A Risk Analysis Approach for Biometric Authentication Technology Author: Arslan Brömme Submission: International Journal of Network Security Speaker: Chun-Ta.

Slides:

Advertisements

Similar presentations

By Md Emran Mazumder Ottawa University Student no:

Advertisements

Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,

Cryptography and Network Security

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

Biometric Authentication Andrea Blanco Binglin Li Brian Connelly.

A Secure Remote User Authentication Scheme with Smart Cards Manoj Kumar 報告者 : 許睿中日期 :

Cryptography and Network Security Chapter 17

Computer and Information Security 期末報告學號姓名莊玉麟.

Sec final project A Preposition Secret Sharing Scheme for Message Authentication in Broadcast Networks 王怡君.

A Secure Fault-Tolerant Conference- Key Agreement Protocol Wen-Guey Tzeng Source : IEEE Transactions on computers Speaker ： LIN, KENG-CHU.

Co-operative Private Equality Test(CPET) Ronghua Li and Chuan-Kun Wu (received June 21, 2005; revised and accepted July 4, 2005) International Journal.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

A password authentication scheme with secure password updating SEC 期末報告學號：姓名：翁玉芬.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

Chapter 8 Web Security.

An Enhanced Two-factor User Authentication Scheme in Wireless Sensor Networks DAOJING HE, YI GAO, SAMMY CHAN, CHUN CHEN, JIAJUN BU Ad Hoc & Sensor Wireless.

Authentication Approaches over Internet Jia Li

Chapter 3 Mohammad Fozlul Haque Bhuiyan Assistant Professor CITI Jahangirnagar University.

1 Introduction to Security and Cryptology Enterprise Systems DT211 Denis Manley.

Csci5233 Computer Security1 Bishop: Chapter 12 Authentication.

Mobile Databases: a Selection of Open Issues and Research Directions Authors: Rachid Guerraoui et al. Sources: SIGMOD Record, 33(2), pp.78-83, 2004 Adviser:

CS 736 A methodology for Analyzing the Performance of Authentication Protocol by Laseinde Olaoluwa Peter Department of Computer Science West Virginia.

BUSINESS B1 Information Security.

1 Anonymous Roaming Authentication Protocol with ID-based Signatures Lih-Chyau Wuu Chi-Hsiang Hung Department of Electronic Engineering National Yunlin.

Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.

An efficient secure distributed anonymous routing protocol for mobile and wireless ad hoc networks Authors: A. Boukerche, K. El-Khatib, L. Xu, L. Korba.

1 Authentication and Digital Signature Schemes and Their Applications to E-commerce ( 身份認證與數位簽章技術及其在電子商務上的應用 ) Advisor: Chin-Chen Chang 1, 2 Student: Ya-Fen.

1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.

Symmetric versus Asymmetric Cryptography. Why is it worth presenting cryptography? Top concern in security Fundamental knowledge in computer security.

An Authenticated Payword Scheme without Public Key Cryptosystems Author: Chia-Chi Wu, Chin-Chen Chang, and Iuon-Chang Lin. Source: International Journal.

多媒體網路安全實驗室 A novel user authentication and privacy preserving scheme with smartcards for wireless communications 作者 :Chun-Ta Li,Cgeng-Chi Lee 出處 :Mathematical.

Efficient remote mutual authentication and key agreement Improvement of Chien et al. ’ s remote user authentication scheme using smart cards An efficient.

Cryptography and Network Security (CS435) Part Fourteen (Web Security)

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

Secure Authentication Scheme with Anonymity for Wireless Communications Speaker : Hong-Ji Wei Date :

Introduction to Biometrics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #23 Biometrics Standards - II November 14, 2005.

. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.

