Presentation is loading. Please wait.

Presentation is loading. Please wait.

Biometric Authentication in a Wireless Environment

Published byRandolph Bruce Modified over 6 years ago

Similar presentations

Presentation on theme: "Biometric Authentication in a Wireless Environment"— Presentation transcript:

1 Biometric Authentication in a Wireless Environment
Alex Kotlarchyk Florida Atlantic University 9/17/2018

2 Goals Biometric protocols suitable for a wireless networked environment Secure system/network access via biometric authentication Secure wireless transmission of biometric data 9/17/2018

3 Why Wireless Biometrics?
Combination of two rapidly growing technologies Biometric systems for verification and identification Homeland Security Wireless systems for mobility Over 1 trillion wireless phone min. in US, 2004 Common advantage is convenience 9/17/2018

4 Current Examples of Biometric Deployments
Eastern Financial’s Boca Mission Bay branch Handprint scan to unlock the door to safe deposit boxes Statue of Liberty Fingerprint scan to access lockers Nine Zero hotel in Boston Iris scan for entrance to $3,000-a-night suite Piggly-Wiggly grocery stores Testing pay-by-fingerprint system Bank of Tokyo-Mitsubishi Credit cards w/ embedded vein-pattern information 9/17/2018

5 Human authentication Types of human authentication
What you know (secret) Password, PIN, mother’s maiden name What you have (token) ATM card, smart card What you are (biometric) Stable: fingerprint, face, iris Alterable: voice, keystroke Where you are (authorization?) Wireless 9/17/2018

6 Suitability of Biometrics
Paradox of secure biometrics A biometric is stable and distinctive. This is good for identification. However, something unique can never be changed. This is not so good for verification if the biometric is compromised. Furthermore, a biometric is not a secret, so it can be found and copied. This is bad. So, are stability and uniqueness not good after all? 9/17/2018

7 Keyspace Number of possible codewords (CW) Token Password
12-digit: CW = 10^12 CWs Password Full 62 ASCII alphanumeric chars used randomly in an 8-char password = over 10^14 CWs Most actual users selection ≈ 10^6 CWs, so in practice, the 12-digit token is more secure Biometrics (2001 technology, may change) ≈ inverse of FAR Iris ≈ 10^6 CWs Fingerprint ≈ 10^4 CWs Voice ≈ 10^3 CWs Face ≈ 10 → 100 CWs 9/17/2018

8 Increasing Keyspace Combined authentication to increase keyspace
Multibiometric authentication More than one biometric Combine standard biometrics (e.g. face and fingerprint (multimodal), or multiple fingerprints) Combine standard biometric with “soft” biometric Soft biometric = gender, height, race, eye color, etc. Multifactor authentication More than one authentication type Combine biometric w/ password or token 9/17/2018

9 9/17/2018 Source: Technology Review, June 2004

10 Biometric Advantages Convenience Can’t be loaned
Can’t be lost (in general) Can’t be forgotten Can’t be loaned Mostly unique (matching may not be) Perceived strong non-repudiation Does not change significantly (in general) (Ident.) Both verification and identification applications 9/17/2018

11 Biometric Disadvantages
Ability to authenticate dependent on technology (FAR, FRR) Personal data, but not secret/secured data Easy to copy raw data Cost of technology Non-revocable Cannot change if compromised (Ver.) Inexact matching (variable presentation) Social acceptance 9/17/2018

12 Biometric Authentication System
9/17/2018 Source: Podio, NIST

13 Template Size 9/17/2018

14 Wireless Biometric System Security
Security issues Biometric authentication to ensure secure access to the system/network In other words, wireless system access security Wireless message authentication to ensure secure transmission of biometric data In other words, personal information security and privacy across the wireless network Physical security Devices, computers, transmitters/receivers, etc. 9/17/2018

15 Biometric Authentication Threats
9/17/2018

16 Defense of Biometric System
Capture device presented with ‘false’ biometric e.g. fake finger, short video, high-res color iris image, latent image Use biometric ‘in addition’ not ‘instead of’ (multi-verification) Vitality sensor, 3-D confirmation 9/17/2018

17 Defense of Biometric System (continued)
Modification of capture device Only a problem if capture and template generation (and maybe matching) are done on the device (trusted biometric device) Tightly integrate capture mechanism with processing hardware Ruggedize device Display physical sign of tampering Inactivate if tampered (TILT!) Encryption of template 9/17/2018

18 Defense of Biometric System (continued)
Remainder are network security or template database security issues Wireless network security will be discussed Database security is beyond the scope of this presentation Don’t forget OS security 9/17/2018

19 Biometric Cryptography
Use of biometric data for encryption & decryption “fuzzy” commitment, vault – Ari Juels, RSA Labs 9/17/2018

20 Biometric Cryptography (example)
Enroll (Encrypt) Template (key) Password (hashed) E(h(Pwd)) “stored” compare Within Threshold? Template (key) “live” Hamming Distance = 2 Verify (Decrypt) 9/17/2018

