identity management: dealing with disclosure
DESCRIPTION
Identity Management: Dealing with Disclosure. “constructing identity management solutions that are provably appropriate for a particular context". Latanya Sweeney, PhD. [email protected]. Privacy Technology. Privacy is here to stay. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/1.jpg)
Identity Management: Dealing with Disclosure
Latanya Sweeney, PhD
privacy.cs.cmu.edu [email protected]
“constructing identity management solutions that are provably appropriate for a particular context"
![Page 2: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/2.jpg)
1.Privacy is here to stay.2.Computer scientist must help solve this problem.3.Selective Revelation4.Example: video surveillance5.Example: bio-terrorism surveillance6.Example: identity theft7.Example: distributed surveillance8.Example: privacy-preserving surveillance 9.Example: DNA privacy10.Example: Identity theft protections11.Example: k-Anonymity12.Example: Webcam surveillance13.Example: Text de-identification14.Example: Policy specification and enforcement15.Example: Scam Spam
Privacy Technology
privacy.cs.cmu.edu
![Page 3: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/3.jpg)
1.Privacy is here to stay.2.Computer scientist must help solve this problem.3.Selective Revelation4.Example: video surveillance5.Example: bio-terrorism surveillance6.Example: identity theft7.Example: distributed surveillance8.Example: privacy-preserving surveillance 9.Example: DNA privacy10.Example: Identity theft protections11.Example: k-Anonymity12.Example: Webcam surveillance13.Example: Text de-identification14.Example: Policy specification and enforcement15.Example: Scam Spam
Privacy Technology
privacy.cs.cmu.edu
6. Example: Identity theft
10. Example: Identity theft protections
![Page 4: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/4.jpg)
HandShot ID A Fast 3-D Imaging
System for Capturing
Fingerprints, Palm Prints and Hand Geometry
Latanya Sweeney, PhDSchool of Computer ScienceCarnegie Mellon [email protected]
Victor Weedn, MD, JDForensic Science ProgramDuquesne [email protected]
Very Grateful to the U.S. Department of Justice for the opportunity to build HandShot and study the science of fingerprint matching.
new
privacy.cs.cmu.edu/dataprivacy/projects/handshot/index.html
![Page 5: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/5.jpg)
How should policy makers think about drafting policy for RFID technologies?
Testimony European Union Commission
privacy.cs.cmu.edu
1. Cornerstones of privacy protection can be incorporated within many ubiquitous technology applications to provide privacy protection.
2. Focus policy at the general nature of ubiquitous technology and not on specific instances or uses of specific technologies.
new
![Page 6: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/6.jpg)
Acknowledgements
Special thanks to
Mike GurskiRichard OwensPasha Peroff
for inviting me to this outstanding conference. I am always extremely honored to be here.
![Page 7: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/7.jpg)
Addressed in This Talk
privacy.cs.cmu.edu/dataprivacy/talks/CACR-05-11.html
This talk will examine the nature of identity management problems and examine roles biometrics can play along with accompanying policy or additional technology. An integrated solution (“identity phone”) will be presented as a working example.
![Page 8: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/8.jpg)
1. Identity Management Problems2. Biometric Technologies3. Applying Biometrics to Problems4 Identity Phone Example
This Talk
privacy.cs.cmu.edu
![Page 9: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/9.jpg)
1. Identity Management ProblemsExamine identity theft in terms of the
acquisition of fraudulent credit cards and related issues to the U.S. Social Security number. [Identity Angel* & SSNwatch Projects]
2. Biometric Technologies3. Applying Biometrics to Problems4. Identity Phone Example
This Talk
* Recently on CBS News
![Page 10: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/10.jpg)
Historical Highlights of the SSN• 1935 Social Security Act SSNs only to be used for the social security program.
• 1943 Executive Order 9397 Required federal agencies to use SSNs in new record systems
• 1961 IRS began using SSN As taxpayer identification number
• 1974 Privacy Act Government agencies use of SSN required authorization and disclosures (exempt agencies already using SSN)
• 1976 Tax Reform Act Granted authority to State and local governments to use SSNs: state and local taxes, motor vehicle agencies
•Over 400 million different numbers have been issued. Source: Social Security Administration, http://www.ssa.gov/history/hfaq.html
![Page 11: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/11.jpg)
Non-Government Uses of SSN•Corporate use of the SSN is not bound by the laws.