Authentication of Signaling in VoIP Applications Authors: Srinivasan et al. (MIT Campus of Anna University, India) Source: IJNS review paper Reporter:

Two-tier authentication for cluster and individual sets in mobile ad hoc networks Authors: Yuh-Ren Tsai and Shiuh-Jeng Wang Sources: Computer Networks,

Department of Computer Engineering, Kyungpook National University Author : Eun-Jun Yoon, Wan-Soo Lee, Kee-Young Yoo Speaker : Wan-Soo Lee

Secure Communication between Set-top Box and Smart Card in DTV Broadcasting Authors: T. Jiang, Y. Hou and S. Zheng Source: IEEE Transactions on Consumer.

A flexible biometrics remote user authentication scheme Authors: Chu-Hsing Lin and Yi-Yi Lai Sources: Computer Standards & Interfaces, 27(1), pp.19-23,

User authentication schemes with pseudonymity for ubiquitous sensor network in NGN Authors: Binod Vaidya, Joel J. Rodrigues and Jong Hyuk Park Source:

Establishing authenticated channels and secure identifiers in ad-hoc networks Authors: B. Sieka and A. D. Kshemkalyani (University of Illinois at Chicago)

IAD 2263: System Analysis and Design Chapter 7: Designing System Databases, Interfaces and Security.

Ch 13 Trustworthiness Myungchul Kim

Secure Messenger Protocol using AES (Rijndael) Sang won, Lee

1 An Ordered Multi-Proxy Multi-Signature Scheme Authors: Min-Shiang Hwang, Shiang-Feng Tzeng, Shu-Fen Chiou Speaker: Shu-Fen Chiou.

SPEAKER: HONG-JI WEI DATE: Efficient and Secure Anonymous Authentication Scheme with Roaming Used in Mobile Networks.

Threshold password authentication against guessing attacks in Ad hoc networks ► Chai, Zhenchuan; Cao, Zhenfu; Lu, Rongxing ► Ad Hoc Networks Volume: 5,

Threshold password authentication against guessing attacks in Ad hoc networks Authors: Zhenchuan Chai, Zhenfu Cao, Rongxing Lu Sources: Ad Hoc Networks,

Biometric Encryption Base RSA Algorithm Supervisor: Ass. Prof. Dr. Dang Tran Khanh Student: Dung Ngo Dinh.

Network Security Overview

Non-PKI Methods for Public Key Distribution

Lightweight Mutual Authentication for IoT and Its Applications

網路環境中通訊安全技術之研究 Secure Communication Schemes in Network Environments

Efficient password authenticated key agreement using smart cards

Chapter 17 Risks, Security and Disaster Recovery

Security of a Remote Users Authentication Scheme Using Smart Cards

Cryptography and Network Security

Cryptography and Network Security

Module 2 OBJECTIVE 14: Compare various security mechanisms.

A lightweight biometrics based remote user authentication scheme for IoT services Source: Journal of Information Security and Applications Volume 34, Part.

Cryptography and Network Security

Privacy Protection for E-Health Systems by

Presentation transcript:

A Risk Analysis Approach for Biometric Authentication Technology Author: Arslan Brömme Submission: International Journal of Network Security Speaker: Chun-Ta Li

2 Outline  Introduction  Fundamentals  A High-Level Component & Process Model for Integrated Security Risk Analysis of Biometric Authentication Technology  A Holistic Security Risk Analysis Approach for Biometric Authentication Technology  Conclusions  Comments

3 Introduction  Biometric technology Standardize data formats for biometric data interchange Standardize data formats for biometric data interchange Communication protocols Communication protocols Unified programming interface for enabling the interoperability of different biometric systems Unified programming interface for enabling the interoperability of different biometric systems Person authentication, identification and surveillance Person authentication, identification and surveillance  Risk analysis (core processes and components)

4 Fundamentals  Risk analysis for biometric authentication technology IT security biometrics IT security biometrics Privacy Privacy Safety Safety Performance Performance Security risk analysis for biometric authentication technology Security risk analysis for biometric authentication technology  Biometric authentication systems

