user authentication trends
TRANSCRIPT
Slide 1Slide 1
Session : User Authentication - Trends11-Nov-2014
Prepared by: Zuraiq
Slide 2
This Session…
-- Is Technical – will include an introduction/background
-- Will include Interactions, Questions and Answers…
-- The Sections…. The StartUser AuthenticationsBiometricsSo…Thank You
-- Disclaimer
Slide 3Slide 3
The Start!
Slide 4
Question 1: The Picture! – Please Identify….
Creation and Creator!….
Slide 5
Nature and Man….
-- Question 2: Who is the painter? Where is it located now?
-- Depicts – “Human Being” as the supreme creation Combines: Science +
Math + Philosophy!!!!
-- “The Geometry of a Man”
References:http://www.youtube.com/watch?v=GGUOtwDhyzc : Vitruvian Man – The Beauty of Diagrams
http://www.youtube.com/watch?v=aMsaFP3kgqQ : Da Vinci’s Virtuvian Man of Math - James Earle
Slide 6
Golden Ratio!!!
-- Question 3: What is “Golden Ratio” ?
-- Beautiful and Harmonious – It’s about Patterns!
-- Architecture and Arts – Across Cultures and Regions
-- Pyramids, Stonehenge, Parthenon, Many of the paintings, Music and Musical Instruments, Symbols
-- Fibonacci Series
-- Nature: Conspicuous Reoccurrence, Surprisingly Oftem-- Elliot Rafael Waves + Chaos Theory – The Influence
References:Wikipediahttp://www.youtube.com/watch?v=O2wU-HT7FiM – Fibonacci and the Golden Mean. http://www.youtube.com/watch?v=SjSHVDfXHQ4 : The magic of Fibonacci Numbers
Slide 7
So…
There is a
-- Brilliance in the design, And also is Uniformity…
-- Yet, they are unique – individually…
Slide 8Slide 8
User Authentications!
Slide 9
Question 4 : Why ?
-- Why “User Authentication” ?…
My Answers:
-- Part of our business, Daily Life
-- Always Fresh
-- Increased Awareness
-- Renewed Focus…
Slide 10
The Password World– Few Facts
-- More than 70% of people revealed their passwords in exchange of a bar of chocolate
-- 66% shared their passwords with colleagues
-- 75% knows their co-worker’s password
-- 60% use the same password for everything, including their personal banking
-- Worst Passwords – Easy to predict
-- Own Name (16%), password (12%), football team (11%), DOB(8%)
http://www.forbes.com/sites/davelewis/2014/10/29/internet-of-things-security-vs-time-to-market/
Slide 11
Question 5 : Worst Passwords - 2013
1. 123456 2. password 3. 12345678 4. qwerty 5. abc123 6. 123456789 7. 111111 8. 1234567 9. iloveyou 10.adobe123 11.123123 12.Admin 13.1234567890 14. letmein 15.photoshop 16.1234 17.monkey 18.shadow 19.sunshine 20.12345
Slide 12
Authentication - Basics
-- Question 6: What is “Authentication” ?
-- Examples: Allow someone enter based on a photo id cardEntry into a Cinema HallATM WithdrawalAccess a secured website, say Internet BankingEmigration Clearance in an airportDegree Certificate – Original or Not? Checking the authority of a person…Information Authenticity – Video Tapes, Source etcSingle Sign OnConfirmation E-mails, OTPTracing the date of an artifact – carbon dating
SO…. What is “Authentication” ?
Slide 13
The Identity!
-- The Identity Crisis
-- Basics: Definition – Authentication1 - Accepting proof of Identity2 – Comparing the attributes of the object itself to what is known about it3 – Establishing identity based on external affirmations
-- Lingo : Identity, Authorization, Access, Strong Authorization
-- Multi-factor Authentication - MFA
Slide 14
Multi-factor Authentication!
-- Knowledge factors – Something you know[Passphrase, PIN, Challenge/Response]
-- Possession factors – Something you have[ID Card, Token, Phone]
-- Inherence factors – Something you are[Fingerprint, Retina, Iris, Voice, Face]
-- Dynamic factors – Something you do - Question 6
-- Hybrid [Private Keys Encrypted by a Fingerprint Device Inside a USB Token]
-- So… How many? Who will decide? Criterion? More Reading: https://twofactorauth.org/
Slide 15
Multi-factor Authentication!
-- Tokens – Connected, Disconnected, H/W, S/W, USB Based, Audio Port Based
-- Cards – Magnetic Strip Cards, Grid Cards, Patterns
-- Wireless Tokens [RF Id, Bluetooth]
-- Software: Capcha, SSO
-- Onetime pads, iButtons These are OLD….
-- Mobile Phone Based Tokens – Soft token, SMS, QR Code, Call, smart phone Push, Mobile Signatures, Apps
Slide 16
Multi-factor Authentication!
Slide 17Slide 17
Biometrics
Slide 18
Biometrics!!!
-- What is Biometrics?
Slide 19
Biometrics!!!
-- What is Biometrics?
Biometric refers to "automatic" identification of a person, based on her physiological or behavioral characteristics.