You can request an alternative number. You can refuse to provide, they can refuse service.
• Most common non-government use relates to credit bureaus and credit granting companies:
Recognition – to locate your credit history for sharing it with you or with others with whom you sought credit.
Linkage – to make sure new entries are added to your credit report.
•Common uses until recently are for corporate identificationExample: medical and school identification cards
![Page 12: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/12.jpg)
Quality of the SSN Assignment
Ability to acquire the number and use it falsely grows as more copies of the number are stored for different purposes.
A Social Security number is almost always specific to one person and one person typically has a unique SSN. There are exceptions.
![Page 13: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/13.jpg)
Unusual case of SSN 078-05-1120 Used by thousands of People!
In 1938, a wallet manufacturer provided a sample SSN card, inserted in each new wallet.
The company’s Vice President used the actual SSN of his secretary, Mrs. Hilda Schrader Whitcher.
The wallet was sold by Woolworth and other stores. It had "specimen" written across the face, but many purchasers of the wallet adopted the SSN as their own. SSA voided the number. (Mrs. Whitcher was given a new number.) In total, over 40,000 people reported this as their SSN. As late as 1977, 12 people were still using it.
Source: Social Security Administration, http://www.ssa.gov/history/ssn/misused.html
![Page 14: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/14.jpg)
Social Security Number Summary
SSNs are used to represent a person:easy to replicate, easy to provide in-person and remotelyeasy to store and match
BUT not verifiable when presentedeasily forgedencoded, thereby leaking information
![Page 15: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/15.jpg)
SSNwatch On-line SSN validation
system. Given the first 3 or 5 digits of an SSN, returns the state in which the SSN was issued along with an estimated age range of the person.
privacy.cs.cmu.edu/dataprivacy/projects/ssnwatch/index.html
Sample uses:Job Applications Apartment Rentals Insurance Claims Student Applications
![Page 16: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/16.jpg)
SSNwatch Results for SSN 078-05-
Geography New York Date of issuance Issued before 1993 Year of Birth (5-digit prefix)
64% born 1889 to 1910 98% born 1879 to 1921
If the person presenting the SSN is about age 20, then it is extremely unlikely that the provided SSN was issued to that person.
![Page 17: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/17.jpg)
SSNwatch Results for SSN 078-05-
Geography New York Date of issuance Issued before 1993 Year of Birth (5-digit prefix)
64% born 1889 to 1910 98% born 1879 to 1921
If the person presenting the SSN fails to list or acknowledge New York as a prior residence, then it is extremely unlikely that the provided SSN was issued to that person.
![Page 18: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/18.jpg)
What is Identity Theft?
Identity theftIdentity theft occurs when a person uses another person’s personally-identifying information such as name, Social Security number, credit card number or other explicitly identifying information, without permission to commit fraud or other crimes.
Source: Federal Trade Commission, http://www.consumer.gov/idtheft/
![Page 19: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/19.jpg)
Problems Posed by Identity Theft
Identity theft is a serious crime.
People whose identities have been stolen can spend months or years - and their hard-earned money - cleaning up the mess thieves have made of their good name and credit record.
Victims may lose job opportunities, be refused loans, education, housing or cars, or even get arrested for crimes they didn't commit.
Source: Federal Trade Commission, http://www.consumer.gov/idtheft/
![Page 20: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/20.jpg)
Federal Trade Commission Report: Overview of the Identity Theft Program, Oct 1998 – Sep 2003
![Page 21: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/21.jpg)
Federal Trade Commission Report: Victim Complaint Data
![Page 22: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/22.jpg)
Federal Trade Commission Report: Victim Complaint Data
More than 40% involve
credit card fraud!
![Page 23: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/23.jpg)
Federal Trade Commission Report: Victim Complaint Data
![Page 24: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/24.jpg)
Federal Trade Commission Report: Victim Complaint Data
More than half are young adults, who are mobile and active on the web!
![Page 25: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/25.jpg)
Identity Angel Project
Is there sufficient information freely available on-line to obtain fraudulent credit cards?
Thousands of Americans are at risk to identity theft immediately!
Can be done with little technical knowledge!
