zachary olson and yukari hagio cis 4360 computer security november 19, 2008
TRANSCRIPT
Zachary Olson and Yukari HagioCIS 4360 Computer Security
November 19, 2008
A definitionBiometrics is a branch of computer security
centering on authenticating a person’s identity based on some physiological or behavioral characteristic unique to that person
Authentication system: verifies the identity of a user before allowing them access to the internal system
Stages of OperationEnrollment
Biometric data is collected for a known identityReference template is created and stored
AuthenticationIdentification: comparison of biometric data to
all available data files in a databaseVerification: comparison of biometric data to
previously stored version
A Better Approach to Security…Biometrics is seen as more secure than
traditional methods:Biometrics vs. PasswordsBiometrics vs. Tokens
Types of Biometric AuthenticationFingerprintsRetina / Iris ScansFacial RecognitionHand RecognitionDNA MatchingKeystroke Recognition
FingerprintsRidges vs. Valleys
Scanning MechanismsOptical ScannerCapacitance Scanner
Fingerprints (contd.)Analyzing a Fingerprint - Minutiae
Retina ScansSmall surfaceDetailed ScanSlow scan and compare
procedure
Iris ScansMore than 250 unique spotsCompares trabecular meshwork of the irisFast scansRequires a human eye
Facial RecognitionUses a video image to look at distances
between features and overall structureRequires a human faceDifficulties in finding the features in images
Hand RecognitionHand geometry not as unique as fingerprintsUses hand features and measurements
increases uniquenessMeasures up to 90 different points on the
hand including characteristics of the finger and features on the skin
Seen as less invasive than fingerprints
DNA MatchingComparison of a sample of a user’s DNA with
a stored sample of the real person’s DNADNA is readily available to collectComparison process is slow and not
completely automated
Keystroke RecognitionUses rhythm and manner in which characters
are typed into a keyboardTyping characteristics are unique to
individualsIndicators
Speed in words per minuteDelaysSpecific sequences of charactersTyping errorsSeek time and hold time
Issues / ConcernsData StorageAccuracyPhysical DangerPrivacy
Data StoragePermanence of Biometric data
Re-issue is not possibleBiometric data theft is permanent
Possible solution: decentralization of data storageStore part of each record in the central
database and the rest on a smart card with the individual user
Complete records become inaccessible to hackers
AccuracyNo perfect matches in biometricsAcceptance range of comparison algorithmsTypes of errors
False positives: accepting wrong identityFalse negatives: rejecting correct identity
Algorithm cut-off level is a compromise between the two error types
Physical DangerThieves might target property owners to
bypass biometric security measuresExample: in 2005, car thieves in Malaysia cut
off a man’s finger to bypass the fingerprint reader on his Mercedes Benz S Class
PrivacyQuestions
Should organizations or individuals control biometric information?
Can biometric information be used without individual consent?
Can law enforcement agencies demand biometric data from individuals for forensic purposes?
AnswersISO 17799Department of Health, Education, and Welfare
Examples of Biometrics UsageGovernments worldwide use biometrics for
passports and airport security.Police agencies use fingerprints and DNA for
identification and forensics.Financial institutions use palm/finger vein
authentication to secure ATMs.Companies use biometrics to keep time
records, secure locations and improve user convenience.
The Future of BiometricsSeptember 11, 2001 resulted in
unprecedented growth for the large-scale deployment of biometrics.
Biometrics is being incorporated into national passports worldwide.
Because of its advantages over traditional authentication methods, biometrics will continue to helm the endeavor for increased computer security.
References http://www.raysmallopt.co.uk/images/retinal-scan.gif http://img.dailymail.co.uk/i/pix/2008/05_03/FaceRecogL_468x352.jpg http://peninsulatime.com/hk2hand.gif http://www.csb.yale.edu/userguides/graphics/ribbons/help/dna_rgb.gif http://www.nlc.bc.ca/files/photos/newsreleases/241_webcsiprint.jpg http://www.core77.com/blog/images/about-biometrics.jpg http://img100.imageshack.us/img100/7820/imousepo7.jpg http://www.engadget.com/media/2006/03/palmsecure.jpg http://www.popsofa.com/wp-content/uploads/2007/12/smartscan-biometric-keyless-
entry-system.JPG http://www.avinashilingam.edu/images/biometric.jpg http://aftermathnews.files.wordpress.com/2007/11/pay_by_touch.jpg
http://www.biometrics.org/introduction.php http://en.wikipedia.org/wiki/Biometrics http://www.biometrics.dod.mil/Bio101/1.aspx http://computer.howstuffworks.com/fingerprint-scanner1.htm
References (contd.) http://www.aimglobal.org/technologies/biometrics/biometric_retinalscan.asp http://www.globalsecurity.org/security/systems/biometrics-eye_scan.htm http://ctl.ncsc.dni.us/biomet%20web/BMIris.html http://ctl.ncsc.dni.us/biomet%20web/BMFacial.html www.rand.org/pubs/documented_briefings/DB396/DB396.pdf http://www.cse.msu.edu/~cse891/Sect601/CaseStudy/DNABiometricIdentifier.pdf Langenderfer, J. & Linnhoff, S. (2005). The Emergence of Biometrics and Its Effect
on Consumers. The Journal of Consumer Affairs, 39, 314-38. Retrieved 9 November 2008 from H.W. Wilson database.
Barton, B., Byciuk, S., & Harris, C. (2005). The Emerging Cyber-Risks of Biometrics. Risk Management, 52, 26-8, 30-1. Retrieved 6 November 2008 from H.W. Wilson database.
Gates, K. (2006). Biometrics and Access Control in the Digital Age. NACLA Report on the Americas, 39, 35-40. Retrieved 12 November 2008 from H.W. Wilson database.
http://www.duke.edu/~rob/kerberos/authvauth.html