emerging biometric applications

Emerging BiometricApplications

Expectations and Reality(in 25 minutes or less!)

An Emerging Technology

What are Biometrics?

The term biometrics refers to a science involving the standard analysis of biological

characteristics.

A biometric is a unique, measurable characteristic or trait of a human being for automatically recognising or

verifying identity.

Who are you?

No, who are you, really???

Authentication Methods in Network & Internet Security

Something you areBiometrics Positive identificationNever lost or stolen

Something you knowPasswordsPINsMother’s maiden name

Something you haveATM cardSmart cardDigital certificate

BiometricsInnate

IrisRetinaEarFingerprintPalm / handFace (visual & heat)Skin detail / veinsDNA / Blood / Saliva / anti-bodiesHeart rhythmFootprintLips

BehavioralGait

Signature

Typing style

MixedVoice

Body odour

Why Biometrics?

“Biometric identification (e.g., fingerprints, face and voice) will emerge as the only way to truly authenticate an individual, which will become increasingly important as security

and privacy concerns grow.”

- Gartner Group 26th April 2000

How do Biometrics Work?Enrolment: Add a biometric identifier to a database

Fingerprint, Voice, Facial or Iris

Verification: Match against an enrolled record

Presentbiometric

Capture Process Store

Presentbiometric

Capture Process

Compare

Match

IDENTIFIED

No Match

DENIED

Fingerprint Image Identification

Randomness

Accuracy v. Affordability v. Acceptability

0

1

2

3

4

Accuracy >>

Aff

ord

ab

ility

>>

Courtesy, Veridicom Corp.

Benefits for the Consumer

Benefits of Biometrics

Biometrics link a particular event to a particular individual, not just to a password or token, which may be used by someone

other than the authorized user

Business Scenarios

The password problem

Remote access

Who is using our fee-based web-site?

Challenge-response tokens

Too many physical-access devices

Protecting the single-sign-on vault

The Password Problem

They’re either too easy or they’re written down somewhere!

Users forget them!

Help Desk has to sort out the mess!

The Password Problem

Write it Down

47 28 8 16

% of respondents

Never Occasionally Often Always

Source: CCH

The Password Problem

Resets per Year

4 62 29 5

% of respondents

Zero 1-2 3-6 > 6

Source: CCH

The Password Problem

Identifiable costsLost productivityFlow-on productivity lossesSupport teamManagement and infrastructure

US research - $340 per incident*

Anecdotal – some incidents over $AU10,000

*BioNetrix Corp - www.bionetrix.com/inserts.pdf

Choosing Technologies and Partners

Privacy Concerns and Ethics

Criminal stigma3rd party use of data

Sold or given for other than intended purposeProvided to law enforcementUnauthorized access

Identity theft“Tracking” of actions through biometricsReligious objections - “Mark of the Beast”

Australian Privacy Act

NPP 4 – Data Security

An organisation must take reasonable steps to protect the personal information it holds from misuse and loss and from unauthorised access, modification or disclosure.

Privacy Policy Recommendations

5 basic principlesNotice – disclose ALL data captured

Access –anyone can view their stored data

Correction Mechanism

Informed Consent – no 3rd-party involvement

Reliability & Safeguarding

Who would use Biometrics

Strong identification and authentication

Medium – high data security

Non-repudiation (I didn’t do it!)

Who would use Biometrics

The last metre

Fee-for-service web sites

e-Commerce transaction verification

Selecting Biometric Technologies

User / environment considerations

Technology factors

Technology ComparisonIris Face Finger Signature Voice

Accuracy Very HighMedium High High Medium

Ease of Use Medium Medium High High High

Barrier toAttack

Very High Medium High Medium Medium

UserAcceptability

Medium Medium Medium Very High High

Long TermStability

High Medium High Medium Medium

Interference ColouredContacts

Lighting Aging,Glasses,Hair

DrynessDirt,Age,Race

ChangingSignatures

Noise,Colds,Weather

Accuracy

False rejection rateMeasures how often an authorized user, who should be recognized by the system, is not recognized.I am not recognised as me!

False acceptance rateMeasures how often a non-authorized user, who should not be recognized by the system, is falsely recognized.You are pretending to be me!

Matching vs. Non-Matching Prints

Non-matchingprints

Matchingprints

MatchingThreshold

False non-matches False matches

d

Selecting a Biometric Solution

Who can help?

Your Vendor / Consultant

Existing relationship

Ability to integrate biometrics into existing platform

Ability to draw on other experience

Australian Biometric Testing Organisation

Recently incorporatedImpartial testerEducation sourceGovernment & industry funded

www.biomet.org/abtoabto@biomet.org

“Introduction to Biometrics” 1-day course August 30th

What problem are we solving?

If biometrics is the answer, what’s the question?

Evaluation Strategy

Define the requirements

Testing & trialing

Management buy-in

Internal champion (not the IT Manager)

Who is using it?

Connecticut Dept Social Welfare

Health Application

ABN-AMRO

What are some of the products?

Give Passwords the Finger!