1 / 17

Padmaraj Nair

Padmaraj Nair. Introduction. “Physiological or behavioral characteristic of a human being that can distinguish one person from another” Theoretically can be used for identification or verification of identity To be practically useful it should be, Unique Universal Permanent Recordable

kassia
Télécharger la présentation

Padmaraj Nair

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Padmaraj Nair

  2. Introduction “Physiological or behavioral characteristic of a human being that can distinguish one person from another” • Theoretically can be used for identification or verification of identity • To be practically useful it should be, • Unique • Universal • Permanent • Recordable • Acceptable

  3. Authentication • Something we know • Passwords • Pin numbers • Easy to change • Require no additional hardware • An accepted method of authentication • Well-understood • Easy to intercept • Secure?

  4. Authentication cont… • Something we have • Smart cards • Access tokens • Devices may be lost, damaged, and stolen • May run out of power • May be prone to power, synchronization and time-based attacks if externally powered • Subjected to reverse engineering and other treatment • Theft can be easily detected

  5. Authentication cont… • Something we are • Biometric authentication • Capture human input • Filter out unwanted input such as noise • Generate a statistical representation of the biometric input (template) • Perform a match against biometric information previously gathered and stored during an enrollment procedure • Biometric verification • Biometric identification (pure biometrics)

  6. Verification • Uses entity IDs and a biometric • Biometric merely serves to prove identity already declared by the entity • ID may be something you know (a username) or something you have (a smart card) • Biometric works to actually complete the authentication process • Biometric database keeps a list of valid entity IDs and corresponding biometric templates

  7. Identification • Biometric serves as both the identifier and the authenticator • Biometric database contains the enrolled biometric templates, and they all are compared against the provided biometric to find a match • Positive identification • Provided biometric must be in the database • Only one match to positively identify the person • Risks: false acceptance and false rejection • Negative identification • Determines whether the provided biometric is not in the database.

  8. Enrollment • Mandatory regardless of the type of a biometric system • Biometric enrollment is the registration of subjects’ biometrics in a biometric database. • Positive enrollment results in a database of recognized persons’ biometric templates that may be later used for positive identification • Negative enrollment results in a database of “excluded” persons • Security and reliability of the process and the database are fundamental to the system security

  9. Processing • Microprocessor, digital signal processor or computer • Involves image enhancement, normalization and template extraction • The DSP architecture is built to support complex mathematical algorithms that involve a significant amount of multiplication and addition. • With the high performance capabilities of the DSP, the total recognition time of the system can be reduced without an increase in power

  10. Matching • Comparison of biometric provided by the individual with the known biometric data stored in the biometric database • Representation of the same biometric taken by two input sensors or taken at two different points in time does not match bit by bit because of numerous factors such as sensor resolution, system noise, and so on • Pattern-recognition problem • Not a bit-by-bit comparison

  11. Matching cont… • Threshold level is used to decide whether the matching score is high enough to be considered a match • Threshold level affects the accuracy and hence security • Errors • False match or acceptance • False non-match or rejection • In practice, both FRR and FAR do not equal zero • When higher security requires, users may be troubled with high false rejection rates

  12. Types of Biometrics • Physiological Biometrics • Based on direct measurements and data derived from measurements of a part of the human body, • Fingerprints • Face Recognition • Hand geometry • Iris recognition • Retina Recognition • Behavioral biometrics • Based on measurements and data derived from human actions • Signature • Voice

  13. Biometric secure? • Artificial clones of fingers using cheap and freely available materials such as gelatin, free molding plastic, and photosensitive printed circuit boards. • 80 percent success rate with fingers made of gelatin. • Copy of live finger and artificial finger using a latent fingerprint left on a glass • Bruce Schneier, in his recent book ‘Beyond Fear’ • A magically effective face recognition system with 99.9% accuracy. • If someone is a terrorist, there is a 1-in-1000 chance that the software fails to indicate “terrorist” • If someone is not a terrorist, there is a 1-in-1000 chance that the software falsely indicates “terrorist” • Assume 1 in 10 million stadium attendees is a known terrorist (this system won’t catch any unknown terrorists) • System will generate 10,000 false alarms for every one real terrorist • This would translate to 75 false alarms per Tampa Bay football game and one real terrorist every 133 or so games.

  14. Summary • Provide an opportunity for a more secure and responsible world • If misused or poorly engineered, may instead bring many hassles—if not troubles • Some biometrics are less usable than others, and different environments warrant different biometrics and design considerations. • Security and reliability • Organizations should consider a biometric's stability, including maturity of the technology, degree of standardization, level of vendor and government support, market share, and other support factors.

  15. References • John D. Woodward, Nicholas M. Orlans, Peter T. Higgins, Identity Assurance in the Information Age: Biometrics, Mc Graw Hill press 2003. • John Daugman, Iris Recognition for Personal identification, University of Cambridge, http://www.cl.cam.ac.uk/users/jgd1000/iris_recognition.html • Edgar Danielyan, The Lures of Biometrics, The Internet Protocol Journal, March 2004 Volume 7 • International Biometric Group, www.biometricgroup.com • John Daugman, How Iris RecognitionWorks, IEEE Trans. CSVT 14(1), 2004, pp. 21 - 30 • Simon Liu, Mark Silverman, A Practical Guide to Biometric Security Technology, IEEE, ITPro, 2000 • Biometric Consortium, http://www.biometrics.org/ • Ram Sathappan, DSP for Smart Biometric Solutions, Texas Instruments White Paper, May 2003

More Related