Biometrics 101
-
Upload
nathaniel-glenn -
Category
Documents
-
view
40 -
download
3
description
Transcript of Biometrics 101
Biometrics101
You are the Key
A Need for Better Security
• One person can have a greater negative impact on society than ever before.
• More individuals have more diverse items and data to secure than ever before.
Society is Demanding
We want access to our
Money
Data
Communication Channels
We want it to be
Convenient
Easy Access
• ATM’s in Gas Stations
• Growing Wireless Internet Access
• Cellular Phone Service
Easy Access
You have the ability to access your services and money from anywhere.
So Does Everyone Else.
Proof of Identity
To be effectiveit must be
Convenient
Current Authentication Methods
What you HaveSometimes called a “Token”
– XON Card– Car or House Keys– Photo ID*
What You Know
– Lock Combination– PIN (Personal ID Number)– Password
Current Authentication Methods
“12-31-7” “Ro$ebuD254”
“7-3-6-9”
Combining MethodsATM Card + PIN
House Key + Home Address
8-7-6-5
Weaknesses and Vulnerabilities
Tokens – What You Have
• Token can be lost or stolen.
• Cards can be swiped or cloned.– Restaurants– Stores– Internet
Weaknesses and Vulnerabilities
Passwords and PINS – What You Know
• Passwords can be forgotten.
• Users can be “shoulder surfed”.
• Weak passwords can be guessed.
• Strong passwords are often written down.
Ro$ebuD25
4
Biometrics is the Oldest Form of Identification.
Simplest Form:
“Let me see your face”.
Who You Are
• Current Methods– Photo ID*
• Driver’s License• Kent ID
– Currently a person has to make the comparison between the Photo ID and your face.
A Human Must Recognize You.
Getting Answers
• Identification– “Who are you?”
• Authentication or Verification– “Are you who you claim to be?”
Manual Biometric System
The current system has some vulnerabilities.
The Problem
• The subject who needs to prove identity has complete access to the identifying device.
• Close examination will reveal many forged ID’s, but you are dealing with variables known as human beings.
The Human Factor
• People are the biggest security risk.
• Confirmation of ID is usually a repetitive task, one that can allow for mistakes or intentional failures to occur
• Social Engineering– People can be manipulated.
• The Art of Deception ~ Kevin D. Mitnick
Biometrics
From the Greek
Bios = “Life”
Metron = “Measurement”
Authentication and Identification are basedon the automated measurement and comparison of the biological factors
that are unique to an individual.
A Few Terms…
• Test Template – a.k.a. Enrollment Sample– Digitized file (usually encrypted ) that contains
biometric data.
• Enrollment – The process that creates the Test Template when the
new subject is added to the system.
A Few Terms…
• Challenge Sample– The object or information presented for comparison to
the Test Template to gain access.
• Sensor– Device used to capture the biometric data at both the
enrollment and challenge stages.
Sample Examples
Test
Template
• Door Lock• Password File• Driver’s License
Challenge
Sample
• House Key• Password• Your Face
Current Biometric Systems
• Fingerprint
• Facial Geometry
• Iris Scan
• Vein Pattern Identification– Hand/Wrist/Face– Retina
Finger Print• One of the first biometrics methods.
– Patented by Randall Fowler, the founder of “Identix” in 1978.
• Test template describes geometries of the finger print. These details are called “minutia”.
Finger Print Minutia
A template usually contains several types of minutia and records how they relate to each other. The actual print image is usually NOT saved for low security applications such as company time clocks or home systems.
Fingerprint Advantages
• Fingerprints are easy to use.
• Most systems require little space.
• Test templates can be made from finger print cards.
• Fingerprints stay consistent throughout life.
• System is as inexpensive as $50.00 at Wal-Mart.
Fingerprint Disadvantages
• Users may have concerns regarding touching a sensor touched by other people.
• An individual’s age and occupation may cause some sensors difficulty in capturing a complete and accurate image.
• Users may have religious concerns.