5 Fundamentals (cont.)  IT security biometrics Studying on person recognition methods Studying on person recognition methods  Sensing of a person ’ s biological characteristics  Measuring of the captured or scanned biometrics  Computing of biometric signatures and biometric templates  Verifying and identifying against biometric templates  Privacy Privacy is everyone ’ s fundamental human right Privacy is everyone ’ s fundamental human right The principle of necessity of data collection means to avoid or at least to minimize personal data within an ICT system The principle of necessity of data collection means to avoid or at least to minimize personal data within an ICT system

6 Fundamentals (cont.)  Safety/Performance risks Risk Risk  Failure and Fault Safety Safety  Risk degradation  Reliability and Availability ↑ Performance Performance  Throughput ↑  Latency ↓

7 Fundamentals (cont.)  Security risk of biometric authentication technology The probability that a specific threat to biometric authentication technology The probability that a specific threat to biometric authentication technology  Security & Application Risk Traffic Light Model [Brunnstein 2003] Green: low probability Green: low probability Yellow : medium probability Yellow : medium probability Red : high probability Red : high probability A specific vulnerability of biometric authentication technology A specific vulnerability of biometric authentication technology

8 Fundamentals (cont.)  Biometric Authentication Systems General authentication process [Brömme 2003] General authentication process [Brömme 2003]  Enrollment  Biometric authentication  Authroization  Access control  Derollment Basic elements Basic elements  Persons, hardware components, biometric communication channel, biometric process, biometric algorithms, biometric signature and biometric databases

9 A High-Level Component & Process Model for Integrated Security Risk Analysis of Biometric Authentication Technology  High-level Component & Process Model for integrated Security Risk Analysis of Biometric Authentication Technology (ComProMiSe.Risk.of.BiT) sensing send receive (en|de)crypt query update write (en|de)rollment authentication capture transmission storage computation Biometric authentication technology High-level process components/function modules for high-level processes/function of high-level methods capture, transmission and storage (P) preprocessing (Q) quality check and enhancement (N) normalization (S) biometric signal processing (B) computation of Biometric signature (C) (cluster|classifi)cation (D) decision sub-level processes/functions sub-level processes components/functions modules lines of code scope of high-level component & process model high-level methods high-level processes/functions high-level process components/ Function modules

10 A High-Level Component & Process Model for Integrated Security Risk Analysis of Biometric Authentication Technology (cont.)  Processes Enrollment, Authentication, Derollment Enrollment, Authentication, Derollment  Components P, Q, N, S, B, C, D P, Q, N, S, B, C, D  Risk aspect (1) security, privacy, safety, performance security, privacy, safety, performance  Risk aspect (2) attack, misuse, fault, failure attack, misuse, fault, failure

11 A Holistic Security Risk Analysis Approach for Biometric Authentication Technology  Four potential risk interrelations : has potential risk effect : has potential risk effect : has risk effect : has risk effect : has no risk effect : has no risk effect : has no potential risk effect : has no potential risk effect  Two placeholders ★ : empty or Risk aspect (1) ★ : empty or Risk aspect (1) ◇ : empty or Risk aspect (2) ◇ : empty or Risk aspect (2)

12 A Holistic Security Risk Analysis Approach for Biometric Authentication Technology (cont.)  Examples e ◇ ★ a (e faul safe a) e ◇ ★ a (e faul safe a) d ◇ ★ a (d attc secu a) d ◇ ★ a (d attc secu a) A less reliable enrollment process which has a potential safety risk effect on the authentication process resulting in the false recognition and/or acceptance of persons An attack for a derollment process which has a potential security risk effect on a subsequent authentication process can arise resulting for example in the non- derollment of the selected person or derollment of a third not selected person with the intention to later on false recognize and/or accept the person which should be derolled

13 A Holistic Security Risk Analysis Approach for Biometric Authentication Technology (cont.)  Example eB attc secu aD eB attc secu aD  More than seven thousand 1 single possible risk effect classes given here  Flexibility of the ◇ ★ relation in combination with a risk matrix enables the systematic exploration and discussion of holistic security risks A possible risk attacks describes the manipulation of enrollment computations of biometric signatures for intended false acceptance of imposters and/or false rejection genuines in subsequent authentication attempts 1

