Security Implications of Biometrics

Colin Dougherty

What is it? Oldest form of identification Unique identifiers…not secrets!

Examples of Biometrics Physiological

FaceFingerprintIris and RetinalHand VeinsDNA

BehavioralVoiceSignature

Comparison of Biometrics Uniqueness Permanence Collectability Performance Circumvention

Facial Recognition Primer Principal components analysis Viisage’s “EigenFaces”

Real World Error Rates

False PositivesFalse Negatives

Airport BiometricsFace Recognition

Fujistu’s Palm Vein Biometric Infrared Rays False Negative = 0.01% False Positive = 0.00008%

Attacks and More Problems Verify accuracy and input correctly Replay Attacks Human Risk Poor Failure

Cancelable Biometrics

MythBusters Defeat a Fingerprint Scanner

Copy of the fingerprint etched in latex.Ballistics gel copy of the fingerprint.Paper copy the fingerprint.

Summary Security is in layers

Biometrics have strengths

Biometrics have weaknesses

Biometrics are unique identifiers not secrets!

Sources Secrets & Lies, Digital Security in a

Networked World. Bruce Schneier. John Wiley & Sons, 2000

Jonathan Kent. BBC News, Kuala Lumpur: http://news.bbc.co.uk/2/hi/asia-pacific/4396831.stm

Worcester Polytechnic Institute. Viisage http://www.wpi.edu/News/Transformations/2002Spring/recognition.html

Questions What are two ways of comparing

different Biometrics?

Fill in the blank: Biometrics are unique identifiers not ___________!

Colin Dougherty