Emerging Biometric Applications Expectations and Reality (in 29 minutes or less!) (C) Mr David Heath of Triton Secure

An Emerging Technology

What are Biometrics? The term biometrics refers to a science involving the standard analysis of biological characteristics. A biometric is a unique, measurable characteristic or trait of a human being for automatically recognising or verifying identity.

Who are you? No, who are you, really???

Authentication Methods in Network & Internet Security Something you are Biometrics Positive identification Never lost or stolen Something you know Passwords PINs Mother’s maiden name Something you have ATM card Smart card Digital certificate

Biometrics Innate Iris Retina Ear Fingerprint Palm / hand Face (visual & heat) Skin detail / veins DNA / Blood / Saliva / anti-bodies Heart rhythm Footprint Lips Behavioral Gait Signature Typing style Mixed Voice Body odour

Why Biometrics? “Biometric identification (e.g., fingerprints, face and voice) will emerge as the only way to truly authenticate an individual, which will become increasingly important as security and privacy concerns grow.” - Gartner Group 26 th April 2000

How do Biometrics Work? Enrollment: Add a biometric identifier to a database Fingerprint, Voice, Facial or Iris Verification: Match against an enrolled record Present biometric CaptureProcess Store Present biometric Capture Process Compare Match IDENTIFIED No Match DENIED

Fingerprint Image Identification

Accuracy v. Affordability v. Acceptability Accuracy >> Affordability >> Courtesy, Veridicom Corp.

Benefits for the Consumer

Benefits of Biometrics Biometrics link a particular event to a particular individual, not just to a password or token, which may be used by someone other than the authorized user

Business Scenarios The password problem Remote access Who is using our fee-based web-site? Challenge-response tokens Too many physical-access devices Protecting the single-sign-on vault

The Password Problem They’re either too easy or they’re written down somewhere! Users forget them! Help Desk has to sort out the mess!

The Password Problem Write it Down % of respondents Never OccasionallyOftenAlways Source: CCH

The Password Problem Resets per Year % of respondents Zero1-23-6> 6 Source: CCH

The Password Problem Identifiable costs Lost productivity Flow-on productivity losses Support team Management and infrastructure US research - $340 per incident* Anecdotal – some incidents over $AU10,000 *BioNetrix Corp -

Choosing Technologies and Partners

Privacy Concerns and Ethics Criminal stigma 3rd party use of data Sold or given for other than intended purpose Provided to law enforcement Unauthorized access Identity theft “Tracking” of actions through biometrics Religious objections - “Mark of the Beast”

Australian Privacy Act NPP 4 – Data Security An organisation must take reasonable steps to protect the personal information it holds from misuse and loss and from unauthorised access, modification or disclosure.

Privacy Policy Recommendations 5 basic principles Notice – disclose ALL data captured Access –anyone can view their stored data Correction Mechanism Informed Consent – no 3 rd -party involvement Reliability & Safeguarding

Who would use Biometrics Strong identification and authentication Medium – high data security Non-repudiation (I didn’t do it!)

Who would use Biometrics The last metre Fee-for-service web sites e-Commerce transaction verification

Selecting Biometric Technologies User / environment considerations Technology factors

Technology Comparison

Accuracy False rejection rate Measures how often an authorized user, who should be recognized by the system, is not recognized. I am not recognised as me! False acceptance rate Measures how often a non-authorized user, who should not be recognized by the system, is falsely recognized. You are pretending to be me!

Matching vs. Non- Matching Prints Non-matching prints Matching prints Matching Threshold False non-matchesFalse matches d

Selecting a Biometric Solution Who can help?

Your Vendor / Consultant Existing relationship Ability to integrate biometrics into existing platform Ability to draw on other experience

Australian Biometric Testing Organisation Recently incorporated Impartial tester Education source Government & industry funded “Introduction to Biometrics” 1-day course

What problem are we solving? If biometrics is the answer, what’s the question?

Evaluation Strategy Define the requirements Testing & trialing Management buy-in Internal champion (not the IT Manager)

Who is using it? Connecticut Dept Social Welfare Health Application ABN-AMRO

Give Passwords the Finger!