21 Biometrics Standards Common Biometric Exchange File Format (CBEFF)
ANSI-NIST-ITL-2000 Data exchange & quality Criminal identification American Association for Motor Vehicle Administration (AAMVA) DL/ID 2000 FBI Wavelet Scalar Quantization (WSQ) – fingerprint image (de)compression Electronic Fingerprint Transmission Standard (EFTS) Intel Common Data Security Architecture (CDSA) ANSI X9.84 – Biometric data security (life cycle) Originally developed for financial industry; uses CBEFF APIs Open: BioAPI, Java Card Biometric API; uses CBEFF Proprietary: BAPI …what is Microsoft planning? XCBF XML Common Biometric Format from OASIS; uses CBEFF Mechanisms for secure transmission, storage, integrity, & privacy of biometrics 9/17/2018

22 Biometric Standards Recently from NIST…
Biometric Data Specification for Personal Identity Verification (PIV) January 24, 2005 (Draft) New standards governing interoperable use of identity credentials to allow physical and logical access to federal government locations and systems Technical and formatting requirements for biometric credentials Restricts values and practices for fingerprints and facial images Geared toward FBI background checks and formatting data for a PIV card CBEFF and BioAPI compliant 9/17/2018

23 CBEFF - Overview Framework for sharing raw or template data
Supports encryption & digital signature for security File = SBH (header) + BSMB (data) + SB (signature) Patrons identify the data format Approved interchange formats Finger Minutiae, Finger Pattern, Finger Image, Face Recognition, Iris, Signature/Sign, Hand Geometry SBH – Standard Biometric Header BSMB – Biometric Specific Memory Block SB – Signature Block 9/17/2018

24 CBEFF Patron Formats Format A – The CBEFF Data Structure
Patron: CBEFF Small embedded or legacy systems, limited storage No data exchange between systems Format B – The BioAPI Specification Biometric Identification Record (BIR) Format Patron: BioAPI Consortium BioAPI compliant systems Client / server data exchange Format C – ANSI X9.84 Biometric Object Patron: ANSI Subcommittee X9, Working Group F4 Large systems Data exchange in a secure manner with authentication Format D – Biometric Information Data Objects for Use Within Smart Cards or Other Tokens (recent)… e.g. Java Card 9/17/2018

25 Wireless Advantages Mobility Flexibility Cost Productivity Aesthetics
Easier to relocate and configure More scalable Cost No cost due to physical barriers, private property. Productivity More opportunity to connect Aesthetics No clutter from wires Robustness Less physical infrastructure to damage and repair 9/17/2018

26 Wireless Disadvantages
Lower channel capacity Limited spectrum available Power restrictions Noise levels Noise and interference Frequency allocation U.S. – FCC Greater security concern Information traveling in free space 9/17/2018

27 Wireless Protocols Network domains Broadband Cellular networks
IEEE , Worldwide Interoperability for Microwave Access (WiMAX) – framework, not single system or class of service Cellular networks Global System for Mobile communication (GSM) Universal Mobile Telecommunications System (UMTS =WCDMA) Cordless systems Time Division Multiple Access (TDMA) Time Division Duplex (TDD) Mobile Internet Protocol (Mobile IP) Wireless Local Area Network (WLAN) IEEE (Wi-Fi) a,b,g (n … not yet ratified) Wireless Personal Area Network (WPAN) IrDA, Bluetooth, ultra wideband, wireless USB Home Automation (narrow band) Infineon, ZigBee, Z-Wave 9/17/2018

28 Wireless Protocol Comparison
HSDPA = High Speed Downlink Packet Access 9/17/2018 Source: PC Magazine, March 22, 2004

29 Security and Protocols
Security domains Application security Wireless Application Protocol (WAP) Uses Wireless Transport Layer Security (WTLS) Current Class 2 devices based on IETF SSL/TLS Future Class 3 devices will use a WAP Identity Module (WIM) Web services Simple Object Access Protocol (SOAP) – toolkits available for Java & .NET Operating system security (Java run-time, Palm OS, Microsoft Windows CE) Device security (PINs, pass-phrases, biometrics) Security of wireless protocols IEEE (Wi-Fi) Wireless Encryption Protocol (WEP)… weak and flawed Wi-Fi Protected Access (WPA). Uses Temporal Key Integrity Protocol (TKIP) IEEE i – Wireless Security spec. (WPA, AES, FIPS compliant) Authentication security Remote Authentication Dial In User Service (RADIUS) Kerberos SSL 9/17/2018

30 Network Encryption Secure Shell (SSH) Secure Socket Layer (SSL)
Application Layer Secure remote connection replacement for telnet, rlogin, rsh Secure Socket Layer (SSL) Transport Layer Security (TLS) Uses TCP & has specific port numbers Main use is HTTPS (port 443) Internet Protocol Security (IPSec) Network Layer Includes a key management protocol Included in IPv6 TLS = Transport Layer Security 9/17/2018

