angle

Retina Identification


B
ased on the unique configuration of
blood vessels 360 degree circular scan
in the retina


Most accurate


Possible attack


Surgery


prosthetic eye

Eye Scan


Voice Pattern


Automatic speaker recognition and
verification system


Possible attack


DAT voice recording


Sound
-
alike voice

How Biometrics Applies to
Network Security?


Authentication


Biometrics technology replace
Username and Password


Can be used on


Workstation and network access


Single sign
-
on


Application logon


Data Protection


Remote access to resources


Transaction security


Web security


Encrypt sensitive data transmitted over the internet


Biometric Authentication for
J2EE

Architecture


Issues and Concerns


Accuracy


False acceptance rate (FAR) and False Rejection
Rate (FRR)


Tradeoff between security and convenience


Stability


Suitability


Difficulty of usage


Availability


Comparison failure

Summary


Biometric is one more layer on top of

PIN, physical token
, and it makes them

more secure



Highest level of security is the
c
ombination of
:


Something you know


Something you have


Something you are

Reference


[1] David Corcoran, "Smart Cards and Biometrics:
Your Key to PKI”



[
2] Paul Reid, “Biometrics for Network Security,”
Prentice Hall PTR, December 30, 2003.


[3] “Smart Cards and Biometrics in Privacy
-
Sensitive
Secure Personal Identification Systems,” A Smart
Card Alliance White Paper, May 2002.


[4] Anil Jain, “BIOMETRICS Personal Identification in
Networked Society,” Kluwer Academic Publishers,
2002