Next-Generation of Security Technology

Transcript Next-Generation of Security Technology

Next-Generation of Security Technology
Edward M. Cheng, M.D. Ph.D. ABFP
CMO, VP Bus. Dev., HealthHighway
Consultant Biometrics application in e-Biz
[email protected]
Steve Hong, Director, SW Appl., SecuGen
[email protected]
February 13, 2002
Contents of this Seminar
•
•
•
•
•
•
Update Current Status of Network Security
Review Existing Security Technology
Introduction and Relevance of Biometrics
Types of Biometrics and Market Trend
Potential Biometrics applications
Fingerprint Biometrics in Internet application
in e-Business
What Consist of a Secure Network?
•
•
•
•
•
•
•
Person-to-Person authentication
User identification
Data integrity
Data confidentiality
Privacy protection
Non-repudiation
User and process management SW
How Secure is our Network?
•
•
According to recent survey by CSI on 521
security executives:
> 32% has experienced incidents of serious
electronic fraud- double in 3 years
> 30% reported intrusion by outsiders
> 55% reported insiders unauthorized access
> estimated: in-house security breaches account
for 70-90% of all attacks on corporate network
Concern: financial, reputation, legal liability
How Serious is ID Theft?
•
500,000-700,000 Social Security Recipients are
victims of fake ID.
- Social Security Adminstration in Baltimore
•
Online Credit Card Fraud: $24M/day: $9B/year
- Meridien Research Jan. 2002
•
•
Online Consumers Survey: 1 in 12 are victimized
Total cost in ID Fraud: 1.13% of all Online
Transactions or $tens of billion yearly.
- Gartner Jan. 2002
Passwords and Locks are Inadequate
•
•
•
•
The GAO report found weaknesses at nearly every point
of computer security controls at the Treasury
Department’s FMS (Financial Management Service).
Government computers that handle $trillion in tax refunds
and SS benefits are vulnerable to cyber-attacks.
Billions of dollars of payments and collections are at
significant risk of loss or fraud, sensitive data are at risk
of inappropriate disclosure, and critical computer-based
operations are vulnerable to serious disruption.
The GAO recommended FMS to install a security
management program and to fix individual weaknessesidentified as access control, such as passwords and locks.
-
CNN Government Reuters, Feb.5, 2002
Existing Security Technology
•
•
•
•
•
•
•
PKI / Encryption / SSL
Firewall
Digital Certificate
Password and PIN
Token
Smart Card
Biometrics
Passwords Frustration
• Must be a mixture of alpha-numeric with upper
and lower cases
• Must be random and not easy to figure out
• Should not be written down or posted on monitor
• Must be changed regularly
• Password should not be recycled within 5 months
• Transfer factor- Passwords get passed around
Cost of maintaining passwords
• About 50% of calls in IT help desks are
password related
• Estimated cost per employee per year:
– $200 by Forrester Research Inc.
(Economics of Security, 2/98)
– $340 by Gartner Group
• Bottom line: A single biometrics can
replace multiple applications’ passwords
What is Biometrics ?
• Definition: Measurement of body’s unique
characteristics or behavior
• Types: Voice, Signature, Facial, Palm, Eye,
Fingerprint
• System components:
– HW -sensor
– SW -algorithm, API
– Middleware and application
Why Biometrics ?
•
•
•
•
•
•
•
Unique
Authentication: 1-to-1 matching
Identification: 1-to-M matching
Convenient
Non-repudiable
Fast, accurate, non-transferable
Nothing to remember and nothing to forget
How is Biometrics Performance Rated?
•
•
•
•
•
•
•
FTE Vs FRR Vs FAR
Reliability
Speed
Ergonomic
Intrusiveness
Convenience
Acceptance
Biometrics Acceptance
• Historically slow
–
–
–
–
–
Privacy concern
Unreliable
Expensive
Difficult to integrate
Negligence
• Post September 11
– demand and acceptance: increased by 3-4 folds
Change in Acceptance of Biometrics
•
•
•
•
Estimate: ID theft in U.S. is about 500,000 cases/year
Consumers are ready to accept biometrics at the cost of decreased
privacy and more intrusive method of identification
Consumers’ fears and losses due to fraud give strong incentives fo
institutions to invest heavily in biometrics as alternative to PIN
Financial institutions are considering biometrics:
ING Direct, American Banker Association, Credit Union of Canada
Deutsche Bank, Citibank
Meridien Research Inc.
