biometrics role in cybersecurity iasa · 2018-05-02 · biometrics application categories...
TRANSCRIPT
![Page 1: Biometrics role in cybersecurity IASA · 2018-05-02 · Biometrics Application Categories •Verification •One-to-one biometric identification to provide physical or logical accesconrol](https://reader035.vdocument.in/reader035/viewer/2022080718/5f78a236c462ce2d470fab4d/html5/thumbnails/1.jpg)
RoleofBiometricsinCybersecurity
SamYouness
![Page 2: Biometrics role in cybersecurity IASA · 2018-05-02 · Biometrics Application Categories •Verification •One-to-one biometric identification to provide physical or logical accesconrol](https://reader035.vdocument.in/reader035/viewer/2022080718/5f78a236c462ce2d470fab4d/html5/thumbnails/2.jpg)
Agenda
• Biometricsbasics• Howitworks• Biometricsapplicationsandarchitecture• Biometricdevices• BiometricsConsiderations• Theroadahead
![Page 3: Biometrics role in cybersecurity IASA · 2018-05-02 · Biometrics Application Categories •Verification •One-to-one biometric identification to provide physical or logical accesconrol](https://reader035.vdocument.in/reader035/viewer/2022080718/5f78a236c462ce2d470fab4d/html5/thumbnails/3.jpg)
TheBasics• Everydayweneedtoidentifyourselveswhenwedothingslike:• Useabankautomatictellermachine(PIN#)• Useapersonalorcorporatecomputingdevices• Entertheofficebyscanningabadge,punchingacode,orusingkey• Usepasswordstoaccessonlineservices(e.g.onlinebanking,Netflix,Amazon)• Usepasswordtoaccessouremail• Providepassportordriverslicenseasproofofidentity• Andmanymoreexamples
• Thereisanessentialneedtoaccuratelyidentifyanindividualtominimizethepossibilityofsecuritybreachesandthreats
![Page 4: Biometrics role in cybersecurity IASA · 2018-05-02 · Biometrics Application Categories •Verification •One-to-one biometric identification to provide physical or logical accesconrol](https://reader035.vdocument.in/reader035/viewer/2022080718/5f78a236c462ce2d470fab4d/html5/thumbnails/4.jpg)
WhyBiometrics?• Traditionalsecurityguards(passwords,pins,etc.)haveseriousissues• Securitykeys,suchas,IDcards,keys,etc.alsohavetheirissues,suchasgettinglost,copied,etc.• Isbiometricstheanswer?• Itispartofthepersonandnoteasilycompromisedthroughtheft,collusion,orloss• Simplifiesusermanagementleadingtocostsavings• Noneedtorememberpasswordsorpins• Useraccountscannotbeshared• Easytouse.
![Page 5: Biometrics role in cybersecurity IASA · 2018-05-02 · Biometrics Application Categories •Verification •One-to-one biometric identification to provide physical or logical accesconrol](https://reader035.vdocument.in/reader035/viewer/2022080718/5f78a236c462ce2d470fab4d/html5/thumbnails/5.jpg)
BiometricsModalities• Physiological(notlikelytochangeovertime):
• Fingerprints,Fingerlength• Iris/Retina• Facialimageandgeometry(2Dand3D)• Handgeometry• Veinpattern• DNA
• Behavioral(maychangeovertime):• Voice• Gait• Odor• Signature• Keystrokeandmousemovesdynamics
![Page 6: Biometrics role in cybersecurity IASA · 2018-05-02 · Biometrics Application Categories •Verification •One-to-one biometric identification to provide physical or logical accesconrol](https://reader035.vdocument.in/reader035/viewer/2022080718/5f78a236c462ce2d470fab4d/html5/thumbnails/6.jpg)
HowBiometricsWork
Enrollment
Biometricsample Distinguishedfeaturesofthesample
Digitaltemplateofthesample
Enrollment TemplateExtraction TemplateStorage
Biometricsample Distinguishedfeaturesofthesample
Digitaltemplateofthesample
LiveCapture
TemplateExtraction TemplateComparisonSearch/Match
ComparisonAlgorithm
MATCH NOMATCH
![Page 7: Biometrics role in cybersecurity IASA · 2018-05-02 · Biometrics Application Categories •Verification •One-to-one biometric identification to provide physical or logical accesconrol](https://reader035.vdocument.in/reader035/viewer/2022080718/5f78a236c462ce2d470fab4d/html5/thumbnails/7.jpg)
BiometricsProcessesSecureDevice
TrustedCo
mpu
ter
ImageCapture FeatureExtraction SecureStorage TemplateMatching
MATCH NOMATCH
![Page 8: Biometrics role in cybersecurity IASA · 2018-05-02 · Biometrics Application Categories •Verification •One-to-one biometric identification to provide physical or logical accesconrol](https://reader035.vdocument.in/reader035/viewer/2022080718/5f78a236c462ce2d470fab4d/html5/thumbnails/8.jpg)
BiometricSystemAccuracy
• ROC:receiveroperatingcharacteristic• FMR:falsematchrate• FNMR:falsenon-matchrate• Matchingthreshold– T• Higherquantitiesofdata(e.g.morefingerprints)andhigher-quality(highlyconsistent)samplesarerequiredforone-to-manysearchprocessesascomparedtoone-to-onematchingforverification.
