1 / 11

NIST Update: Part Deux

NIST Update: Part Deux. Elaine Newton, PhD NIST elaine.newton@nist.gov. Outlook for Identity Management. WH Initiative on the National Strategy for Trusted Identities in Cyberspace (NSTIC) Aims to improve the security of online transactions of consumers (e.g. online banking)

johnemedina
Télécharger la présentation

NIST Update: Part Deux

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. NIST Update:Part Deux Elaine Newton, PhD NIST elaine.newton@nist.gov

  2. Outlook for Identity Management • WH Initiative on the National Strategy for Trusted Identities in Cyberspace (NSTIC) • Aims to improve the security of online transactions of consumers (e.g. online banking) • Remote access for more services, available anytime, anywhere • Risk-based choices of factors and methods • Open standards, interoperable platforms

  3. Multi-Factor Authentication (MFA) Initiative • Supported by the Comprehensive National Cybersecurity Initiative (CNCI) • Objective: To improve cyber security through strengthening authentication assurance by • Advancing multi-factor authentication • Shifting the predominance of the username-password paradigm for online transactions • Addressing major gaps for remote authentication for higher risk online transactions

  4. Authentication Use Case Comparison For law enforcement, immigration, etc. For online transactions, e.g. banking, health, etc. Enrollment Less controlled Probably not in person Subsequent recognition attempts Unattended Successful recognition Answers the question, “How confident am I that this is the actual claimant?” Is a tamper-proof rendering of a distinctive pattern • Enrollment and subsequent recognition attempts • highly controlled • Supervised / Attended • Successful recognition • Answers the question, “Has this person been previously encountered?” • Is a unique pattern

  5. Biometric Template Protection (1 of 3) • EU funded a 3 year project known as TURBINE (TrUsted Revocable Biometric IdeNtitiEs) • “To develop an innovative, privacy enhancing technology solution for electronic identity (eID) authentication through fingerprints biometrics, and • “To demonstrate the performance and security of this solution…” http://www.turbine-project.eu/

  6. Biometric Template Protection (2 of 3) • Testing will need to address • Scale for intended applications and • Metrics to evaluate algorithms incorporating both the security properties and accuracy • Biometric Performance • De-Identification • Irreversibility • Others Security Strength (bits) True Match Rate (at 10-x FMR) De-Identification Rate (FNMR at 10-x FMR)

  7. Biometric Template Protection (3 of 3) Fingerprint databases at NIST are the largest and can provide scale. NIST funding biometric and security experts to develop metrics, using a NIST Twiki to engage the security and biometric communities. Metrics will be used to develop testing protocol • Testing will need to address • Scale for intended applications and • Metrics to evaluate algorithms incorporating both the security properties and accuracy

  8. Anti-Spoofing/Liveness Detection Standards Project Data / Data Formats (for Metrics) Threats/ Attacks Counter-measures High Confidence in factors available to consumers for authentication (and access) over open networks QPL, Validation, or Certification Program Measurement/Evaluation

  9. Credential Revocation • No standard methods to revoke an Identity Provider (IdP)s’ issued credential or its associated attribute(s). • > Investigating techniques for credential and attribute revocation. • >Defining use cases and profiles for revocation. • Lead/PoC: Hildy Ferraiolo (NIST) hferraio@nist.gov, 1-301-975-6972

  10. MFA Biometrics Projects Summary • Metrics for a Benchmarking-Framework to Rank Biometric Template Protection Algorithms (starting FY11) • Anti-Spoofing/Liveness Detection (starting FY11) • Evaluation approaches for fingerprint recognition systems • Leading international standard project in ISO/IEC (SC 37) • Credential Revocation (starting FY11) • Drafting guidelines and requirements for the use of biometrics as a second factor for remote authentication • On-Card-Comparison Testing • Final report available at http://biometrics.nist.gov/cs_links/minex/minexII/minex_report.pdf • Standards and reference implementation for web services (Draft 1 available at bws.nist.gov)

  11. Thank youQuestions? Elaine Newton, PhD elaine.newton@nist.gov 1-301-975-2532

More Related