Orville Wilson
Transcript of Orville Wilson
-
8/8/2019 Orville Wilson
1/18
Privacy & Identity -Security and Usability:
The viability ofPasswords & Biometrics
-
8/8/2019 Orville Wilson
2/18
Introduction
Name: Orville Wilson
Alumni at DePaul University
Doctoral Student
Currently work for an InformationSecurity and Managed Services firm,
Fortrex Technologies, located inDC/Baltimore area.
-
8/8/2019 Orville Wilson
3/18
Agenda
Statistical Research
Background on Passwords
& Biometrics
Overview of Biometrics
How they work
Strengths, Weakness andUsability of Biometrics
Conclusion
-
8/8/2019 Orville Wilson
4/18
Empirical Data
Yearly cyber crime cost in the US is over$377 million and rising CSI/FBI Study
Federal Trade Commission found thatidentity theft accounted for $48 billion inlosses to business over the past fiveyears
-
8/8/2019 Orville Wilson
5/18
Background on Passwords &
Biometrics Passwords
Ubiquitous Technology Passwords are one of the oldest authentication methods. Many organizations and institutions have used passwords for
computer access since 1963 when Fernando J. Corbato addedprivate codes to the CTSS at MIT
Biometrics First introduced in the 1970s and early 1980s This technology gathers unique physiological or behavioral
attributes of a person for storing it in a database or comparing itwith one already found in a database.
Reason for biometrics include the positive authentication andverification of a person and ensuring confidentiality ofinformation in storage or in transit
-
8/8/2019 Orville Wilson
6/18
Reduces cost withinorganizations
Increases security
Competitive advantage
Convenience to employees
Eliminates a paper trail
Accuracy of Performance
Failure to enroll rate
Information Abuse
May violate privacy
Advantages Disadvantages
-
8/8/2019 Orville Wilson
7/18
Example:Technical working of Fingering scanningdevices
Fingerprint Scanner
Electronic images Token
Security Application
Database
Access or deny
-
8/8/2019 Orville Wilson
8/18
Biometrics
2 Categories of Biometrics
Physiological also known as static biometrics:Biometrics based on data derived from themeasurement of a part of a persons anatomy. Forexample, fingerprints and iris patterns, as well asfacial features, hand geometry and retinal bloodvessels
Behavioral biometrics based on data derived frommeasurement of an action performed by a personand, distinctively, incorporating time as a metric,that is, the measured action. For example, voice(speaker verification)
-
8/8/2019 Orville Wilson
9/18
Biometrics How do they
work? Although biometric technologies
differ, they all work in a similarfashion: The user submits a sample that is
an identifiable, unprocessedimage or recording of thephysiological or behavioralbiometric via an acquisitiondevice (for example, a scanner orcamera)
This biometric is then processedto extract information about
distinctive features to create atrial template or verificationtemplate
Templates are large numbersequences. The trial template isthe users password.
-
8/8/2019 Orville Wilson
10/18
Overview of BiometricsBiometric Acquisition Device Sample Feature Extracted
Iris Infrared-enabled videocamera, PCcamera
Black and white iris image Furrows and striations ofiris
Fingerprint Desktop peripheral, PCcard, mouse chipor readerembedded inkeyboard
Fingerprint image (optical,silicon, ultrasound ortouchless)
Location and direction ofridge endings andbifurcations onfingerprint, minutiae
Voice Microphone, telephone Voice Recording Frequency, cadence andduration of vocalpattern
Signature Signature Tablet,Motion-sensitivestylus
Image of Signature andrecord of relateddynamicsmeasurement
Speed, stroke order,pressure andappearance ofsignature
Face Video Camera, PCcamera, single-
image camera
Facial image (optical orthermal)
Relative position and shapeof nose, position of
cheekbones
Hand Proprietary Wall-mounted unit
3-D image of top and sidesof hand
Height and width of bonesand joints in handsand fingers
Retina Proprietary desktop orwall mountableunit
Retina Image Blood vessel patterns andretina
-
8/8/2019 Orville Wilson
11/18
Strengths, Weaknesses and
Usability of BiometricsBiometric Strengths Weakness Usability
Iris y Very stable over timey Uniqueness
y Potential user resistancey Requires user trainingy Dependant on a single
vendors technology
y Information securityaccess control,especially for
Federal Institutions andgovernment agencies
y Physical access control
(FIs and government)y Kiosks (ATMs and
airline tickets)
