Biometric Authentication in a Wireless Environment Alex Kotlarchyk Florida Atlantic University

Download Report

Transcript Biometric Authentication in a Wireless Environment Alex Kotlarchyk Florida Atlantic University 

Biometric Authentication in a
Wireless Environment
Alex Kotlarchyk
Florida Atlantic University
5/20/2016
1
Goals
Biometric protocols suitable for a
wireless networked environment
 Secure system/network access via
biometric authentication
 Secure wireless transmission of
biometric data

5/20/2016
2
Why Wireless Biometrics?

Combination of two rapidly growing
technologies
1. Biometric systems for verification and
identification
• Homeland Security
2. Wireless systems for mobility
• Over 1 trillion wireless phone min. in US,
2004

Common advantage is convenience
5/20/2016
3
Current Examples of Biometric
Deployments

Eastern Financial’s Boca Mission Bay branch
– Handprint scan to unlock the door to safe deposit boxes

Statue of Liberty
– Fingerprint scan to access lockers

Nine Zero hotel in Boston
– Iris scan for entrance to $3,000-a-night suite

Piggly-Wiggly grocery stores
– Testing pay-by-fingerprint system

Bank of Tokyo-Mitsubishi
– Credit cards w/ embedded vein-pattern information
5/20/2016
4
Human authentication

Types of human authentication
– What you know (secret)
• Password, PIN, mother’s maiden name
– What you have (token)
• ATM card, smart card
– What you are (biometric)
• Stable: fingerprint, face, iris
• Alterable: voice, keystroke
– Where you are (authorization?)
• Wireless
5/20/2016
5
Suitability of Biometrics

Paradox of secure biometrics
– A biometric is stable and distinctive. This is
good for identification.
– However, something unique can never be
changed. This is not so good for verification if
the biometric is compromised.
– Furthermore, a biometric is not a secret, so it
can be found and copied. This is bad.
– So, are stability and uniqueness not good after
all?
5/20/2016
6
Keyspace

Number of possible codewords (CW)
– Token
• 12-digit: CW = 10^12 CWs
– Password
• Full 62 ASCII alphanumeric chars used randomly in an 8char password = over 10^14 CWs
• Most actual users selection ≈ 10^6 CWs, so in practice, the
12-digit token is more secure
– Biometrics (2001 technology, may change)
• ≈ inverse of FAR
–
–
–
–
5/20/2016
Iris ≈ 10^6 CWs
Fingerprint ≈ 10^4 CWs
Voice ≈ 10^3 CWs
Face ≈ 10 → 100 CWs
7
Increasing Keyspace

Combined authentication to increase
keyspace
– Multibiometric authentication
• More than one biometric
– Combine standard biometrics (e.g. face and fingerprint
(multimodal), or multiple fingerprints)
– Combine standard biometric with “soft” biometric
• Soft biometric = gender, height, race, eye color,
etc.
– Multifactor authentication
• More than one authentication type
– Combine biometric w/ password or token
5/20/2016
8
5/20/2016
9
Source: Technology Review, June 2004
Biometric Advantages

Convenience
– Can’t be lost (in general)
– Can’t be forgotten
Can’t be loaned
Mostly unique (matching may not be)
Perceived strong non-repudiation
Does not change significantly (in general)
(Ident.)
 Both verification and identification
applications




5/20/2016
10
Biometric Disadvantages








Ability to authenticate dependent on
technology (FAR, FRR)
Personal data, but not secret/secured data
Easy to copy raw data
Cost of technology
Non-revocable
Cannot change if compromised (Ver.)
Inexact matching (variable presentation)
Social acceptance
5/20/2016
11
Biometric Authentication System
5/20/2016
12
Source: Podio, NIST
Template Size
5/20/2016
13
Wireless Biometric System Security

Security issues
– Biometric authentication to ensure secure
access to the system/network
• In other words, wireless system access security
– Wireless message authentication to ensure
secure transmission of biometric data
• In other words, personal information security and
privacy across the wireless network
– Physical security
• Devices, computers, transmitters/receivers, etc.
5/20/2016
14
Biometric Authentication Threats
5/20/2016
15
Defense of Biometric System

Capture device presented with ‘false’
biometric
– e.g. fake finger, short video, high-res
color iris image, latent image
– Use biometric ‘in addition’ not ‘instead
of’ (multi-verification)
– Vitality sensor, 3-D confirmation
5/20/2016
16
Defense of Biometric System
(continued)