![Page 9: Biometrics role in cybersecurity IASA · 2018-05-02 · Biometrics Application Categories •Verification •One-to-one biometric identification to provide physical or logical accesconrol](https://reader035.vdocument.in/reader035/viewer/2022080718/5f78a236c462ce2d470fab4d/html5/thumbnails/9.jpg)
BiometricsApplicationCategories• Verification
• One-to-onebiometricidentificationtoprovidephysicalorlogicalacces conrol• Comparesagainstatemplatestoredlocally(PC,smartphone,etc.)oronaserver• ActsasapasscodeorPIN
• Identification• One-to-manysearchtoassesswhetheranindividual’sbiometricsarepresentinadatabaseorgallerythatcontainsaverylargenumberofbiometricrecords
• Morecomputingintensive tohelpidentifyaperson• DuplicateChecking
• Matchingeachandeverytemplatetoalltemplatesinagallery• Determinesifindividualsarerepresentedmorethanonceinadatabase• Usedtodetectfraud– enrollmentinmultiplesocialbenefitsprograms,etc.
![Page 10: Biometrics role in cybersecurity IASA · 2018-05-02 · Biometrics Application Categories •Verification •One-to-one biometric identification to provide physical or logical accesconrol](https://reader035.vdocument.in/reader035/viewer/2022080718/5f78a236c462ce2d470fab4d/html5/thumbnails/10.jpg)
ExampleBiometricApplications• Verification• Logicalaccesstodevices(computer/networklogon)• Dumbterminals– clientserveraccess• Internete-commerce• Smartcardaccess
• Identification• Accesstofacility• Bordercontrolidentification
• DuplicateChecking• Frauddetection
![Page 11: Biometrics role in cybersecurity IASA · 2018-05-02 · Biometrics Application Categories •Verification •One-to-one biometric identification to provide physical or logical accesconrol](https://reader035.vdocument.in/reader035/viewer/2022080718/5f78a236c462ce2d470fab4d/html5/thumbnails/11.jpg)
DevicesandSensors• Mechanicalorelectronicsystemsthatareusedtoenrollandcapturerawbiometricsamplesinaformthatcanbedigitizedandconvertedintoadigitalbiometrictemplate• Examplesinclude:
• Fingerprintsensors:• Capacitivearebasedonsiliconchipsthatdetectelectriccurrentswhenthefingerridgesmakecontact.Theycanusefullfingerorswipetechniques
• Opticalsensorsuseprismlightsourceandlightsensor• Lightemittingandmultispectralsensors
• Digitalcameras– forfacialrecognition:• consumer- gradedigitalSLRs,pocketcameras,andwebcams• 60PPIarerequiredfor1:1matchingand90PPIfor1:nmatching• Consistencyisthemostimportantfactor
• Iriscameras– foririsrecognition:• Requiresaninfraredimageoftheiristooptimizetheimagecontrastsoastofacilitatemachinebasedanalysis.
