BIOMETRIC AND NETWORK AUTHENTICATION
Download
Report
Transcript BIOMETRIC AND NETWORK AUTHENTICATION
BIOMETRICS AND NETWORK
AUTHENTICATION
Security Innovators
Identification Methods
Traditional identification
Something that you have
Something that you know
Entrance permit, key
User-id and password, PIN
Problems
Unauthorized person takes control of these
traditional identification
Difficult to remember password and PIN
Secure Authentication
In a PKI world:
Cryptographic key pair (private and public
key)
If someone gains access to the password
that secures the cryptographic keys, he
also gains access to every cryptographically
protected application.
Solution
Something that you are
Biometric
What is Biometrics?
Biometric technology uses a physical or
psychological trait for identification and
authentication
Key properties:
Universal - common characteristic
Unique - no two persons is the same in term of
characteristic
Permanent - time invariant
Collectable - quantitatively measurable
Why Biometrics?
Enhance security
Convenient
"Who you claim to be"
NOT "what you know"
Fast, easy-to-use, reliable, and less expensive
authentication
Avoid
Lost, stolen, duplicated, or left at home
Forgotten, shared, or observed
How Does Biometrics Work?
•Compression
•Encryption
•Transmission
•Decryption
•Decompress
•Signal processing
•Minutia extraction
•Representation
•Template generation
If Match…
Smart card data converted into a number
Used as a symmetric cryptographic key to decrypt
the private key
A nonce passed from the computer
application to smart card
Private key on smart card encrypted nonce.
The application verifies:
certified public key obtained from the networkbased directory service
decrypt the encrypted message from the card
Types of Biometrics
Fingerprint
Face Pattern
Voice Pattern
Retina Identification
Hand
DNA
Signature
Etc…
Fingerprint
Reasons to use
Possible Attack
100 to 600 bytes of data size can easily be fitted
into the smart cards
It cannot be easily reproduced from the templates
Surgery to alter print
Latex finger
Solution
Monitor pulse, sweat, temperature and more
Best solution: Measure the amount of oxygenated
hemoglobin in the blood
Fingerprint Matching Algorithm
Three types of minutia features:
Ridge Ending, Bifurcation, and Short Ridge
mi = (type, xi, yi, θi, W)
where
mi is the minutia vector
type is the type of feature (ridge ending, bifurcation, short ridge)
xi is the x-coordinate of the location
yi is the y-coordinate of the location
θi is the angle of orientation of the minutia
W is a weight based on the quality of the image at that location
Face Pattern
Face recognition algorithms create a
numerical code from facial measurements
called “face print”
Possible Attack
Surgery
Artificial mask
If only 2-D scan,
duplication of photo
Protection
3-D images from varies
viewing angle
Retina Identification
Based on the unique configuration of
blood vessels 360 degree circular scan
in the retina
Most accurate
Possible attack
Surgery
prosthetic eye
Eye Scan
Voice Pattern
Automatic speaker recognition and
verification system
Possible attack
DAT voice recording
Sound-alike voice
How Biometrics Applies to
Network Security?
Authentication
Biometrics technology replace Username and Password
Can be used on
Workstation and network access
Single sign-on
Application logon
Data Protection
Remote access to resources
Transaction security
Web security
Encrypt sensitive data transmitted over the internet
Biometric Authentication for
J2EE Architecture
Issues and Concerns
Accuracy
False acceptance rate (FAR) and False Rejection
Rate (FRR)
Tradeoff between security and convenience
Stability
Suitability
Difficulty of usage
Availability
Comparison failure
Summary
Biometric is one more layer on top of
PIN, physical token, and it makes them
more secure
Highest level of security is the
combination of:
Something you know
Something you have
Something you are
Reference
[1] David Corcoran, "Smart Cards and Biometrics:
Your Key to PKI”
[2] Paul Reid, “Biometrics for Network Security,”
Prentice Hall PTR, December 30, 2003.
[3] “Smart Cards and Biometrics in Privacy-Sensitive
Secure Personal Identification Systems,” A Smart
Card Alliance White Paper, May 2002.
[4] Anil Jain, “BIOMETRICS Personal Identification in
Networked Society,” Kluwer Academic Publishers,
2002