Modification of capture device
– Only a problem if capture and template
generation (and maybe matching) are done on
the device (trusted biometric device)
– Tightly integrate capture mechanism with
processing hardware
– Ruggedize device
– Display physical sign of tampering
– Inactivate if tampered (TILT!)
– Encryption of template
5/20/2016
17
Defense of Biometric System
(continued)

Remainder are network security or
template database security issues
– Wireless network security will be
discussed
– Database security is beyond the scope
of this presentation
– Don’t forget OS security
5/20/2016
18
Biometric Cryptography
Use of biometric data for encryption
& decryption
 “fuzzy” commitment, vault – Ari
Juels, RSA Labs

5/20/2016
19
Biometric Cryptography (example)
01010 10101
00000 11111
Enroll
Template
(Encrypt) (key)
Password
(hashed)
Within
Threshold?
E(h(Pwd)) “stored”
compare
10000 10111
Hamming
Distance = 2
5/20/2016
01010 01010
Template
“live”
(key)
11010 11101
Verify
(Decrypt)
20
Biometrics Standards


Common Biometric Exchange File Format (CBEFF)
ANSI-NIST-ITL-2000
–
–


American Association for Motor Vehicle Administration (AAMVA) DL/ID
2000
FBI
–
–


Originally developed for financial industry; uses CBEFF
APIs
–
–

Wavelet Scalar Quantization (WSQ) – fingerprint image (de)compression
Electronic Fingerprint Transmission Standard (EFTS)
Intel Common Data Security Architecture (CDSA)
ANSI X9.84 – Biometric data security (life cycle)
–

Data exchange & quality
Criminal identification
Open: BioAPI, Java Card Biometric API; uses CBEFF
Proprietary: BAPI
…what is Microsoft planning?
XCBF
–
–
5/20/2016
XML Common Biometric Format from OASIS; uses CBEFF
Mechanisms for secure transmission, storage, integrity, & privacy of biometrics
21
Biometric Standards

Recently from NIST…
– Biometric Data Specification for Personal
Identity Verification (PIV)
• January 24, 2005 (Draft)
• New standards governing interoperable use of
identity credentials to allow physical and logical
access to federal government locations and systems
– Technical and formatting requirements for biometric
credentials
– Restricts values and practices for fingerprints and
facial images
– Geared toward FBI background checks and formatting
data for a PIV card
– CBEFF and BioAPI compliant
5/20/2016
22
CBEFF - Overview





Framework for sharing raw or template
data
Supports encryption & digital signature
for security
File = SBH (header) + BSMB (data) + SB
(signature)
Patrons identify the data format
Approved interchange formats
– Finger Minutiae, Finger Pattern, Finger Image,
Face Recognition, Iris, Signature/Sign, Hand
Geometry
5/20/2016
23
CBEFF Patron Formats

Format A – The CBEFF Data Structure
– Patron: CBEFF
– Small embedded or legacy systems, limited storage
– No data exchange between systems

Format B – The BioAPI Specification Biometric Identification
Record (BIR) Format
– Patron: BioAPI Consortium
– BioAPI compliant systems
– Client / server data exchange

Format C – ANSI X9.84 Biometric Object
– Patron: ANSI Subcommittee X9, Working Group F4
– Large systems
– Data exchange in a secure manner with authentication

Format D – Biometric Information Data Objects for Use Within
Smart Cards or Other Tokens (recent)… e.g. Java Card
5/20/2016
24
Wireless Advantages


Mobility
Flexibility
– Easier to relocate and configure
– More scalable

Cost
– No cost due to physical barriers, private property.

Productivity
– More opportunity to connect

Aesthetics
– No clutter from wires

Robustness
– Less physical infrastructure to damage and repair
5/20/2016
25
Wireless Disadvantages

Lower channel capacity
– Limited spectrum available
– Power restrictions
– Noise levels

Noise and interference
 Frequency allocation
– U.S. – FCC

Greater security concern
– Information traveling in free space
5/20/2016
26
Wireless Protocols

Network domains
– Broadband
• IEEE 802.16, Worldwide Interoperability for Microwave Access (WiMAX) –
framework, not single system or class of service
– Cellular networks
• Global System for Mobile communication (GSM)
• Universal Mobile Telecommunications System (UMTS =WCDMA)
– Cordless systems
• Time Division Multiple Access (TDMA)
• Time Division Duplex (TDD)
– Mobile Internet Protocol (Mobile IP)
– Wireless Local Area Network (WLAN)
• IEEE 802.11 (Wi-Fi) a,b,g
(n … not yet ratified)
– Wireless Personal Area Network (WPAN)
• IrDA, Bluetooth, ultra wideband, wireless USB
– Home Automation (narrow band)
• Infineon, ZigBee, Z-Wave
5/20/2016
27
Wireless Protocol Comparison
5/20/2016
28
Source: PC Magazine, March 22, 2004
Security and Protocols

