Computer Security

Computer SecurityBiometric

authenticationBased on a talk by Dr J.J. Atick, Identix, “Biometrics in the Decade of Security”, CNSS 2003

Biometric authentication

Framework for security

Trust

Identification

Biometricsfingerprints

face iris

Biometric authentication

Framework for security

Physical or logical access should be based on trusted gated actions

Biometric authentication

Biometrics are uniquely qualified for this purpose:• Individual uniqueness• universality• accuracy• easiness• permanence• non-intrusiveness• cannot be lost, forgotten, stolen

Biometric authentication

Fingerprints• Image• Minutiaes• Fingerprint

– based on irregularities (minutiae)

Biometric authentication

Face recognition• Image• Nodal points• Face print

– based on facial skin irregularities (the skull is 3-dimensional, the kin is 2-dimensional)

Biometric authentication

Iris recognition• Image• Iris pattern• Iris-print

Finger-scan

Facial-scan

Middleware

Hand-scan

Iris -scan

Voice-scan

Signature-scan

Keys troke-scan

Biometric Market

Market EvolutionGovernment• Law enforcement• Federal Agencies• DoD• National ID Programs

Regulated Industries• POS• Financial Healthcare • Transportation

• Commercial• E-commerce• Transactions

Common Access Card

DoD Common Access Card

• Biometric Smart Card to enable trusted identity throughout the enterprise

• Logical and physical access• Evaluating fingerprint biometrics for military ID cards• Already half way through (expected roll-out by 2005)

Enhanced Border Security

Entry/Exit Program• Protect, control & monitor access & entry into US• Background check on visa applications• Finger & face opportunity

Visa reform• Ability to check on visa applicants• Biometric smartcard as new visa

Worldwide reverberations

International ID Programs

Several Foreign countries are in the process

of implementing national ID programs

• Fingerprint, facial and iris biometrics for national ID cards

• Fingerprint biometrics for national healthcare programs

• Fingerprint biometrics for passports

Platform for security

• Enrollment & Registration• Qualification• Requirements of Trust• Biometric Identification

– Only: finger, face, iris

• Secure Credential Issuance• Access

– Physical, logical

• Surveillance

Platform for security

• Enrollment & Registration• Qualification• Requirements of Trust• Biometric Identification

– Only: finger, face, iris

• Secure Credential Issuance• Access

– Physical, logical

• Surveillance

Enrollment & Registration

• Critical step, could be costly if not done properly• Data must be in vendor independent

formats– Standard formats: e.g.ANSI/NIST-ITL 1-2000

• Data can be very valuable

Qualification

Answer two questions• Is the identity unique?• Can it be granted trusted status

Requires• Search in a registration database• Submission to watch list & criminal

database

Requirements of Trust

• State mandates– Healthcare, school workers, banking state

employees insurance

• Federal Mandates– Transportation workers

• Airlines, airports

– Postal workers– Government employees– Visa applicants, trusted travelers

• Passport and National IDs• Corporate enterprise

Biometric Identification

Only finger, face, iris

• Finger & face have unique position because of existing databases

• Finger requires live scan 10 print rolled fingers

• Major breakthroughs in imaging make it easier to capture high quality prints– Quicker turnaround– Low rejection & rechecks

Facial for Identification

• In many cases face is only available only finger, face, iris

• Performance– Rank 1 identification – 80%– Compare with single finger 90% (db size

10,000) NIST & FRVT2002

• Not perfect yet delivers significant value

• Improving performance

Secure Credential Issuance

Impedes tampering & forging.

1. Badging screened applicant2. Smartcard

1. On Chip• Credentials, PKI certificate, Applications

2. Secure Markings3. Photo4. Color Coding5. Basic info: name, exp date, signature, etc6. Magnetic stripe and/or Barcode data

Access

• Physical access– Buildings, offices, Safe Deposit

boxes, Parking lots, etc

• Logical access– Authentication, Authorization,

Internet, WAN, LAN, Wireless, etc

• Universal access– Home, office, any location, travel,

etc

Detection

• Watch lists: facial & fingerprint databases

• Biometrics can be used to detect in real time individuals on the watch list– On demand screening– Checkpoint surveillance

Detection: on demand screening

• Fingerprint systems for INS enforcement– border checks

• Mobile identification – IBIS (Identification Based Information Systems)

• Travel document screening

Mobile identification -IBIS

Mobile PDAs with finger sensors & Cameras.Access to

– Secure wireless communication

ID Document surveillance

• Travel documents readers• Watch list alarm• Use standard existing travel

documents• Creates manifest

Checkpoint surveillance

• Security tool just like metal detectors & luggage scanners

• Ensures that each face passing through a checkpoint is checked against the watch-list database.

ID Document surveillance

• Travel documents readers• Watchlist alarm• Use standard existing travel

documents• Creates manifest

Biometric smartcards –the trust triangle

Discuss SecurityIssues

Smartcard - PK, certificate - SK - Else???

User- Password ???- Smartcard

Reader

Application