• Off-the-shelfcamerasaren’tyetusedforirisimagecapture,andaspecialcameraisrequired• Microphones– forvoicerecognition:usedfor1:1identificationandconsistencyisveryimportantforthesescenarios
![Page 12: Biometrics role in cybersecurity IASA · 2018-05-02 · Biometrics Application Categories •Verification •One-to-one biometric identification to provide physical or logical accesconrol](https://reader035.vdocument.in/reader035/viewer/2022080718/5f78a236c462ce2d470fab4d/html5/thumbnails/12.jpg)
Standardization
• Buildingstandardswhichallbiometricsvendorsadheretoisstillachallengedespitetheworkofseveralnationalandinternationalorganizationsoverthepasttwodecades• Biometricstemplateextractionandcomparisonistypicallyproprietarytoeachvendor.Thispreventsusingaproductfromonecompanytocomparetemplatesgeneratedbyproductsfromanother.• OneexceptiontothisareMINEX-certifiedminutiae-basedfingerprinttemplategeneratorandmatchingalgorithms.Thiscategoryoftemplatesandmatchingalgorithmshasbeendeveloped,tested,andcertifiedbyNISTtobeinteroperablefor1:1verificationtobeusedoncompactcardsandtraveldocuments
![Page 13: Biometrics role in cybersecurity IASA · 2018-05-02 · Biometrics Application Categories •Verification •One-to-one biometric identification to provide physical or logical accesconrol](https://reader035.vdocument.in/reader035/viewer/2022080718/5f78a236c462ce2d470fab4d/html5/thumbnails/13.jpg)
BiometricsStandards• ISO/IECJTC1/SC37
• 119publishedISOstandards• 29standardsunderdevelopment• 29participatingmembers• 13observingmembers• Differentworkinggroupsaddressing:
• Strategy• Harmonizedvocabulary• Technicalinterfaces• Datainterchangeformats• Technicalimplementationsofbiometricsystems• Testingandreporting• Cross-jurisdictionalandsocietalaspectsofbiometrics
• NationalInstituteofStandardsandTechnology(NIST)• Researchonthevariousbiometricmodalities:fingerprint,face,iris,voice,DNA,andmultimodal
• Standardsdevelopmentatthenationalandinternationallevel• Technologytestingandevaluation,whichleadstoinnovation• NISTpartners:DOJ/FBI,DOD,DOS,IntelligenceCommunity
![Page 14: Biometrics role in cybersecurity IASA · 2018-05-02 · Biometrics Application Categories •Verification •One-to-one biometric identification to provide physical or logical accesconrol](https://reader035.vdocument.in/reader035/viewer/2022080718/5f78a236c462ce2d470fab4d/html5/thumbnails/14.jpg)
BiometricsConsiderations
• Cost• Security– obfuscationofbiometricsmayoccur• Privacy/intrusiveness• Sizeforstorage(imagesandtemplates)• Convenience• Speed• Accuracy• Connectivity&compatibility
![Page 15: Biometrics role in cybersecurity IASA · 2018-05-02 · Biometrics Application Categories •Verification •One-to-one biometric identification to provide physical or logical accesconrol](https://reader035.vdocument.in/reader035/viewer/2022080718/5f78a236c462ce2d470fab4d/html5/thumbnails/15.jpg)
Questions?
![Page 16: Biometrics role in cybersecurity IASA · 2018-05-02 · Biometrics Application Categories •Verification •One-to-one biometric identification to provide physical or logical accesconrol](https://reader035.vdocument.in/reader035/viewer/2022080718/5f78a236c462ce2d470fab4d/html5/thumbnails/16.jpg)
SamYounessSamisaseasonedprofessionalwithmorethan21yearsofdeepexperienceinbusinessandIT,includingarchitecturevisioncreationandbuildingindustry-widestrategiestoachievethatvision.Samhassuccessfullydeliveredalargenumberofarchitectures,solutionsandprojectstobetterenablecustomerbusiness. SamisfluentinbothlanguagesofbusinessandIT.Heisaresultdriventechnicalleaderwithapassionforexcellence.Heisarelationshipbuilderwithoutstandingcommunicationskills.Technicallymindedbutalwayscommerciallyaware.Samisanestablishedauthorandcontributorofseveralbooksandotherpublicationscoveringdifferenttopicsinareasofdatamanagement,programminglanguages,solutionbuilding,andsecurity.Heisakeynotespeakerinhighlevelindustryconferencesandenduserevents.