280 likes | 457 Vues
Computer Security. Biometric authentication. Based on a talk by Dr J.J. Atick, Identix, “Biometrics in the Decade of Security”, CNSS 2003. Biometric authentication. Framework for security. Trust. Identification. Biometrics fingerprints face iris. Biometric authentication.
E N D
Computer Security Biometric authentication Based on a talk by Dr J.J. Atick, Identix, “Biometrics in the Decade of Security”, CNSS 2003
Biometric authentication Framework for security Trust Identification Biometrics fingerprints face iris
Biometric authentication Framework for security Physical or logical access should be based on trusted gated actions
Biometric authentication Biometrics are uniquely qualified for this purpose: • Individual uniqueness • universality • accuracy • easiness • permanence • non-intrusiveness • cannot be lost, forgotten, stolen
Biometric authentication Fingerprints • Image • Minutiaes • Fingerprint • based on irregularities (minutiae)
Biometric authentication Face recognition • Image • Nodal points • Face print • based on facial skin irregularities (the skull is 3-dimensional, the kin is 2-dimensional)
Biometric authentication Iris recognition • Image • Iris pattern • Iris-print
Market Evolution Government • Law enforcement • Federal Agencies • DoD • National ID Programs Regulated Industries • POS • Financial Healthcare • Transportation • Commercial • E-commerce • Transactions
Common Access Card DoD Common Access Card • Biometric Smart Card to enable trusted identity throughout the enterprise • Logical and physical access • Evaluating fingerprint biometrics for military ID cards • Already half way through (expected roll-out by 2005)
Enhanced Border Security Entry/Exit Program • Protect, control & monitor access & entry into US • Background check on visa applications • Finger & face opportunity Visa reform • Ability to check on visa applicants • Biometric smartcard as new visa Worldwide reverberations
International ID Programs Several Foreign countries are in the process of implementing national ID programs • Fingerprint, facial and iris biometrics for national ID cards • Fingerprint biometrics for national healthcare programs • Fingerprint biometrics for passports
Platform for security • Enrollment & Registration • Qualification • Requirements of Trust • Biometric Identification • Only: finger, face, iris • Secure Credential Issuance • Access • Physical, logical • Surveillance
Platform for security • Enrollment & Registration • Qualification • Requirements of Trust • Biometric Identification • Only: finger, face, iris • Secure Credential Issuance • Access • Physical, logical • Surveillance
Enrollment & Registration • Critical step, could be costly if not done properly • Data must be in vendor independent formats • Standard formats: e.g.ANSI/NIST-ITL 1-2000 • Data can be very valuable
Qualification Answer two questions • Is the identity unique? • Can it be granted trusted status Requires • Search in a registration database • Submission to watch list & criminal database
Requirements of Trust • State mandates • Healthcare, school workers, banking state employees insurance • Federal Mandates • Transportation workers • Airlines, airports • Postal workers • Government employees • Visa applicants, trusted travelers • Passport and National IDs • Corporate enterprise
Biometric Identification Only finger, face, iris • Finger & face have unique position because of existing databases • Finger requires live scan 10 print rolled fingers • Major breakthroughs in imaging make it easier to capture high quality prints • Quicker turnaround • Low rejection & rechecks
Facial for Identification • In many cases face is only available only finger, face, iris • Performance • Rank 1 identification – 80% • Compare with single finger 90% (db size 10,000) NIST & FRVT2002 • Not perfect yet delivers significant value • Improving performance
Secure Credential Issuance Impedes tampering & forging. • Badging screened applicant • Smartcard • On Chip • Credentials, PKI certificate, Applications • Secure Markings • Photo • Color Coding • Basic info: name, exp date, signature, etc • Magnetic stripe and/or Barcode data
Access • Physical access • Buildings, offices, Safe Deposit boxes, Parking lots, etc • Logical access • Authentication, Authorization, Internet, WAN, LAN, Wireless, etc • Universal access • Home, office, any location, travel, etc
Detection • Watch lists: facial & fingerprint databases • Biometrics can be used to detect in real time individuals on the watch list • On demand screening • Checkpoint surveillance
Detection: on demand screening • Fingerprint systems for INS enforcement • border checks • Mobile identification • IBIS (Identification Based Information Systems) • Travel document screening
Mobile identification -IBIS Mobile PDAs with finger sensors & Cameras. Access to • Secure wireless communication
ID Document surveillance • Travel documents readers • Watch list alarm • Use standard existing travel documents • Creates manifest
Checkpoint surveillance • Security tool just like metal detectors & luggage scanners • Ensures that each face passing through a checkpoint is checked against the watch-list database.
ID Document surveillance • Travel documents readers • Watchlist alarm • Use standard existing travel documents • Creates manifest
Biometric smartcards –the trust triangle Application Reader Discuss Security Issues Smartcard - PK, certificate - SK - Else??? • User • - Password ??? • - Smartcard