2 On Internet, nobody knows who you are… A terrorist… or a student… or a spy…?
3 Compromised Digital Certificate Denial of Service Data Leakage Malware Hacking Cyber Squatting Phishing Vishing Identity Theft Cyber Terrorism
4 The majority of cybercrimes are cantered on forgery, fraud and Phishing, India is the third-most targeted country for Phishing attacks after the US and the UK Social networks as well as ecommerce/gov sites are major targets 6.9 million bot-infected systems in 2011 14,348 website defacements in 2011 6,850.in and 4,150.com domains were defaced during 2011 15,000 sites hacked in 2011 India is the number 1 country in the world for generating spam.
5 A single identity is associated with each individual and is fixed in time. Individuals are not on a list of known criminals or terrorists. Individuals have not been previously excluded (e.g., are ineligible for services, have been deported, etc.). The claimed identity may be verified (i.e., at a point of service). Cyber Security is about establishing trust in entities accessing your networks and ensuring that they perform functions consistent with the role you define for them. The fundamental capability necessary for any cyber security solution is Identity Management. Biometrics is a key enabling technology in the fight to strengthen the security of systems against cyber crime. “Automated measurement of Physiological and/or behavioural characteristics to determine or authenticate identity” Biometrics provide a clear benefit to counteracting cyber security threats.
6 ISO/IEC JTC 1 SC 37 ISO/IEC JTC 1 SC 27 ISO/IEC 24761:2009, Information technology - Security techniques - Authentication context for biometrics (ACBio) ISO/IEC 19792:2009, Information technology - Security techniques - Security evaluation of biometrics ISO/IEC 24745 - Information technology - Security techniques - Biometric template protection ISO/IEC 24760, Information technology - Security techniques - A Framework for Identity Management ISO TC 68
IdentificationAuthentication It determines the identity of the person.It determines whether the person is indeed who he claims to be. No identity claim Many-to-one mapping. Cost of computation number of record of users. Identity claim from the user One-to-one mapping. The cost of computation is independent of the number of records of users. Captured biometric signatures come from a set of known biometric feature stored in the system. Captured biometric signatures may be unknown to the system.
Biological/chemical based Finger prints Iris, Retinal scanning Hand shape geometry blood vessel/vein pattern Facial recognition ear image DNA 8
A reflection of an individual’s Psychology Hand written signatures Voice pattern Mouse movement dynamics Gait (way of walking) Keystroke dynamics 9
10 Eliminate memorization – Users don’t have to memorize features of their voice, face, eyes, or fingerprints Eliminate misplaced tokens – Users won’t forget to bring fingerprints to work Can’t be delegated – Users can’t lend fingers or faces to someone else Often unique – Save money and maintain database integrity by eliminating duplicate enrolments Liveliness detection & multimodal systems to combat spoofing. Data signing, time stamp and session token mechanisms for minimizing hacking. Coarse scoring, trusted sensors and secured channel for Denial of service.
11 Securely manage sensitive biometric data. Ensuring the privacy of users’ personal (e.g. biometric) data. Resisting attacks launched by insiders/outsiders. Providing for non-repudiation of activities. Integrating with 3rd party applications. Scaling enterprise-wide deployments.
BUSINESS CASE - ROI COSTSBENEFITS Setting up global libraries, programming macros, validation checks Pay one time fees to set up these services Regulatory Submissions & ReportingStandardization reduces time and improves quality Training & HelpdeskTraining time reduced,helpdesk cost minimised when all sites adopt same ePRO/EDC technology Licensing FeesVolume discounts for EDC licensing fees centralized hosting Resource UtilizationHourly/Daily charges per resource 12
14 Biometrics offer the ability to both improve security and increase higher degrees of convenience. Biometrics can supplement existing authentication mechanisms such as tokens and passwords. ROI on eGov Projects may not show an picture as it is still in its infancy.