computer security
Post on 19-Jan-2016
48 Views
Preview:
DESCRIPTION
TRANSCRIPT
Computer SecurityBiometric
authenticationBased on a talk by Dr J.J. Atick, Identix, “Biometrics in the Decade of Security”, CNSS 2003
Biometric authentication
Framework for security
Trust
Identification
Biometricsfingerprints
face iris
Biometric authentication
Framework for security
Physical or logical access should be based on trusted gated actions
Biometric authentication
Biometrics are uniquely qualified for this purpose:• Individual uniqueness• universality• accuracy• easiness• permanence• non-intrusiveness• cannot be lost, forgotten, stolen
Biometric authentication
Fingerprints• Image• Minutiaes• Fingerprint
– based on irregularities (minutiae)
Biometric authentication
Face recognition• Image• Nodal points• Face print
– based on facial skin irregularities (the skull is 3-dimensional, the kin is 2-dimensional)
Biometric authentication
Iris recognition• Image• Iris pattern• Iris-print
Finger-scan
Facial-scan
Middleware
Hand-scan
Iris -scan
Voice-scan
Signature-scan
Keys troke-scan
Biometric Market
Market EvolutionGovernment• Law enforcement• Federal Agencies• DoD• National ID Programs
Regulated Industries• POS• Financial Healthcare • Transportation
• Commercial• E-commerce• Transactions
Common Access Card
DoD Common Access Card
• Biometric Smart Card to enable trusted identity throughout the enterprise
• Logical and physical access• Evaluating fingerprint biometrics for military ID cards• Already half way through (expected roll-out by 2005)
Enhanced Border Security
Entry/Exit Program• Protect, control & monitor access & entry into US• Background check on visa applications• Finger & face opportunity
Visa reform• Ability to check on visa applicants• Biometric smartcard as new visa
Worldwide reverberations
International ID Programs
Several Foreign countries are in the process
of implementing national ID programs
• Fingerprint, facial and iris biometrics for national ID cards
• Fingerprint biometrics for national healthcare programs
• Fingerprint biometrics for passports
Platform for security
• Enrollment & Registration• Qualification• Requirements of Trust• Biometric Identification
– Only: finger, face, iris
• Secure Credential Issuance• Access
– Physical, logical
• Surveillance
Platform for security
• Enrollment & Registration• Qualification• Requirements of Trust• Biometric Identification
– Only: finger, face, iris
• Secure Credential Issuance• Access
– Physical, logical
• Surveillance
Enrollment & Registration
• Critical step, could be costly if not done properly• Data must be in vendor independent
formats– Standard formats: e.g.ANSI/NIST-ITL 1-2000
• Data can be very valuable
Qualification
Answer two questions• Is the identity unique?• Can it be granted trusted status
Requires• Search in a registration database• Submission to watch list & criminal
database
Requirements of Trust
• State mandates– Healthcare, school workers, banking state
employees insurance
• Federal Mandates– Transportation workers
• Airlines, airports
– Postal workers– Government employees– Visa applicants, trusted travelers
• Passport and National IDs• Corporate enterprise
Biometric Identification
Only finger, face, iris
• Finger & face have unique position because of existing databases
• Finger requires live scan 10 print rolled fingers
• Major breakthroughs in imaging make it easier to capture high quality prints– Quicker turnaround– Low rejection & rechecks
Facial for Identification
• In many cases face is only available only finger, face, iris
• Performance– Rank 1 identification – 80%– Compare with single finger 90% (db size
10,000) NIST & FRVT2002
• Not perfect yet delivers significant value
• Improving performance
Secure Credential Issuance
Impedes tampering & forging.
1. Badging screened applicant2. Smartcard
1. On Chip• Credentials, PKI certificate, Applications
2. Secure Markings3. Photo4. Color Coding5. Basic info: name, exp date, signature, etc6. Magnetic stripe and/or Barcode data
Access
• Physical access– Buildings, offices, Safe Deposit
boxes, Parking lots, etc
• Logical access– Authentication, Authorization,
Internet, WAN, LAN, Wireless, etc
• Universal access– Home, office, any location, travel,
etc
Detection
• Watch lists: facial & fingerprint databases
• Biometrics can be used to detect in real time individuals on the watch list– On demand screening– Checkpoint surveillance
Detection: on demand screening
• Fingerprint systems for INS enforcement– border checks
• Mobile identification – IBIS (Identification Based Information Systems)
• Travel document screening
Mobile identification -IBIS
Mobile PDAs with finger sensors & Cameras.Access to
– Secure wireless communication
ID Document surveillance
• Travel documents readers• Watch list alarm• Use standard existing travel
documents• Creates manifest
Checkpoint surveillance
• Security tool just like metal detectors & luggage scanners
• Ensures that each face passing through a checkpoint is checked against the watch-list database.
ID Document surveillance
• Travel documents readers• Watchlist alarm• Use standard existing travel
documents• Creates manifest
Biometric smartcards –the trust triangle
Discuss SecurityIssues
Smartcard - PK, certificate - SK - Else???
User- Password ???- Smartcard
Reader
Application
top related