Facial Geometry• Compares measurements of various facial
landmarks such as the distance from nose to chin, distance between the eyes
• A functional test template can be generated from a photograph
• Currently used in airports to identify terrorists and other “Persons of Interest”
• 2001 Super Bowl
Super Bowl XXXV
• Baltimore Ravens Vs. New York Giants• Baltimore won the game 34–7• 19 individuals with outstanding warrants
were identified by a face recognition system from over 100,000 other individuals.
• Tampa Police and ACLU Court Battle.• Tampa Police currently use a facial
recognition system in the downtown area.
Facial Geometry Advantages
• No contact required
• Sensors are high quality video cameras
• With a telephoto lens the camera can be a distance from the subject
• Can be used without the subject’s knowledge
• Test Template can be made from a photo– Drivers License photos are now stored with
the rest of your DMV data
Facial Geometry Disadvantages
• Sensitive to changes in lighting, expression, and facial position
• Faces change over time
• Face can be obscured by hats, hair, etc.
Iris Scan
• Records the unique pattern and colors that make up the area surrounding the pupil
Iris Scan Advantages
• No contact with sensor required
• Protected organ less prone to injury and scarring
• Believed to be highly stable over lifetime
• As unique as a fingerprint
Iris Scan Disadvantages
• Public concerns related to scanning the eye with a light source
• Acquisition of an iris image requires more training and skill than most biometrics
• Can be affected by contact lenses
Vein Pattern Identification
• This technology uses a combination of thermal imaging and visible light scanning.
• Various body areas can be used to create the test template. Face, hands, and retina are common sources for biometric data.
Vein Pattern Advantages
• Considered as unique as finger prints
• Easy to implement a robust liveliness aspect to the sensor
• Fewer of the biological limitations associated with fingerprints
Vein Pattern Disadvantages
• Use of this method requires some training.• This is believed to
be stable over adultlifespan, but changes occur as children grow.
• Scanning device takes up a larger space than other biometric sensors.
Liveliness
• Liveliness systems detect the signs of a living biometric sample.
No Life - No Access.
• Pulse, temperature, and moisture are some of the aspects that are detected.
Liveliness
• This aspect authenticates the Challenge Sample.
• Public awareness of liveliness requirements protects users.– 2005 Malaysia, Mercedes owner lost finger to
car thieves.
Challenge Sample Processing
• Challenge Sample is collected.• Tests for liveliness, if available, are done. • Challenge Sample is then compared to the
enrollment test template.• Some variance is expected.
– A true “perfect match” can cause a system to disallow access.
• If the match score is above the threshold, access is granted.
A Few More Terms…
• Threshold– Level required for an acceptable match
• Higher threshold requires a better match score.• Lower threshold requires a lower match score.
A Few More Terms…
• False Rejection– System denies access when Test Template
and Challenge Sample that SHOULD match do not, due to:
• Bad challenge sample• Sensor problem• Match criteria requirement too high• Inconvenient
A Few More Terms…
• False Acceptance– System allows access when Test Template
and Challenge Sample that should NOT match do, due to:
• User’s defeat of the system• Match criteria requirement too low• System malfunction
Additional Security
• Implementing a PIN or Token with a biometric system is common.
• Recorded video surveillance: full-time or event-triggered by a failed challenge
• Duress systems
• Mantraps
Duress Systems
• Those desperate for access might try to steal the biometric key, that is - You!
• Implemented to keep the biometric key, also know as a person, safe while maintaining security.
Duress Systems
• Allows access but also set off alarms or initializes other countermeasures.– Right index finger lets you in.– Right middle finger lets you in and
calls for help.– Right ring finger lets
you in, calls for help, and locks down more sensitive areas ofthe building.
Mantraps• Usually used in very high security areas
• Can be combined with duress systems
• One at a time through the trap
• Contains subjects who have failed the security challenge
Mantraps• This system uses an open format to allow
security personal to identify the person in the trap; these are usually used to control access inside of a facility.
Systems in Development
• Body Odor Identification– An Electronic Nose
• Body Salinity Identification– Exploits natural level of salt
in the body.
Resources
www.personal.kent.edu/~kstates/index.htm
Biometrics
You are the Key