![Page 26: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/26.jpg)
Student application
Basic information and School Information
![Page 27: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/27.jpg)
Basic Information Necessary For a Credit Card Application
• Name• Social Security number• Address• Date of birth• Mother’s maiden name
Strategy: if one can identify these fields for a person, they have the basic information needed to acquire a credit card in that person’s name.
![Page 28: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/28.jpg)
Basic Information Necessary For a Credit Card Application
• Name• Social Security number• Address• Date of birth• Mother’s maiden name
Strategy: if one can identify these fields for a person, they have the basic information needed to acquire a credit card in that person’s name. Therefore, we need only demonstrate how this information can be obtained on-line.
Do these first.
![Page 29: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/29.jpg)
One Approach is to Buy an SSN
There are websites that advertise SSNs for sale.
The California-based Foundation for Taxpayer and Consumer Rights said for $26 each it was able to purchase the Social Security numbers and home addresses for Tenet, Ashcroft and other top Bush administration officials, including Karl Rove, the president's chief political adviser. [Associated Press, “Social Security numbers sold on Web” 8/28/2003]
![Page 30: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/30.jpg)
Google: resume ssn site:.edu 1
[DOC]RESUMEFile Format: Microsoft Word 2000 - View as HTMLRESUME. RICHARD ALLEN BROWN. Richard Allen Brown. PO Box 782. Kayenta, AZ 86033.Home Telephone-520-697-3513. NAU Telephone-520-523-4099. DOB: 03-10-77. SSN: 527-71 ... dana.ucc.nau.edu/~rab39/RAB%20Resume.doc
Many found. One is shown above. But the actual resumes are amidst lots of non-resume pages!
![Page 31: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/31.jpg)
Google: resume ssn site:.edu 2
resume... 2843. DOB: 10-10-48 New Britain, CT 06050-4010. F: (860) 832-3753.SSN: 461-84-8245 H: (203) 740-7255 C: (203) 561-8674. Education. Ph. ... www.math.ccsu.edu/vaden-goad/resume.htm
A second example.
![Page 32: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/32.jpg)
Google: resume ssn site:.edu 3
Scot Lytle's ResumeScot Patrick Lytle. Home: (301)-249-5330 2116 Blaz Court School: (410)-455-1662Upper Marlboro, MD 20772 SSN: 578-90-8915 OBJECTIVE. ... userpages.umbc.edu/~slytle1/resume.html
We emailed warnings to these people that this is not a good practice!
One claimed to have been the victim of a identity theft recently.
![Page 33: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/33.jpg)
Job Banks are On-line with Resumes Listing {SSN, name, address}
... Welcome to Maryland's Job Bank! ... Are You Looking For Dream Job. ... Search for jobs nationwide,and by creating a resume, thousands of employers across the nation ... www.ajb.dni.us/md/ - 29k
NationalJobBank.com - Post your jobs or resume for FREE!... The National Job Bank is a web-site developed specifically for job seekers, employers ... Weencourage you to post your resume, post a job listing or contact ... www.nationaljobbank.com/ - 16k - Sep 9, 2003
![Page 34: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/34.jpg)
Basic Information Necessary For a Credit Card Application
• Name• Social Security number• Address• Date of birth• Mother’s maiden name
Strategy: if one can identify these fields for a person, they have the basic information needed to acquire a credit card in that person’s name. Therefore, we need only demonstrate how this information can be obtained on-line.
Done.
Next...
![Page 35: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/35.jpg)
Google: resume ssn site:.edu 1
[DOC]RESUMEFile Format: Microsoft Word 2000 - View as HTMLRESUME. RICHARD ALLEN BROWN. Richard Allen Brown. PO Box 782. Kayenta, AZ 86033.Home Telephone-520-697-3513. NAU Telephone-520-523-4099. DOB: 03-10-77. SSN: 527-71 ... dana.ucc.nau.edu/~rab39/RAB%20Resume.doc
This on-line resume, located earlier, actually listed date of birth too!
![Page 36: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/36.jpg)
Google: resume ssn site:.edu 2
resume... 2843. DOB: 10-10-48 New Britain, CT 06050-4010. F: (860) 832-3753.SSN: 461-84-8245 H: (203) 740-7255 C: (203) 561-8674. Education. Ph. ... www.math.ccsu.edu/vaden-goad/resume.htm
This on-line resume, found earlier, also listed date of birth!
