Presentation is loading. Please wait.

Presentation is loading. Please wait.

Debate Session (III) – Why risk management and vulnerability assessment is important? Dr Ted Dunstone, Chair Technical Panel Biometrics Institute, CEO.

Published byGeorgina Armstrong Modified over 8 years ago

Similar presentations

Presentation on theme: "Debate Session (III) – Why risk management and vulnerability assessment is important? Dr Ted Dunstone, Chair Technical Panel Biometrics Institute, CEO."— Presentation transcript:

1 Debate Session (III) – Why risk management and vulnerability assessment is important? Dr Ted Dunstone, Chair Technical Panel Biometrics Institute, CEO Biometix

2 Some Debate Questions What are the main vulnerability points of ABC systems and their known (and unknown) strengths and weaknesses? What are current known real world biometric attacks? What are the implications of these attacks? And how to mitigate them? How to insure vulnerability is included in overall ABC risk management? How to assess the risks and what are the methods for penetration testing? What is a research direction for vulnerability detection for ABC systems? How to encourage border management agencies to address potential vulnerabilities? How to exchange and share the experiences on this topic?

3 Biometrics & Vulnerability Now Things are changing rapidly (at last!) – BVEAG Meeting In London – ISO standards still primarily address performance testing but 30107 addresses presentation attack (spoofing) – Two NIST conferences on biometric performance – both had significant content relating to vulnerabilities – LivDet – 2009, 2011, 2013 fingerprint liveness detection competition – Tabula Rasa – Trusted Biometrics under Spoofing Attacks – BEAT – Biometrics Evaluation and Testing – Governments are including “spoof resistance” in procurement specs

4 Some Real Vulnerability Cases Japan: Fingerprint Spoofing (Published 29 January 2010) Two South Korean women using special tapes on their fingers ; Canada: Facial Spoofing (November 2010) - Air Canada US: Fingerprints Removed Cancer drug Capecitabine removed fingerprints Brazilian Hospital (March 2013)

5 Vulnerability Web Results Biometric Spoofing: 8,140,000 Fingerprint Biometric Spoofing : 547,000 Face Biometric Spoofing: 276,000 Iris Biometric Spoofing: 97,900 Voice Biometric Spoofing: 3,200,000 (!) Speaker Verification Biometric Spoofing (1,750,000) 5

6 Aims Recognise that biometric vulnerability has become mainstream and share some of the activities that are underway Find ways to improve transparency so that all parties speak a common language and understand how systems can be/have been tested. Procurements specs, test results and statements about performance should be objective and unambiguous. Improve the performance of biometric systems spoof resistance, leading to wider deployment.

7 Vulnerability Checklist  What are the common vulnerabilities for your technology (including biometrics)?  Do you have a risk management plan, and does it include the potential for biometric vulnerability?  Are you aware of the difference between a standard false accept rate and a biometric vulnerability?  For your system what vulnerability related documentation exists?  Are there any configuration options to for the vulnerability detection?  Will there be tradeoffs in performance using the vulnerability detection?  How is a potential vulnerability notified?  What types of conditions might create a false vulnerability alert?  Do you have a plan in your enrolment or verification workflow that supports vulnerability?  What mitigations can be established to protect against vulnerabilities?  Would you use external resources to conduct an assessment?

Download ppt "Debate Session (III) – Why risk management and vulnerability assessment is important? Dr Ted Dunstone, Chair Technical Panel Biometrics Institute, CEO."

Similar presentations

ETHICAL HACKING A LICENCE TO HACK

ETHICAL HACKING A LICENCE TO HACK
Session V: Integration of Risk Information and Early Warnings in Emergency Preparedness, Planning and Response Ricardo Mena, OCHA.

Session V: Integration of Risk Information and Early Warnings in Emergency Preparedness, Planning and Response Ricardo Mena, OCHA.
Overview of biometric technology. Contents: 1. What is Biometrics The term “biometrics” is derived from the Greek words “bio” (life) and “metrics” (to.

Overview of biometric technology. Contents: 1. What is Biometrics The term “biometrics” is derived from the Greek words “bio” (life) and “metrics” (to.
WP4 – Task 4.4 LCA Activities

WP4 – Task 4.4 LCA Activities
Identity cards and systems Professor M. Angela Sasse University College London Professor Brian Collins RMCS Shrivenham.

Identity cards and systems Professor M. Angela Sasse University College London Professor Brian Collins RMCS Shrivenham.
DARPA ITS PI Meeting – Honolulu – July 17-21, 2000Slide 1 Aegis Research Corporation Intrusion Tolerance Using Masking, Redundancy and Dispersion DARPA.

DARPA ITS PI Meeting – Honolulu – July 17-21, 2000Slide 1 Aegis Research Corporation Intrusion Tolerance Using Masking, Redundancy and Dispersion DARPA.
Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.

Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
N Stage Authentication with Biometric Devices Presented by: Nate Rotschafer Sophomore Peter Kiewit Institute Revised: July 8, 2002.

N Stage Authentication with Biometric Devices Presented by: Nate Rotschafer Sophomore Peter Kiewit Institute Revised: July 8, 2002.
Community-based Disaster Management

Community-based Disaster Management
I NDULGENC E There is no need for oversight or management direction. All staff members are superstars and act in the best interest of the company.

I NDULGENC E There is no need for oversight or management direction. All staff members are superstars and act in the best interest of the company.
Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.

Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.
An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.

An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.
Standards for Biometrics Dr. Pushkin Kachroo. Introduction Standards needed for interoperability At all levels of the system –hardware level (using one.

Standards for Biometrics Dr. Pushkin Kachroo. Introduction Standards needed for interoperability At all levels of the system –hardware level (using one.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
Liveness Testing Shivankush Aras. Threats to Biometric System Artificially created biometrics: e.g. image of a face or iris, lifted latent fingerprints,

Liveness Testing Shivankush Aras. Threats to Biometric System Artificially created biometrics: e.g. image of a face or iris, lifted latent fingerprints,
Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.

Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Biometrics Kyle O'Meara April 14, 2008. Contents Introduction Specific Types of Biometrics Examples Personal Experience Questions.

Biometrics Kyle O'Meara April 14, Contents Introduction Specific Types of Biometrics Examples Personal Experience Questions.

Similar presentations

Ads by Google