Security domains
– Application security
• Wireless Application Protocol (WAP)
– Uses Wireless Transport Layer Security (WTLS)
• Current Class 2 devices based on IETF SSL/TLS
• Future Class 3 devices will use a WAP Identity Module (WIM)
• Web services
– Simple Object Access Protocol (SOAP) – toolkits available for Java & .NET
• Operating system security (Java run-time, Palm OS, Microsoft Windows CE)
– Device security (PINs, pass-phrases, biometrics)
– Security of wireless protocols
• IEEE 802.11 (Wi-Fi)
– Wireless Encryption Protocol (WEP)… weak and flawed
– Wi-Fi Protected Access (WPA). Uses Temporal Key Integrity Protocol (TKIP)
• IEEE 802.11i – Wireless Security spec. (WPA, AES, FIPS 140-2 compliant)
– Authentication security
• Remote Authentication Dial In User Service (RADIUS)
• Kerberos
• SSL
5/20/2016
29
Network Encryption

Secure Shell (SSH)
– Application Layer
– Secure remote connection replacement for telnet, rlogin,
rsh

Secure Socket Layer (SSL)
– Transport Layer Security (TLS)
– Uses TCP & has specific port numbers
– Main use is HTTPS (port 443)

Internet Protocol Security (IPSec)
– Network Layer
– Includes a key management protocol
– Included in IPv6
5/20/2016
30
Network System Architecture

Where does authentication happen?
– Device
• Data not externally transmitted
– Local Computer
• Data transmitted between device(s) and PC (WPAN)
– LAN-Connected Computer
• Data transmitted locally (WLAN)
– Remote Computer
• Data transmitted remotely (WWAN)
– Application dependent
• Data transmitted between capture device and database
• Database template storage requirement = template size *
number of templates
5/20/2016
31
Avenues of Attack
= wireless
LAN- connected Computer
Local Computer
LAN
Remote Computer
Capture
Device
5/20/2016
WAN
32
Wireless Security Issues

Denial of Service (DoS)
– Jamming…Use Spread Spectrum (DSSS, FHSS) technology
– As a device battery attack, i.e., more processing = more battery usage

Eavesdropping
– Signal is in the open air (war dialing)

Theft or loss of device
– Due to size, portability, and utility

Dependency on public-shared infrastructure
– What security is in place?

Masquerading
– Rogue clients pretend to be legitimate endpoint
– Rogue access points trick clients to logging in

Malware
– Worms (Cabir) and Viruses (Timfonica, Phage) on wireless devices
– Use Antivirus software
5/20/2016
33
Wireless Security Paradox
We use wireless devices for
convenience
 Security measures often decrease
convenience and performance
 Result: Security features are often
disabled or given lower priority

5/20/2016
34
System Design Considerations

Verification
–
–
–
–
–

Identification
–
–
–
–
–

Are you who you claim to be (or are supposed to be)?
1:1 matching
Usually consensual
Typically smaller template databases
Authorization (computer, network, building)
Who are you?
1:n matching
Often no explicit consent or awareness
Typically larger template databases
Surveillance (homeland and border security), forensics, criminal
investigation (AFIS)
Why not both?
– i.e. You are not who you say you are, so who are you?
5/20/2016
35
Scenario: Biometrics at the Airport

Workforce security
– Biometric authentication
• Identify all employees who require restricted area access
• ID card encoded to protect data
• Biometric scanning devices networked at access control points to
permit/deny access

Facility integrity
– Employees w/ vehicle access must be authenticated via biometrics
– Access control within aircraft
• Biometric devices for authorized personnel to access sensitive areas within
aircraft

Communications infrastructure
– Networked biometric scanning stations

Passenger security
– Authenticate passengers with passports or ID cards containing
encoded biometrics
– Identify suspicious or unknown people with biometric surveillance
5/20/2016
36
Putting it Together

How do we maximize advantages and
minimize disadvantages when a
biometric system is combined with a
wireless system for an optimal
wireless biometric system?
5/20/2016
37
Future Research

Pattern for “fuzzy” matching?
– Biometrics, digital watermarks, IDS, search
engines

Biometric cryptography
– Biometric key generation
• Fuzzy matching methodologies
• Embedding biometric keys within wireless protocols
– X.509 certificates
– Protocol payload area
– Protocol header (authentication) area
• Use coefficients? (polynomial, elliptic curve)
5/20/2016
38