Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #21 Emerging Technologies in Data and Applications Security March 29, 2006

Outline l Digital Identity Management l Identity Theft Management l Digital Forensics l Digital Watermarking l Risk Analysis l Economic Analysis l Secure Electronic Voting Machines l Biometrics l Other Applications l Lecture on Introduction to Biometrics

Digital Identity Management l Digital identity is the identity that a user has to access an electronic resource l A person could have multiple identities - A physician could have an identity to access medical resources and another to access his bank accounts l Digital identity management is about managing the multiple identities - Manage databases that store and retrieve identities - Resolve conflicts and heterogeneity - Make associations - Provide security l Ontology management for identity management is an emerging research area

Digital Identity Management - II l Federated Identity Management - Corporations work with each other across organizational boundaries with the concept of federated identity - Each corporation has its own identity and may belong to multiple federations - Individual identity management within an organization and federated identity management across organizations l Technologies for identity management - Database management, data mining, ontology management, federated computing

Identity Theft Management l Need for secure identity management - Ease the burden of managing numerous identities - Prevent misuse of identity: preventing identity theft l Identity theft is stealing another person’s digital identity l Techniques for preventing identity thefts include - Access control, Encryption, Digital Signatures - A merchant encrypts the data and signs with the public key of the recipient - Recipient decrypts with his private key

Digital Forensics l Digital forensics is about the investigation of Cyber crime l Follows the procedures established for Forensic medicine l The steps include the following: - When a computer crime occurs, law enforcement officials who are cyber crime experts gather every piece of evidence including information from the crime scene (i.e. from the computer) - Gather profiles of terrorists - Use history information - Carry pout analysis

Digital Forensics - II l Digital Forensics Techniques - Intrusion detection - Data Mining - Analyzing log files - Use criminal profiling and develop a psychological profiling - Analyze messages l Lawyers, Psychologists, Sociologists, Crime investigators and Technologists have to worm together l International Journal of Digital Evidence is a useful source

Steganography and Digital Watermarking l Steganography is about hiding information within other information - E.g., hidden information is the message that terrorist may be sending to their pees in different parts of the worlds - Information may be hidden in valid texts, images, films etc. - Difficult to be detected by the unsuspecting human l Steganalysis is about developing techniques that can analyze text, images, video and detect hidden messages - May use data mining techniques to detect hidden patters l Steganograophy makes the task of the Cyber crime expert difficult as he/she ahs to analyze for hidden information - Communication protocols are being developed

Steganography and Digital Watermarking - II l Digital water marking is about inserting information without being detected for valid purposes - It has applications in copyright protection - A manufacturer may use digital watermarking to copyright a particular music or video without being noticed - When music is copies and copyright is violated, one can detect two the real owner is by examining the copyright embedded in the music or video

Risk Analysis l Analyzing risks - Before installing a secure system or a network one needs to conduct a risk analysis study - What are the threats? What are the risks? l Various types of risk analysis methods - Quantitative approach: Events are ranked in the order of risks and decisions are made based on then risks Qualitative approach: estimates are used for risks

Economics Analysis l Security vs Cost - If risks are high and damage is significant then it may be worth the cost of incorporating security - If risks and damage are not high, then security may be an additional cost burden l Economists and technologists need to work together - Develop cost models - Cost vs. Risk/Threat study

Secure Electronic Voting Machines l We are slowly migrating to electronic voting machines l Current electronic machines have many security vulnerabilities l A person can log into the system multiple times from different parts of the country and cast his/her vote l Insufficient techniques for ensuring that a person can vote only once l The systems may be attacked and compromised l Solutions are being developed l Johns Hopkins University is one of the leaders in the field of secure electronic voting machines

Biometrics l Early Identication and Authentication (I&A) systems, were based on passwords l Recently physical characteristics of a person are being sued for identification - Fingerprinting - Facial features - Iris scans - Blood circulation - Facial expressions l Biometrics techniques will provide access not only to computers but also to building and homes l Other Applications

Biometric Technologies l Pattern recognition l Machine learning l Statistical reasoning l Multimedia/Image processing and management l Managing biometric databases l Information retrieval l Pattern matching l Searching l Ontology management l Data mining

Data Mining for Biometrics l Determine the data to be analyzed - Data may be stored in biometric databases - Data may be text, images, video, etc. l Data may be grouped using classification techniques l As new data arrives determine the group this data belongs to - Pattern matching, Classification l Determine what the new data is depending on the prior examples and experiments l Determine whether the new data is abnormal or normal behavior l Challenge: False positives, False negatives

Secure Biometrics l Biometrics systems have to be secure l Need to study the attacks for biometrics systems l Facial features may be modified: - E.g., One can access by inserting another person’s features - Attacks on biometric databases is a major concern l Challenge is to develop a secure biometric systems

Secure Biometrics - II l Security policy for as biometric system - Application specific and applicatyion independent policies - Security constraints l Security model for a biometrics systems - Determine the operations to be performed - Need to include both text, images and video/animation l Architecure foe a biometric system - Need to idenify securiy critical components - Reference monitor l Detecting intrusions in a biometric system

Other Applications l security - Encryption - Filtering - Data mining l Benchmarking - Benchmarks for secure queries and transactions l Simulation and performance studies l Security for machine translation and text summarization l Covert channel analysis l Robotics security - Need to ensure policies are enforced correctly when operating robots

Introduction to Biometrics Dr. Bhavani Thuraisingham The University of Texas at Dallas Introduction to Biometrics March 29, 2006

Outline l Introduction to Biometrics - What is Biometrics? - What is the Process? - Why Biometrics? l Biometrics Resources l What is Secure Biometrics l Revisiting Topics to be covered l Some exploratory research areas l Some useful reference books

What is Biometrics? l Biometrics are automated methods of recognizing a person based on a physiological or behavioral characteristic l Features measured: Face, Fingerprints, Hand geometry, handwriting, Iris, Retinal, Vein and Voice l Identification and personal certification solutions for highly secure applications l Numerous applications: medical, financial, child care, computer access etc.