![Page 37: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/37.jpg)
Google: resume ssn site:.edu 3
Scot Lytle's ResumeScot Patrick Lytle. Home: (301)-249-5330 2116 Blaz Court School: (410)-455-1662Upper Marlboro, MD 20772 SSN: 578-90-8915 OBJECTIVE. ... userpages.umbc.edu/~slytle1/resume.html
The third resume did not have his DOB listed.
![Page 38: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/38.jpg)
anybirthday.com given a name, provides a
birthday
Had several hits matching name, but only one in his ZIP.
![Page 39: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/39.jpg)
Finding Dates of Birth
Anybirthday.com tends to have information on people over the age of 30. Younger people are often not included.
Many other population registers can be used, such as voter lists. Anybirthday.com is not he only source!
![Page 40: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/40.jpg)
Basic Information Necessary For a Credit Card Application
• Name• Social Security number• Address• Date of birth• Mother’s maiden name
Strategy: if one can identify these fields for a person, they have the basic information needed to acquire a credit card in that person’s name. Therefore, we need only demonstrate how this information can be obtained on-line.
Done.
Done.
Next...
![Page 41: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/41.jpg)
Publicly Available Birth Records
Not all states, but many consider birth records, the kind of information included on a person’s birth certificate in the United States, as publicly available information.
A few states have gone further to provide this information on-line.
In the United States, birth certificate information tends to include the mother’s maiden name!
![Page 42: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/42.jpg)
California on-line Birth Records
Results of search on ‘Jones’
Source: http://www.vitalsearch-ca.com/gen/_nonmembers/ca/_vitals/cabirths-nopsm.htm
![Page 43: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/43.jpg)
Basic Information Necessary For a Credit Card Application
• Name• Social Security number• Address• Date of birth• Mother’s maiden name
Strategy: if one can identify these fields for a person, they have the basic information needed to acquire a credit card in that person’s name. Therefore, we need only demonstrate how this information can be obtained on-line.
Done.
Done.
Done.
![Page 44: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/44.jpg)
Resulting Concern
• Name• Social Security number• Address• Date of birth• Mother’s maiden name
Thousands of people are at risk!
Even if this is not the current means accounting for the bulk of fraud related to new credit card accounts, this is clearly a very serious and growing threat!
Done.
Done.
Done.
![Page 45: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/45.jpg)
Identity Angel –resumes
1. Locate on-line resumes (using Filtered Searching)
2. Extract sensitive values (using regular expressions)
3. Email subjects about their risks
L. Sweeney. AI Technologies to Defeat Identity Theft Vulnerabilities. AAAI Spring Symposium on AI Technologies for Homeland Security, 2005. (Updated version appearing in IEEE journal next month.) http://privacy.cs.cmu.edu/dataprivacy/projects/idangel/index.html
![Page 46: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/46.jpg)
Identity Angel –resume findings
1000 resume hits on Google using fliteredSearch, revealed 150 resumes, of which 140 (or 93%) had complete 9-digit SSNs.
10 resumes had partial, invalid, or some other country’s SSN.
L. Sweeney. AI Technologies to Defeat Identity Theft Vulnerabilities. AAAI Spring Symposium on AI Technologies for Homeland Security, 2005. http://privacy.cs.cmu.edu/dataprivacy/projects/idangel/index.html
![Page 47: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/47.jpg)
Identity Angel –resume findings
In terms of combinations: 104 (or 69%) resumes had {SSN, DOB};
105 (or 70%) had {SSN, email},
76 (or 51%) had {SSN, DOB, email}.