As a characteristic: is a measurable characteristic of an individual
As a Process: Automated Methods of Recognizing an individual based on the measurable characterstic
Slide 20
Biometrics – Timelines…
1858: First systematic capture of hand images for identification is recorded1870: Bertillon develops anthropometrics to identify individuals1892: Galton develops a classification system for fingerprints1896: Henry develops a finger print classification system1936: Concept of using the iris pattern for identification is proposed1960s: Face recognition becomes semi-automated1960: First model of acoustic speech production is created1965: Automated signature recognition research begins1969: FBI pushes to make fingerprint recognition an automated process1974: First commercial hand geometry systems become available1986: Exchange of fingerprint minutiae data standard is published1988: First semi-automated facial recognition system is deployed1992: Biometric Consortium is established within US Government1997: First commercial, generic biometric interoperability standard published1999: FBI's IAFIS major components become operational2002: M1 Technical Committee on Biometrics is formed2003: Formal US Government coordination of biometric activities begins2004: US-VISIT program becomes operational2004: DOD implements ABIS2005: US patent on iris recognition concept expire
Slide 21
Biometrics – Predecessors…
-- Handprints may have acted as a signature….
-- 500 BC – Fingerprint Usage as a person’s mark – settling transactions
-- Chinese used fingerprints and footprints to differentiate children
-- Early Egyptians:Traders were identified by their physical descriptionDifferentiate between trusted traders and new traders
Slide 22
Process Flow – Generic ….
Slide 23
Biometrics – Broad Classification
-- Behavioral[Keystroke, Signature: Static, Dynamic]
-- Physical [Fingerprint, Voice, Hand/Finger/Face Geometry, Facial Recognition, Signature, Voice, Iris]
-- Still In Progress[Smell, Ear Shape, Finger Nail Bed, Face-3D, Gait, Lip Movement, Vein Scan]
-- Traits: Collectability, Uniqueness, Performance, Acceptability, Expected Number of Users
-- Components: Server, Signal Processing, Data Storage, Matching Algorithm, Decision Process
-- Capturing Technology: RF, Optical, Capacitive, Pressure Tracking
Slide 24
Bio Metrics - Pictorial
Slide 25
Finger Prints – Few Facts
-- Oldest form of Biormterics; Widely in practice
-- Highly Reliable
-- Uses distinctive features of Fingerprints: Ridges, Spurs, Bridges, Patterns
--
--
--
Slide 26
Iris Scan – Few Facts
-- Iris is a protected internal organ whose random texture is stable throughout life
-- High degree of randomness; No 2 iris are identical
-- Stable in a persons life
-- Infra red / High Resolution Photograph
-- Iris Unique Characteristics: Ridges (Rings), Furrows, Striations (freckles)
--
Slide 27
Other Biometrics…
-- Voice Scan: Measures sound waves of a human speech; Voice print compared to a previous one.
-- Signature Scan: Measures speed, pressure, stroke order of a signature
-- Retina Scan: Measures Unique characterestics of a retina; Blood vessel patterns, Vein Patterns
-- Facial Scan: camera measures the following facial features: Distance between eyes, eyes and nose ridge, angles of cheek, slope of the nose, Facial Temperatures
-- Hand Scan: Measures Top and Side of a hand – Not the palm [Hand Geometry]
Slide 28
Biometrics – Metrics
-- FAR : False Acceptance Rate [Wrong Identification]
-- FRR : False Recognition Rate [Access Denial]
-- FTE: Failure to Enrol Rate
-- AVT : Ability To Verify [AVT = (1 – FTE)(1-FRR)
-- IRIS: FAR – 1/1,000,000; FRR : 2%
-- Fingerprint: FAR – 1/100,000; FRR: 1%
-- Algorithmic; Matching Scores
-- Standards: BioAPI, BAPI
Slide 29
Biometrics – Areas
-- Identification Systems: Who am I ? [Determine Identity]
-- Verification Systems: Am I who I claim to be ? [Authenticate Identity]
-- In short, Determine or Authenticate Authority!
--Verification Systems: More AccurateLess ExpensiveFasterLimited in FunctionalityMore Efforts by User than Computer
Slide 30
Biometrics – Areas
-- Criminal Identification
-- Automobiles
-- Airport Security
-- Prison Security
--
--
Slide 31
Bio-Metric - Usage
Slide 32
Bio-Metric Passports
Reference: http://commons.wikimedia.org/wiki/Biometric_passport
Slide 33
Biometrics – Pros
-- Cannot be manipulated by Brute Force
-- Not easy to Copy or Steal and Avoids Lost Identity Cases
-- No Need to memorize
-- Natural
-- Happens in Real Time, and in a Definitive Manner
Slide 34
Question 6: Biometrics – Cons
-- Can be faded with time : Fingerprint, Voice [Answer]
-- Not still matured – For example Fingerprint
-- Standards are not in place yet – Replacement, if Lost
-- Not easy to introduce variability
-- Still Expensive
-- Replacement, if Lost
-- Cultural/Religious Issues
-- Privacy Concerns of misuse
Slide 35Slide 35
So….
Slide 36
So, What are we guarding against ? Question
Simple – “Unauthorized Access”
And what are the threats ? [Question]--- Stealing--- Confidence Tricks--- Technical Tricks [Local, Remote]--- Victim Mistakes--- Implementation Oversights--- DoS Attacks--- Enrollment Attacks
https://www.owasp.org/index.php/Comprehensive_list_of_Threats_to_Authentication_Procedures_and_Data
Slide 37
Concluding Remarks
-- IdM – is a new area of business and it is Serious!
-- Biometrics – You cannot ignore it!
-- Challenge is to make it simpler – the “User Experience” around it…
-- User Authentication is an area that demands 100% perfection without compromise!!!
Slide 38Slide 38
Slide 39Slide 39
Next Session
On 18-Nov-14