Going beyond passwords Authentication II Going beyond passwords

Agenda Announcements Biometrics Physical devices General authentication

Biometrics Biometrics is the comparison of live anatomical, physiological, or behavior characteristics to the stored template of a person. Physiological: Fingerprint, hand or finger geometry Patterns of retina, veins, irises, faces Behavioral: Signature Voice keypresses See http://www.biometrics.org/biomvendors.htm for lists of vendors

Potential Advantages Eliminates certain password problems – difficult to share, misplace, and forge Convenient and potentially easy to use no remembering nothing physical to forget or misplace Improve access speed Reduces cost within organizations: eliminates passwords which are expensive to maintain and secure Increase security: eliminates the sharing of passwords, deters and detects fraudulent account access, and improves physical security. Competitive advantage: applications demand advanced technology Convenience to employees: passwords tend to be overwhelming, biometrics eliminates the need to memorize or reset passwords, while speeding up login Non-repudiation: transactions are difficult to negate

Authentication Identification vs. Verification Question: what’s the difference?

Biometrics process Enrollment Use Acquisition Creation of template Storage of template Use Acquisition(s) Comparison Decision

Performance metrics FTE – Failure To Enroll FTA – Failure To Accept FAR – False Acceptance Rates FRR – False Reject Rates Common goal: FAR = FRR. Why?

Fingerprints Traditionally used in law enforcement and border control for identification Many uses Walt Disney World Payment systems – example: BioPay in North Carolina Variety of cheap devices available

Recognition Current technology Identify patterns Or Identify minutae Optical Ultrasonic Capacitance Identify patterns Loops, whirls Or Identify minutae Ridge endings, etc. Optical – takes a digital image disadv., scratched, dirty surface causes bad image; easily fooled with pictures Ultrasonic – hig hfrequency sound waves, doesn’t need clean sensing surface Capacitance – measure ridge patterns, eliminates need for clean sensing surface

Fingerprints Advantages Disadvantages Long history of use Unique and permanent Variety of cheap technologies Reasonable performance Disadvantages Association with law enforcement Quality of prints vary with race, age, environmental factors Dirt & grime Placement of finger can be important Can be easy to circumvent

Face recognition Select facial features from images and compare Variety of environments Search for criminals in crowds (airports, large events) Border control & passports Casinos

Face recognition Advantages Disadvantages Universal More acceptable? Indoor and outdoor use reasonable Easy to perform without awareness Disadvantages Requires straight on, neutral expression Photos can circumvent Accuracy is still a problem

Iris Recognition Unique patterns in the iris – iris code Currently lowest false accept rates Can be used in variety of environments BUT Requires good image from cooperative user

Voice Recognition Speech input Easy deployment Frequency Duration Cadence Easy deployment Microphones easy to install Gathering voice can be done unobtrusively

Voice recognition Background and ambient noise is a huge problem Templates are large compared to other biometrics Longer enrollment time (training) Recording may be an issue

Keystroke biometrics Keypress timings or pressure Advantages: Easily used in conjunction with computer-based passwords Can be gathered automatically Disadvantages: Not very unique or permanent Can listen to keyboard typing to determine Can be used to infer password

Other techniques Hand geometry Retinal scans Signature Hand veins Odor Gait Ear DNA

General requirements Universality Distinctiveness Permanence Collectability Performance Acceptability Circumvention Question: What other usability requirements?

Comparison Face Fingerprint Iris Voice Keyboard Universality Distinctiveness Collectability Performance Acceptability Circumvention

Security Considerations Biometrics are not secrets and are therefore susceptible to modified or spoofed measurements There is no recourse for revoking a compromised identifier Strategic Solutions Liveness testing Multi-biometrics Liveness testing: ensures input measurements are not originating from inanimate objects Multi-biometrics: fusing multiple and independent biometric identifiers

Privacy Considerations A reliable biometric system provides an irrefutable proof of identity Threatens individuals right to anonymity Cultural or religious concerns Violates civil liberties Strategic Solutions Biometric cryptosystems Transparency Threatens individuals right to anonymity People believe that control and use of the human body is a violation of moral tenets, religious beliefs, and civil liberties. Strategic Solutions Biometric cryptosystems – generation of cryptographic keys based on biometric samples Transparency – failing to store any actual images

Other issues Exception handling Time consuming enrollment Sociological concerns Cause personal harm or endangerment? Cultural or religious opposition Comparing systems in the real world User training Comfort with technology and methods Experience of specific device

Questions Where would you like to see biometrics used? In what situations would it be inappropriate? How and when to offer user training?

Physical devices “What you have…” piece of the puzzle Typical example: ATM cards Public transportation cards

Technologies Smart cards USB Cell phones OTP tokens http://www.rsa.com/

Comparisons Advantages? Disadvantages? User issues: Acquiring the device (expense, time) Installing and connecting it properly Loss or failure of device

Usability study Motivation: compare alternative forms of cryptographic smart cards Question: which device is faster and easier to use in a mobile setting? Method: Within subjects user study with 3 devices task adapted from Johnny Can’t Encrypt Testing mobility by changing computers Debriefing questionnaire for user impressions

Results USB tokens faster to use USB token users made fewer errors Smart card has poor feedback for inserting card USB token means no separate installation – device already plugged in Added value helps users care about them more

Questions Is it possible to have authorization without identification? How would you increase acceptance of biometric systems? Are there any current password systems that you would like to replace with a biometric or hardware scheme? Why? How would you design a study to test the usability and utility of a laptop fingerprint reader?

Let’s compare Paypal: Email (user id) + strong password, challenge questions + email for password recovery Email + OTP, defaults to password if token lost Email + fingerprint, defaults to password if reader unavailable

Evaluation Accessibility Memorability Security Cost Depth of processing, retrieval, meaningfulness Security Predictability, abundance, disclosure, crackability, confidentiality Cost Environmental considerations Range of users, frequency of use, type of access, etc.