L. Sweeney. AI Technologies to Defeat Identity Theft Vulnerabilities. AAAI Spring Symposium on AI Technologies for Homeland Security, 2005. http://privacy.cs.cmu.edu/dataprivacy/projects/idangel/index.html
![Page 48: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/48.jpg)
Identity Angel –resume findings
A single email message was sent to each of the 105 people having {SSN, email} alerting them to the risk. Within a month, 42 (or 55% of all of DBB) no longer had the information publicly available.A year later, 102 (or 68% of all of DBA) no longer had the information available. ``
L. Sweeney. AI Technologies to Defeat Identity Theft Vulnerabilities. AAAI Spring Symposium on AI Technologies for Homeland Security, 2005. http://privacy.cs.cmu.edu/dataprivacy/projects/idangel/index.html
![Page 49: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/49.jpg)
Credit Card Transactions
At issuance, credentials not verifiable
During use,not verifiable with remote useinadvertent copies of information
Person-specific criteria weak:signature (picture or other) matching card possession
![Page 50: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/50.jpg)
Credit Card Transactions
At issuance, credentials not verifiable
During use,not verifiable with remote useinadvertent copies of information
Person-specific criteria weak:signature (picture or other) matching card possession
Traditional: credit card application is issued, but the recipient may not be the correct person. The model assumes the recipient is the only person with knowledge of {name, address, SSN, DOB}
![Page 51: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/51.jpg)
Credit Card Transactions
At issuance, credentials not verifiable
During use,not verifiable with remote useinadvertent copies of information
Person-specific criteria weak:signature (picture or other) matching card possession
Traditional: credit card use over Web does not verify recipient. Assumes limited access to card number, expiration date, etc. Assumes address for receipt of goods.
![Page 52: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/52.jpg)
Credit Card Transactions
At issuance, credentials not verifiable
During use,not verifiable with remote useinadvertent copies of information
Person-specific criteria weak:signature (picture or other) matching card possession
Traditional: copies of relevant information for use can be copied and impersonated.
![Page 53: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/53.jpg)
Credit Card Transactions
At issuance, credentials not verifiable
During use,not verifiable with remote useinadvertent copies of information
Person-specific criteria weak:signature (picture or other) matching card possession
Traditional: assumes non-experts can easily identify signature forgeries. Attention to even pictures is weak.
![Page 54: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/54.jpg)
Credit Card Transactions
At issuance, credentials not verifiable
During use,not verifiable with remote useinadvertent copies of information
Person-specific criteria weak:signature (picture or other) matching card possession
Traditional: assumes card holder is in complete control of the card and its information.
![Page 55: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/55.jpg)
Travel Documents
At issuance, credentials not verifiable
During secondary use,inadvertent copies of information
Person-specific criteria weak:signature (picture or other) matching card possession
![Page 56: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/56.jpg)
1.Identity Management Problems2. Biometric Technologies3. Applying Biometrics to Problems4. Identity Phone Example
This Talk
privacy.cs.cmu.edu
![Page 57: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/57.jpg)
PL 107-56 SEC. 403 c)S. 1749 [Patriot Act]
The Attorney General and the Secretary of State jointly, through the National Institute of Standards and Technology (NIST), ….shall develop and certify a technology standard that can be used to verify the identity of persons applying for a US visa or such persons seeking to enter the US pursuant to a visa for the purposes of conducting background checks, confirming identity, and ensuring that a person has not received a visa under a different name…..
![Page 58: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/58.jpg)
Biometrics
Primary goal of biometrics is usually authentication
Fingerprints
Iris scans
DNA
Voice
Palm print
Face
RFID Implant
Retinal scans
Hand geometry
Behavioral
Keyboard typing
SignatureA biometric is a measurement of the person that is specific to the person.
new
![Page 59: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/59.jpg)
Iris Scanning
Iris and retina scans are the most accurate of all biometric techniques and, currently, the most costly.
Iris scans analyze the features that exist in the colored tissue surrounding the pupil which has more than 200 points that can be used for comparison, including rings, furrows and freckles.
The scans use a regular video camera style and can be done from even 2 feet away.
![Page 60: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/60.jpg)
Retinal Scanning
Retinal scanning analyses the blood vessels located at the back of the eye, reading its 400 unique points.
A person steps in front of a device, keeping head perfectly still. Takes about 12 seconds.
Disadvantage: retina can become diseased (cataracts), be fairly close to the machine
![Page 61: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/61.jpg)
Hand Geometry
Hands are not so unique, but one can use finger length, thickness, and curvature for the purposes of verification but not for identification.
Lab last term! Measurements from traces.
Source: Arun Ross, Anil Jain and Sharat Pankanti, biometrics.cse.msu.edu/hand_proto.html
![Page 62: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/62.jpg)
Vein Recognition in Hand
Verify a person’s identity by recognizing patterns of blood vessels in the palm.
