Transcript Zachary Olson and Yukari Hagio CIS 4360 Computer Security November 19, 2008

Zachary Olson and Yukari Hagio
CIS 4360 Computer Security
November 19, 2008
A definition
 Biometrics is a branch of computer security centering
on authenticating a person’s identity based on some
physiological or behavioral characteristic unique to
that person
 Authentication system: verifies the identity of a user
before allowing them access to the internal system
Stages of Operation
 Enrollment
 Biometric data is collected for a known identity
 Reference template is created and stored
 Authentication
 Identification: comparison of biometric data to all
available data files in a database
 Verification: comparison of biometric data to previously
stored version
A Better Approach to Security…
 Biometrics is seen as more secure than traditional
methods:
 Biometrics vs. Passwords
 Biometrics vs. Tokens
Types of Biometric Authentication
 Fingerprints
 Retina / Iris Scans
 Facial Recognition
 Hand Recognition
 DNA Matching
 Keystroke Recognition
Fingerprints
 Ridges vs. Valleys
 Scanning Mechanisms
 Optical Scanner
 Capacitance Scanner
Fingerprints (contd.)
 Analyzing a Fingerprint - Minutiae
Retina Scans
 Small surface
 Detailed Scan
 Slow scan and compare
procedure
Iris Scans
 More than 250 unique spots
 Compares trabecular meshwork of the iris
 Fast scans
 Requires a human eye
Facial Recognition
 Uses a video image to look at distances between
features and overall structure
 Requires a human face
 Difficulties in finding the features in images
Hand Recognition
 Hand geometry not as unique as fingerprints
 Uses hand features and measurements increases
uniqueness
 Measures up to 90 different points on the hand
including characteristics of the finger and features on
the skin
 Seen as less invasive than fingerprints
DNA Matching
 Comparison of a sample of a user’s DNA with a stored
sample of the real person’s DNA
 DNA is readily available to collect
 Comparison process is slow and not completely
automated
Keystroke Recognition
 Uses rhythm and manner in which characters are
typed into a keyboard
 Typing characteristics are unique to individuals
 Indicators
 Speed in words per minute
 Delays
 Specific sequences of characters
 Typing errors
 Seek time and hold time
Issues / Concerns
 Data Storage
 Accuracy
 Physical Danger
 Privacy
Data Storage
 Permanence of Biometric data
 Re-issue is not possible
 Biometric data theft is permanent
 Possible solution: decentralization of data storage
 Store part of each record in the central database and the
rest on a smart card with the individual user
 Complete records become inaccessible to hackers
Accuracy
 No perfect matches in biometrics
 Acceptance range of comparison algorithms
 Types of errors
 False positives: accepting wrong identity
 False negatives: rejecting correct identity
 Algorithm cut-off level is a compromise between the
two error types
Physical Danger
 Thieves might target property owners to bypass
biometric security measures
 Example: in 2005, car thieves in Malaysia cut off a
man’s finger to bypass the fingerprint reader on his
Mercedes Benz S Class
Privacy
 Questions
 Should organizations or individuals control biometric
information?
 Can biometric information be used without individual
consent?
 Can law enforcement agencies demand biometric data
from individuals for forensic purposes?
 Answers
 ISO 17799
 Department of Health, Education, and Welfare
Examples of Biometrics Usage
 Governments worldwide use biometrics for passports
and airport security.
 Police agencies use fingerprints and DNA for
identification and forensics.
 Financial institutions use palm/finger vein
authentication to secure ATMs.
 Companies use biometrics to keep time records, secure
locations and improve user convenience.
The Future of Biometrics
 September 11, 2001 resulted in unprecedented growth
for the large-scale deployment of biometrics.
 Biometrics is being incorporated into national
passports worldwide.
 Because of its advantages over traditional
authentication methods, biometrics will continue to
helm the endeavor for increased computer security.
References














http://www.raysmallopt.co.uk/images/retinal-scan.gif
http://img.dailymail.co.uk/i/pix/2008/05_03/FaceRecogL_468x352.jpg
http://peninsulatime.com/hk2hand.gif
http://www.csb.yale.edu/userguides/graphics/ribbons/help/dna_rgb.gif
http://www.nlc.bc.ca/files/photos/newsreleases/241_webcsiprint.jpg
http://www.core77.com/blog/images/about-biometrics.jpg
http://img100.imageshack.us/img100/7820/imousepo7.jpg
http://www.engadget.com/media/2006/03/palmsecure.jpg
http://www.popsofa.com/wp-content/uploads/2007/12/smartscan-biometric-keyless-entrysystem.JPG
http://www.avinashilingam.edu/images/biometric.jpg
http://aftermathnews.files.wordpress.com/2007/11/pay_by_touch.jpg
http://www.biometrics.org/introduction.php
http://en.wikipedia.org/wiki/Biometrics
http://www.biometrics.dod.mil/Bio101/1.aspx
http://computer.howstuffworks.com/fingerprint-scanner1.htm
References (contd.)










http://www.aimglobal.org/technologies/biometrics/biometric_retinalscan.asp
http://www.globalsecurity.org/security/systems/biometrics-eye_scan.htm
http://ctl.ncsc.dni.us/biomet%20web/BMIris.html
http://ctl.ncsc.dni.us/biomet%20web/BMFacial.html
www.rand.org/pubs/documented_briefings/DB396/DB396.pdf
http://www.cse.msu.edu/~cse891/Sect601/CaseStudy/DNABiometricIdentifier.pdf
Langenderfer, J. & Linnhoff, S. (2005). The Emergence of Biometrics and Its Effect on Consumers. The
Journal of Consumer Affairs, 39, 314-38. Retrieved 9 November 2008 from H.W. Wilson database.
Barton, B., Byciuk, S., & Harris, C. (2005). The Emerging Cyber-Risks of Biometrics. Risk
Management, 52, 26-8, 30-1. Retrieved 6 November 2008 from H.W. Wilson database.
Gates, K. (2006). Biometrics and Access Control in the Digital Age. NACLA Report on the Americas,
39, 35-40. Retrieved 12 November 2008 from H.W. Wilson database.
http://www.duke.edu/~rob/kerberos/authvauth.html