14 Conclusions  Author presents a systematic approach for a holistic security risk analysis of biometric authentication technology Processes & Components Processes & Components Four risk interrelations Four risk interrelations Biometric authentication risk matrices Biometric authentication risk matrices

15 Comments  Evaluation of Paper Confirmatory Confirmatory  Recommendation Accept after minor revision Accept after minor revision  Details: In the proposed approach, there are eight risk aspects, three processes and eighteen components in the risk matrix, please briefly showed all of these process & components in the paper. In the proposed approach, there are eight risk aspects, three processes and eighteen components in the risk matrix, please briefly showed all of these process & components in the paper. In addition, there are four relations between elements. Are they enough to describe all of the risk effect for biometric authentication methods? Furthermore, how to define the condition of “ potential ” there should be described more clearly. In addition, there are four relations between elements. Are they enough to describe all of the risk effect for biometric authentication methods? Furthermore, how to define the condition of “ potential ” there should be described more clearly. In the risk matrix, how to define the interrelations between these elements. Are these relations are defined by users or the system? The author must briefly describe it. In the risk matrix, how to define the interrelations between these elements. Are these relations are defined by users or the system? The author must briefly describe it.

An Online Biometrics-based Secret Sharing Scheme for Multiparty Cryptosystem Using Smart Cards Advisor: Min-Shiang Hwang Speaker: Chun-Ta Li

17 Notations UiUser SiSystem Ri A trusted registration center G A group of n users IDi Identity of user Bi Biometric template of user PWi The common password shared between Ui and Si QiQiQiQi An integer computed from PWi P A large prime S A secret key maintained by Si Rc i A random number generated by Ui Rs A random number generated by Si PKs Public key of Si H(.) One-way hashing function ⊕ XOR operation E PK {.} Asymmetric encryption with the public key PK E x [.] Symmetric encryption with the key x K Primary secret sharing key maintained by Si

18 The Proposed Scheme  Registration phase G RiRiRiRi 1. ID i, B i, PW i 3. Computes X i = ID i f i mod P Computes e i = (y i S mod P) ⊕ X i Computes g i = X i SQ i mod P 4. Smart card (ID i, P, H(.), f i, e i, g i ) Secret channel // f i = H(H(B i )) // 2. Generates the Lagrange interpolating polynomial with degree t-1 (y i = K+a 1 x i +a 2 x i 2 + … + a t-1 x i t-1 mod P)

19 The Proposed Scheme (cont.)  Reconstruction phase U1U1U1U1 SiSiSiSi U2U2U2U2 UtUtUtUt … 1. Every participant, U i (i = 1 to t), inserts his/her smart card and inputs B i into specific biometric device 2. Verifies H(H(B i )) = f i ? 3. If it holds, U i computes following messages X i ` = ID i fi mod P e i ` = e i ⊕ X i ` = y i S mod P M i1 = g i Q i -1 mod P = X i S mod P M i2 = (X i `) Q i mod P 4. U i sends his/her M i3 = E PKs {ID i ||M i1 ||M i2 ||Rc i } to S i

20 The Proposed Scheme (cont.)  Reconstruction phase (cont.) U1U1U1U1 SiSiSiSi U2U2U2U2 UtUtUtUt … 8. If Step 7 holds, S i sends M i5 = E Rc [IDi||Rs||M i4 ] to U i 10. If Step 9 holds, U i sends M i6 = E Rs [ID i ||e i `] to S i 5. S i decrypts M i3 and checks the format of U i ’ s ID i 6. If it holds, S i computes M i4 = (M i2 ) Q i -1 mod P = X i ` mod P 7. Then, S i verifies (M i4 ) S = M i1 ? 9. U i decrypts M i5 and verifies M i4 = X i ` ?