Source: Fujitsu, http://vn.fujitsu.com/news/BioAuTech.pdf
![Page 63: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/63.jpg)
RFID
• Radio-frequency ID• Passive RFID: device with no battery that
draws power from a radio-frequency field• Power drives a processor that can
communicate back to a reader• Used for product identification, payment
cards, animal tracking• First use: Identification friend or foe (IFF) in
WWII
Courtesy: Michael Shamos
![Page 64: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/64.jpg)
Shoplifting Tag
No data is sent. Onlypresence is detected
Courtesy: Michael Shamos
![Page 65: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/65.jpg)
How RFID Works• Tag enters RF field• RF signal powers tag• Tag transmits ID, plus data• Reader captures data• Reader sends data to
computer• Computer determines action• Computer instructs reader• Reader transmits data to tag
RFIDReader
Antenna
Computer
Tag
SOURCE: PHILIPS
Courtesy: Michael Shamos
![Page 66: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/66.jpg)
Hitachi -chip
• 0.4 mm square• 128-bit storage• Range: 1 foot• Embedded antenna• Small enough to put in currency
Courtesy: Michael Shamos
![Page 67: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/67.jpg)
Verichip Human Implant
Courtesy: Michael Shamos
![Page 68: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/68.jpg)
Verichip RFID Human Implant
Replace Social Security
number with a unique
implanted personal
identifier.
In the more general case of identity management, implanted RFID works similar to naturally occurring biometrics.
![Page 69: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/69.jpg)
Biometrics
Primary goal of biometrics is usually authentication
Fingerprints
Iris scans
DNA
Voice
Palm
Face
RFID Implant
Retinal scans
Hand geometry
Behavioral
Keyboard typing
SignatureA biometric is a measurement of the person that is specific to the person.
new
Generally:-always carry -always on (except RFID)-not modify (except RFID)-uniquely associated
![Page 70: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/70.jpg)
Consequences of Technologies Once Widely Deployed
Impact of large, autonomous biometric data collection
• Personal identified tracking (across computers, web browsing, auto use, etc.)
• No Fair Information Practices
• Impersonation possible, but no new fingers!
• Law enforcement use
![Page 71: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/71.jpg)
1.Identity Management Problems2. Biometric Technologies3. Applying Biometrics to Problems4. Identity Phone Example
This Talk
privacy.cs.cmu.edu
![Page 72: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/72.jpg)
Credit Card Transactions Using Biometrics
At issuance, credentials not verifiable
During use,not verifiable with remote useinadvertent copies of information
Person-specific criteria weak:signature (picture or other) matching card possessionBiometric-based encryption or hash value
Solved, not a problem Problems remain
![Page 73: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/73.jpg)
Credit Card Transactions Biometrics v. Traditional
At issuance, credentials not verifiable
During use,not verifiable with remote useinadvertent copies of information
Person-specific criteria weak:signature (picture or other) matching card possessionBiometric-based encryption or hash value
Solved, not a problem Problems remain
Traditional: credit card application is issued, but the recipient may not be the correct person. The model assumes the recipient is the only person with knowledge of {name, address, SSN, DOB}
Biometric: requires the original registration of the biometric to be correct. Not so easy!
![Page 74: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/74.jpg)
Credit Card Transactions Biometrics v. Traditional
At issuance, credentials not verifiable
During use,not verifiable with remote useinadvertent copies of information
Person-specific criteria weak:signature (picture or other) matching card possessionBiometric-based encryption or hash value
Solved, not a problem Problems remain
Traditional: credit card use over Web does not verify recipient. Assumes limited access to card number, expiration date, etc. Assumes address for receipt of goods.
Biometric: only credit card information, not the biometric is used.
![Page 75: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/75.jpg)
Credit Card Transactions Biometrics v. Traditional
At issuance, credentials not verifiable
During use,not verifiable with remote useinadvertent copies of information
Person-specific criteria weak:signature (picture or other) matching card possessionBiometric-based encryption or hash value
Solved, not a problem Problems remain
Traditional: assumes non-experts can easily identify signature forgeries. Attention to even pictures is weak. Assumes card is in possession.
Biometric: far superior!