What is the Process? l Three-steps: Capture-Process-Verification l Capture: A raw biometric is captured by a sensing device such as fingerprint scanner or video camera l Process: The distinguishing characteristics are extracted from the raw biometrics sample and converted into a processed biometric identifier record - Called biometric sample or template l Verification and Identification - Matching the enrolled biometric sample against a single record; is the person really what he claims to be? - Matching a biometric sample against a database of identifiers

Why Biometrics? l Biometrics replaces Traditional Authentication Methods l Provides better security l More convenient l Better accountability l Applications on Fraud detection and Fraud deterrence l Dual purpose - Cyber Security and National Security

Why Biometrics? (Continued) l Authentication mechanisms often used are User ID and Passwords l However password mechanisms have vulnerabilities - Stealing passwords etc. l Biometrics systems are less prone to attacks l Need sophisticated techniques for attacks - Cannot steal facial features and fingerprints - Need sophisticated image processing techniques for modifying facial features

Why Biometrics? (Continued) l Biometrics systems are more convenient l Need not have multiple passwords or difficult passwords - E.g., characters, numbers and special symbols - Need not remember passwords l Need not carry any cards or tokens l Better accountability - Can determine who accessed the system with less complexity

Why Biometrics? (Concluded) l Dual Purpose - Cyber Security and National Security l Access to computer systems and networks l Fraud detection - Who has intruded the system? - Who has entered the building - Surveillance and monitoring l Fraud Deterrence - Because of biometrics systems, people are nervous to commit crimes - Stealing from supermarkets and shops, etc.

Biometrics Resources l Biometrics Consortium is the major resource l Another Resource l Has Information on - Who is doing what l Academia, Industry and Government - White papers on Biometrics technologies l Fingerprint detection, facial recognition, Iris scanning,

Biometrics Resources: What is academia doing? l Michigan State University - Developing algorithms for fingerprint detection, etc. l West Virginia University - Forensic identification initiative l San Jose State University - Mathematical concepts

Biometrics Resources: What is Industry doing? l Focus is on building faster and cheaper devices l More accuracy, less false positives and negatives l Incorporating biometrics into mobile devices, Smartcards l Biometrics in healthcare: delivering medication to correct patients l Biometrics in child care: Children are picked up by those authorized l Protecting digital content - Ensuring that voice and video are not altered Vendors:

Biometrics Resources: What is Government doing? l NSA (National Security Agency) - Research on protecting critical information systems l DoD (Department of Defense) - Biometrics Management Office - Provide Armed forces access to Biometrics systems for combat operations l INS/DHS (Department of Homeland Security; Immigration and Nationalization Service) - Biometrics technologies at Airports l NIST (National Institute of Standards and Technologies) - Major player in Biometrics

Activities of NIST l Measurements, Testing and Standards is NIST’s mission l Focus on Biometrics Standards l Activities - Biometrics Consortium - Common Biometric Exchange File Format - Biometric Interoperability, Performance and Assurance Working Group - BioAPI Consortium - Various Standards

Activities of NIST (Continued) l Biometrics Consortium is the Government focal point for research, development and testing of Biometric products and technologies l Common Biometric Exchange File Format is a product of the consortium to develop common fingerprint template formats l Biometrics Interoperability working group promotes common definitions and concepts for exchanging information between national and international partners l BioAPI consortium develops common Application Programming Interfaces for biometrics technologies

Activities of NIST (Concluded) l NIST is developing standards for the following: - Finger image format for data Interchange - Face image format for data interchange - Iris image format for data interchange - Signature image format for data interchange l NIST is working with International standards organizations for joint standards - ISO (International Standards Organization)

What is Secure Biometrics? l Study the attacks of biometrics systems - Modifying fingerprints - Modifying facial features l Develop a security policy and model for the system - Application independent and Application specific policies - Enforce Security constraints l Entire face is classified but the nose can be displayed - Develop a formal model - Formalize the policy l Design the system and identify security critical components - Reference monitor for biometrics systems

Security Vulnerabilities l Type 1 attack: present fake biometric such a synthetic biometric l Type 2 attack: Submit a previously intercepted biometric data: replay l Type 3 attack: Compromising the feature extractor module to give results desired by attacker l Type 4 attack: Replace the genuine feature values produced by the system by fake values desired by attacker l Type 5 attack: Produce a high number of matching results l Type 6 attack: Attack the template database: add templates, modify templates etc.

Security and Privacy for Biometrics l Privacy of the Individuals have to be protected l CNN News Release: August 29, Distorting Biometrics Enhances Security and Privacy - Biometric data converted to numerical strings by mathematical algorithm for later use - If the mathematical templates are stolen could be dangerous - Researchers have developed method to alter the images in a defined and repeated way - Hackers steal the distortion not the original face or fingerprint