Fingerprint y Most mature biometrictechnology
y Accepted reliabilityy Many vendorsy Small template (less than
500 bytes)y Small sensors that can be
built into mice, keyboardsor portable devices
y Physical contact required (aproblem in some cultures)
y Association withcriminal justice
y Vendor incompatibilityy Hampered by temporary
physical injury
y IS access controly Physical access controly Automotive
Optical y Most proven over timey Temperature stable
y Large physical sizey Latent printsy CCD coating erodes with agey Durability unproven
-
8/8/2019 Orville Wilson
12/18
Strengths, Weaknesses and
Usability of BiometricsBiometrics StrengthsStrengths WeaknessWeakness Usability
Silicon y Small physical sizey Cost is declining
y Requires careful enrollmenty Unproven in sub optimal
conditions
Ultrasound y Most accurate in sub optimalconditions
y New technology, fewimplementations
y Unproven long termperformance
Voice y Good user acceptancey Low trainingy Microphone can be built into
PC or mobile device
y Unstable over timey Changes with time, illness
stress or injuryy Different microphones generate
different samplesy Large template unsuitable for
recognition
y Mobile phonesy Telephone banking and
other automated callcenters
Signatures y High user acceptancey Minimal training
y Unstable over timey Occasional erratic variabilityy Changes with illness, stress or
injuryy Enrollment takes times
y Portable devices withstylus input
y Applications where a wetsignature ordinarilywould be used.
-
8/8/2019 Orville Wilson
13/18
Strengths, Weaknesses and
Usability of BiometricsBiometrics StrengthsStrengths WeaknessWeakness UsabilityUsability
Face y Universally present y Cannot distinguish identical
siblingsy Religious or cultural prohibitions
y Physical access control
Hand y Small template (approximately10 bytes)
y Low failure to enroll ratey Unaffected by skin condition
y Physical size of acquisition devicey Physical contact requiredy Juvenile finger growthy Hampered by temporary physical
injury
y Physical access controly Time and attendance
Retina y Stable over timey Uniqueness
y Requires user training andcooperation
y High user resistancey Slow read timey Dependent on a single vendors
technology
y IS access control,especially for high securitygovernment agencies
y Physical access control(same as IS access control)
-
8/8/2019 Orville Wilson
14/18
Comparison of Different
Biometrics Technology
-
8/8/2019 Orville Wilson
15/18
Promise that Biometrics hold
for Privacy Increased Security
Biometric cannot be lost, stolen or
forgotten; it cannot be written down andstolen by social re-engineering
By implementing biometrics organizationscan positively verify users identities,improving personal accountability
In conjunction with smart cards biometricscan provide strong security for Public KeyInfrastructure (PKI)
-
8/8/2019 Orville Wilson
16/18
Perils that Biometrics hold for
Privacy Privacy is one of the leading inhibitor for
biometrics technology. Main issues: Misuse of Data
Health/Lifestyle Specific biometric data has beenlinked with the information beyond which it is set outto be used for such as AIDS. Is a person able tocontrol the information gathered on himself/herself?
Function Creep
Law Enforcement The template database may be
available for law enforcement Credit Reporting The template database may be
cross referenced against other databases includingthose held in hospitals and the police departments,by a credit reporting agency
-
8/8/2019 Orville Wilson
17/18
Future Trends in Biometrics
Body Odor Body odor can be digitallyrecorded for identification. A British company,MastiffElectronic System Ltd. Is working onsuch a system
DNA Matching The is the ultimate biometrictechnology that can produce proof positiveidentification of an individual
Keystroke Dynamics Keystroke dynamics,also referred to as typing rhythms, is aninnovative biometric technology
-
8/8/2019 Orville Wilson
18/18
Conclusion
1. All authentication methods are prone to errors.Nevertheless, reliable user authentication must ensurethat an attacker cannot masquerade as a legitimateuser
2. Biometrics is uniquely bound to individuals and mayoffer organizations a stronger method of authentication
3. Biometric systems are not foolproof; they can becompromised by:
Submission of another persons biometric Submission of enrollees biometric with the user under duress or incapacitated
4. A prudent balance between Security and Privacyneeds to be achieved