•
Financial Service will spend $1.8B annually on biometric
technology by 2004
IDC, Framingham, MA
“Biometrics is a Good Fit with Banking”
“The Technology offers security to
customers at ATM, within branches
to authorize transactions and for
online banking. It can also be used
inside companies to secure vaults and
monitor access to doors and computer
systems.
Meridien Research Inc.
Market Trend - 1
Total Biometric Revenue 1999-2005 ($M)
2000
1905.4
1750
1500
1440.6
1250
1000
1049.6
750
729.1
500
523.9
399.4
250
250.9
0
1999
2000
Biometric Market Report 1999-2005
2001
2002
2003
2004
2005
International Biometric Group – 2001
Market Trend- 2
Fingerprint Market Revenue 2000-2005 ($M)
500
453.3
450
400
373.9
350
300
266.6
250
200
167.0
150
100
50
99.4
57.2
0
2000
2001
Fingerprint Market Report 2000-2005
2002
2003
2004
2005
International Biometric Group – 2001
Market Trend - 3
600
563.4
500
496.3
453.3
426.2
Fingerprint
400
Facial-Scan
373.9
367.8
Hand Geometry
Middleware
320.6
307.5
300
282
266.6
Iris-Scan
Voice
Signature
200
190
199.6
AFIS
167
111.2
130.6
101.
97.11
99.4
100
52.7
49.9
24.2
40.5
11.4
12.5
0
2000
Keystroke
2001
Biometric Market Report 1999-2005
2002
2003
2004
2005
International Biometric Group – 2001
Fingerprint and Middleware market will lead biometrics market in future
Projected Revenue of Fingerprint and Middleware will occupy 40% of Total Market at 2005
Dynamic Growth in Finger-Scan Biometrics
Market Share by Technology, 2001
Worldwide Finger-Scan
Biometrics Technology Revenues
($ Millons)
(Excludes AFIS Revenues)
290.1
300
Signature-Scan
3%
250
208.6
Iris-Scan
6%
200
Facial-Scan
15%
143.4
150
94.5
100
59.3
50
36.1
Hand-Scan
11%
0
2001
2002
2003
2004
2005
2006
Source: Frost & Sullivan, 2001
Middleware
12%
Voice-Scan
4%
Finger-Scan
49%
Privacy Concern: Minutiae Extraction
Fingerprints cannot be reproduced from minutiae template
Areas of Biometrics Application
•
•
•
•
•
•
•
Physical access control
Data access security
Time and attendance
ID theft prevention
Privacy protection
Fraud reduction
Cost-effective and high security
Types of Fingerprint Sensor
• Semiconductor
– Capacitive
– Thermal
– RF
• Optical
– Traditional
– SEIR
• Thin Film Technology
Semiconductor Sensors
Semiconductor FP Sensor
• Small and low profile
• Cost - expensive at low volume and
large sensing area
• Physical and electrical Unstable
• Vulnerable to EDS
• Metal discharge pathway
• Surface coating required
• Low tolerance to abuse
Types of Fingerprint Sensor
• Semiconductor
– Capacitive
– Thermal
– RF
• Optical
– Traditional
– SEIR
• Thin Film Technology
Traditional Optical Sensor
Traditional Optical FP Sensor
•
•
•
•
•
•
•
•
Plastic platen with soft coating
Nonlinear distortion
Low contrast image
Stray light interference
High power consumption
Assembly required mirror for compensation
Integration relatively difficult
Production- labor intensive
Types of Fingerprint Sensor
• Semiconductor
– Capacitive
– Thermal
– RF
• Optical
– Traditional
– SEIR
• Thin Film Technology
New Generation Optical FP Sensors
• SEIR: Surface Enhanced Irregular Reflection- a break
through optical finger-scanning technology
• High contrast and virtually distortion-free image
• High performance for extreme skin condition
• Scratch-proof surface with robust and compact housing
• Low power consumption
• Integration relatively easy
• Mass production capable at low cost
EyeD Mouse
TM
 Award-winning world’s first biometric mouse
 Most ergonomic & durable fingerprint sensor
 State-of-the-art fingerprint matching algorithm
 Matching software: SecuDesktop, SecuIBAS
(Features: logon, File En/Decryption, Screen Saver)
SecuGen PC Peripherals
How to Select a Fingerprint Biometrics?
