Zachary Olson and Yukari Hagio CIS 4360 Computer Security November 19, 2008
Download
Report
Transcript Zachary Olson and Yukari Hagio CIS 4360 Computer Security November 19, 2008
Zachary Olson and Yukari Hagio
CIS 4360 Computer Security
November 19, 2008
A definition
Biometrics is a branch of computer security centering
on authenticating a person’s identity based on some
physiological or behavioral characteristic unique to
that person
Authentication system: verifies the identity of a user
before allowing them access to the internal system
Stages of Operation
Enrollment
Biometric data is collected for a known identity
Reference template is created and stored
Authentication
Identification: comparison of biometric data to all
available data files in a database
Verification: comparison of biometric data to previously
stored version
A Better Approach to Security…
Biometrics is seen as more secure than traditional
methods:
Biometrics vs. Passwords
Biometrics vs. Tokens
Types of Biometric Authentication
Fingerprints
Retina / Iris Scans
Facial Recognition
Hand Recognition
DNA Matching
Keystroke Recognition
Fingerprints
Ridges vs. Valleys
Scanning Mechanisms
Optical Scanner
Capacitance Scanner
Fingerprints (contd.)
Analyzing a Fingerprint - Minutiae
Retina Scans
Small surface
Detailed Scan
Slow scan and compare
procedure
Iris Scans
More than 250 unique spots
Compares trabecular meshwork of the iris
Fast scans
Requires a human eye
Facial Recognition
Uses a video image to look at distances between
features and overall structure
Requires a human face
Difficulties in finding the features in images
Hand Recognition
Hand geometry not as unique as fingerprints
Uses hand features and measurements increases
uniqueness
Measures up to 90 different points on the hand
including characteristics of the finger and features on
the skin
Seen as less invasive than fingerprints
DNA Matching
Comparison of a sample of a user’s DNA with a stored
sample of the real person’s DNA
DNA is readily available to collect
Comparison process is slow and not completely
automated
Keystroke Recognition
Uses rhythm and manner in which characters are
typed into a keyboard
Typing characteristics are unique to individuals
Indicators
Speed in words per minute
Delays
Specific sequences of characters
Typing errors
Seek time and hold time
Issues / Concerns
Data Storage
Accuracy
Physical Danger
Privacy
Data Storage
Permanence of Biometric data
Re-issue is not possible
Biometric data theft is permanent
Possible solution: decentralization of data storage
Store part of each record in the central database and the
rest on a smart card with the individual user
Complete records become inaccessible to hackers
Accuracy
No perfect matches in biometrics
Acceptance range of comparison algorithms
Types of errors
False positives: accepting wrong identity
False negatives: rejecting correct identity
Algorithm cut-off level is a compromise between the
two error types
Physical Danger
Thieves might target property owners to bypass
biometric security measures
Example: in 2005, car thieves in Malaysia cut off a
man’s finger to bypass the fingerprint reader on his
Mercedes Benz S Class
Privacy
Questions
Should organizations or individuals control biometric
information?
Can biometric information be used without individual
consent?
Can law enforcement agencies demand biometric data
from individuals for forensic purposes?
Answers
ISO 17799
Department of Health, Education, and Welfare
Examples of Biometrics Usage
Governments worldwide use biometrics for passports
and airport security.
Police agencies use fingerprints and DNA for
identification and forensics.
Financial institutions use palm/finger vein
authentication to secure ATMs.
Companies use biometrics to keep time records, secure
locations and improve user convenience.
The Future of Biometrics
September 11, 2001 resulted in unprecedented growth
for the large-scale deployment of biometrics.
Biometrics is being incorporated into national
passports worldwide.
Because of its advantages over traditional
authentication methods, biometrics will continue to
helm the endeavor for increased computer security.
References
http://www.raysmallopt.co.uk/images/retinal-scan.gif
http://img.dailymail.co.uk/i/pix/2008/05_03/FaceRecogL_468x352.jpg
http://peninsulatime.com/hk2hand.gif
http://www.csb.yale.edu/userguides/graphics/ribbons/help/dna_rgb.gif
http://www.nlc.bc.ca/files/photos/newsreleases/241_webcsiprint.jpg
http://www.core77.com/blog/images/about-biometrics.jpg
http://img100.imageshack.us/img100/7820/imousepo7.jpg
http://www.engadget.com/media/2006/03/palmsecure.jpg
http://www.popsofa.com/wp-content/uploads/2007/12/smartscan-biometric-keyless-entrysystem.JPG
http://www.avinashilingam.edu/images/biometric.jpg
http://aftermathnews.files.wordpress.com/2007/11/pay_by_touch.jpg
http://www.biometrics.org/introduction.php
http://en.wikipedia.org/wiki/Biometrics
http://www.biometrics.dod.mil/Bio101/1.aspx
http://computer.howstuffworks.com/fingerprint-scanner1.htm
References (contd.)
http://www.aimglobal.org/technologies/biometrics/biometric_retinalscan.asp
http://www.globalsecurity.org/security/systems/biometrics-eye_scan.htm
http://ctl.ncsc.dni.us/biomet%20web/BMIris.html
http://ctl.ncsc.dni.us/biomet%20web/BMFacial.html
www.rand.org/pubs/documented_briefings/DB396/DB396.pdf
http://www.cse.msu.edu/~cse891/Sect601/CaseStudy/DNABiometricIdentifier.pdf
Langenderfer, J. & Linnhoff, S. (2005). The Emergence of Biometrics and Its Effect on Consumers. The
Journal of Consumer Affairs, 39, 314-38. Retrieved 9 November 2008 from H.W. Wilson database.
Barton, B., Byciuk, S., & Harris, C. (2005). The Emerging Cyber-Risks of Biometrics. Risk
Management, 52, 26-8, 30-1. Retrieved 6 November 2008 from H.W. Wilson database.
Gates, K. (2006). Biometrics and Access Control in the Digital Age. NACLA Report on the Americas,
39, 35-40. Retrieved 12 November 2008 from H.W. Wilson database.
http://www.duke.edu/~rob/kerberos/authvauth.html