31 Network System Architecture
Where does authentication happen? Device Data not externally transmitted Local Computer Data transmitted between device(s) and PC (WPAN) LAN-Connected Computer Data transmitted locally (WLAN) Remote Computer Data transmitted remotely (WWAN) Application dependent Data transmitted between capture device and database Database template storage requirement = template size * number of templates 9/17/2018

32 Avenues of Attack = wireless LAN- connected Computer Local Computer
Remote Computer Capture Device WAN 9/17/2018

33 Wireless Security Issues
Denial of Service (DoS) Jamming…Use Spread Spectrum (DSSS, FHSS) technology As a device battery attack, i.e., more processing = more battery usage Eavesdropping Signal is in the open air (war dialing) Theft or loss of device Due to size, portability, and utility Dependency on public-shared infrastructure What security is in place? Masquerading Rogue clients pretend to be legitimate endpoint Rogue access points trick clients to logging in Malware Worms (Cabir) and Viruses (Timfonica, Phage) on wireless devices Use Antivirus software DSSS – Direct-Sequence Spread Spectrum FHSS – Frequency-Hopping Spread Spectrum 9/17/2018

34 Wireless Security Paradox
We use wireless devices for convenience Security measures often decrease convenience and performance Result: Security features are often disabled or given lower priority 9/17/2018

35 System Design Considerations
Verification Are you who you claim to be (or are supposed to be)? 1:1 matching Usually consensual Typically smaller template databases Authorization (computer, network, building) Identification Who are you? 1:n matching Often no explicit consent or awareness Typically larger template databases Surveillance (homeland and border security), forensics, criminal investigation (AFIS) Why not both? i.e. You are not who you say you are, so who are you? 9/17/2018

36 Scenario: Biometrics at the Airport
Workforce security Biometric authentication Identify all employees who require restricted area access ID card encoded to protect data Biometric scanning devices networked at access control points to permit/deny access Facility integrity Employees w/ vehicle access must be authenticated via biometrics Access control within aircraft Biometric devices for authorized personnel to access sensitive areas within aircraft Communications infrastructure Networked biometric scanning stations Passenger security Authenticate passengers with passports or ID cards containing encoded biometrics Identify suspicious or unknown people with biometric surveillance 9/17/2018

37 Putting it Together How do we maximize advantages and minimize disadvantages when a biometric system is combined with a wireless system for an optimal wireless biometric system? 9/17/2018

38 Future Research Pattern for “fuzzy” matching? Biometric cryptography
Biometrics, digital watermarks, IDS, search engines Biometric cryptography Biometric key generation Fuzzy matching methodologies Embedding biometric keys within wireless protocols X.509 certificates Protocol payload area Protocol header (authentication) area Use coefficients? (polynomial, elliptic curve) 9/17/2018

Download ppt "Biometric Authentication in a Wireless Environment"

Similar presentations

Network Security.

Network Security.
Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.
Lecture 6 User Authentication (cont)

Lecture 6 User Authentication (cont)
(Biometrics Consortium)

(Biometrics Consortium)
Computer Security Biometric authentication Based on a talk by Dr J.J. Atick, Identix, “Biometrics in the Decade of Security”, CNSS 2003.

Computer Security Biometric authentication Based on a talk by Dr J.J. Atick, Identix, “Biometrics in the Decade of Security”, CNSS 2003.
Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.

Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
BIOMETRICS AND NETWORK AUTHENTICATION Security Innovators.

BIOMETRICS AND NETWORK AUTHENTICATION Security Innovators.
Wireless Encryption By: Kara Dolansky Network Management Spring 2009.

Wireless Encryption By: Kara Dolansky Network Management Spring 2009.
Business Data Communications, Fourth Edition Chapter 10: Network Security.

Business Data Communications, Fourth Edition Chapter 10: Network Security.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
B IOMETRICS Akash Mudubagilu Arindam Gupta. O VERVIEW What is Biometrics? Why Biometrics? General Biometric System Different types of Biometrics Uses.

B IOMETRICS Akash Mudubagilu Arindam Gupta. O VERVIEW What is Biometrics? Why Biometrics? General Biometric System Different types of Biometrics Uses.
 An electrical device that sends or receives radio or television signals through electromagnetic waves.

 An electrical device that sends or receives radio or television signals through electromagnetic waves.
Karthiknathan Srinivasan Sanchit Aggarwal

Karthiknathan Srinivasan Sanchit Aggarwal
Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.

Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.
Security Equipment Equipment for preventing unauthorised access to data & information.

Security Equipment Equipment for preventing unauthorised access to data & information.
Chapter 10: Authentication Guide to Computer Network Security.

Chapter 10: Authentication Guide to Computer Network Security.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
WEP-WAP 10/7/20151. 2 Goals Biometric protocols suitable for a wireless networked environment Secure system/network access via biometric authentication.

WEP-WAP 10/7/ Goals Biometric protocols suitable for a wireless networked environment Secure system/network access via biometric authentication.

Similar presentations

Ads by Google