•
•
•
•
•
•
•
User friendliness
Durability
Cost
Size
Ease of integration
Choice of application products
Third-party SW support
Stand-alone Finger-Scan Module
Building Access Control
 Time & Attendance
 Vehicle Control
 Door-lock System
 Point of Sale
 Safe and Gun control Box
 Supported protocols:
Wiegand, RS232 and RS485

Biometrics Overview
Biometrics Applications
Financial Sector
Point of Sale
ATM
Online Banking
Immigration
Passport Control
Border Control
Public Sector
National ID
Correctional Facility
AFIS
DMV
Computer Security
Access Control
Network Security
e-Commerce
Medical
Medical Records Mgt
HIPAA Compliance
Social Service
Social Security
Welfare Payment
Missing Child
Telecommunication
Mobile Phone
Call Center
Internet Phone
Facility and Attendance
Door Lock
Time-Attendance
Aviation & Travel
Access Control
Ticket-less Travel
Anti-terrorist security
Biometrics for Healthcare
Electronic Medical Records
• Automatic encounter documentation
• Electronic transaction processing
• Online PDA easy data entry
• Work flow management
•Transcriptions
Patients
Website Access
• Clinical and Account Info
• Appointments and Messages
• Personalized Health Info
Provider’s
Automated Office
Financial Management
Health Plans/IPA
•Claims, Eligibility, Authorization,
•Formulary, Regulations, Contracts,
•Connectivity
• Charge capture at the point of encounter
• Claims processing and billing
• Accounts Receivable
• Eligibility & Authorizations
• Managed Care
Biometrics Application
•
•
•
•
•
•
•
•
•
•
•
Physical Access Control
Time and Attendance
PC/Enterprise/Network Security
Internet & e-Commerce
B2B Transactions
Financial: on-line banking, ATM
Medical information system
Distant Learning
e-Publishing
Smart card/Digital Certificate
Any password-based application
Distant Learning
•
•
•
•
•
Physical Access Control
Time and Attendance
PC/Network Security/IT
Student registration/verification
On-line testing
Healthcare
•
•
•
•
•
•
•
•
•
Physical Access Control
Time and Attendance
PC/Network Security/IT
Patient registration and Identification
e-Claim processing
EMR
Document Management
HIPAA Compliance
Privacy Protection
Benefits of Biometrics Implementation
•
•
•
•
•
•
•
•
•
Maximize network security
Ensure users’ privacy
Protect institution physical assets
Provide user authentication
Allow non-repudiable transaction
Deter hackers and ID fraud
Eliminate password frustration
Cut IT cost in password maintenance
Increase corporation image, productivity and
profitability
Configuration
PSTN / ISDN / ADSL
CORPORATE HEADQUARTERS
Mobile & Remote Warriors
Customers
Hospital
PSTN / ISDN / ADSL
University Bank
Trading
INTERNET
Home Worker
Firewall
Groupware
Branch Office
SNA Leased Line
Web Server
SecuIBAS Server
Supply Chain or Factory
SecuGen Biometric Authentication
SecuIBAS Web Server Software
 Takes only one day to integrate into
your system.
 Supports various operating systems
and databases.
•
•
•
•
Windows 2000/NT
Solaris
Linux
Unix
SecuGen Biometric Authentication
SecuIBAS Server Software
 Takes only one day to install.
 Supports various operating
systems and databases.
•
•
•
•
Windows 2000/NT
Solaris
Linux
Unix
SecuGen Biometric Authentication
SecuIBAS Client Pack
 USB plug & play mouse or other sensor
 Windows device driver
 Supports Internet Explorer & Netscape
EyeD Mouse
TM
 Award-winning world’s first biometric mouse
 Most ergonomic & durable fingerprint sensor
 State-of-the-art fingerprint matching algorithm
 Matching software : SecuDesktop, iBAS
(logon, File En/Decryption, Screen Saver)