![Page 76: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/76.jpg)
Travel Documents
At issuance, credentials not verifiable
During secondary use,inadvertent copies of information
Person-specific criteria weak:signature (picture or other) matching card possessionBiometric-based encryption or hash value
Solved, not a problem Problems remain
![Page 77: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/77.jpg)
1.Identity Management Problems2. Biometric Technologies3. Applying Biometrics to Problems4. Identity Phone Example
This Talk
privacy.cs.cmu.edu
![Page 78: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/78.jpg)
Sweeney Identity Phone
Issued at birth and remains with a person until death. Special set of phone numbers that can be used like Social Security numbers.
A special mobile phone that includes:Phone capability to send/receive callsBiometric readers: fingerprint, cameraGPS (location)Recognition software: voice, fingerprint, face
new
![Page 79: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/79.jpg)
Sweeney Identity PhoneSample Sessions
• Issue phone number like SSN for matching and storing.
• Want to verify a person facing you, phone their # and check GPS location.
• Want to authenticate a person facing you, phone their #, check GPS location, and verify using fingerprint reader.
• Make a credit card purchase: merchant sends their phone# to credit card company, buyer authenticates and approves using buyer phone.
![Page 80: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/80.jpg)
Biometric-based encryption or hash value (right)Sweeney Identity Phone (left) Solved, not a problem Problems remain
Credit Card Transactions Identity Phone v. BiometricsAt issuance,
credentials not verifiable
During use,not verifiable with remote useinadvertent copies of information
Person-specific criteria weak:signature (picture or other) matching card possession
![Page 81: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/81.jpg)
Biometric-based encryption or hash value (right)Sweeney Identity Phone (left) Solved, not a problem Problems remain
Credit Card Transactions Identity Phone v. BiometricsAt issuance,
credentials not verifiable
During use,not verifiable with remote useinadvertent copies of information
Person-specific criteria weak:signature (picture or other) matching card possession
Biometric: requires the original registration of the biometric to be correct. Not so easy!
Identity Phone: registration is not at card issuance but at birth.(Of course, no forgiving or forgetting!)
![Page 82: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/82.jpg)
Biometric-based encryption or hash value (right)Sweeney Identity Phone (left) Solved, not a problem Problems remain
Credit Card Transactions Identity Phone v. BiometricsAt issuance,
credentials not verifiable
During use,not verifiable with remote useinadvertent copies of information
Person-specific criteria weak:signature (picture or other) matching card possession
Biometric: only credit card information, not the biometric is used.
Identity Phone: authenticates person and vendor! Vendor phones credit card company, which in turn calls customer for authorization of charge.
![Page 83: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/83.jpg)
Biometric-based encryption or hash value (right)Sweeney Identity Phone (left) Solved, not a problem Problems remain
Credit Card Transactions Identity Phone v. BiometricsAt issuance,
credentials not verifiable
During use,not verifiable with remote useinadvertent copies of information
Person-specific criteria weak:signature (picture or other) matching card possession
Biometric: far superior over traditional approach!
Identity Phone: same as biometric alone!
![Page 84: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/84.jpg)
Travel DocumentsIdentity Phone v. BiometricsAt issuance,
credentials not verifiable
During secondary use,inadvertent copies of information
Person-specific criteria weak:signature (picture or other) matching card possessionBiometric-based encryption or hash value (right)
Sweeney Identity Phone (left) Solved, not a problem Problems remain
![Page 85: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/85.jpg)
Identity Phone Summary
The purpose of the Identity Phone is not to sell phones but to show how combinations of biometrics, location information and authoritative issuance can work together to solve some key identity management problems.
![Page 86: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/86.jpg)
Addressed in This Talk
privacy.cs.cmu.edu/dataprivacy/talks/CACR-05-11.html
This talk will examine the nature of identity management problems and examine roles biometrics can play along with accompanying policy or additional technology. An integrated solution (“identity phone”) will be presented as a working example.
![Page 87: Identity Management: Dealing with Disclosure](https://reader035.vdocuments.site/reader035/viewer/2022062410/568159f8550346895dc7440a/html5/thumbnails/87.jpg)
1.Identity Management Problems2. Biometric Technologies3. Applying Biometrics to Problems4. Identity Phone Example
This Talk
privacy.cs.cmu.edu