Download presentation
Presentation is loading. Please wait.
Published byDorcas Robinson Modified over 9 years ago
1
Emerging Biometric Applications Expectations meet Reality
2
An Emerging Technology
3
What are Biometrics? The term biometrics refers to a science involving the standard analysis of biological characteristics. A biometric is a unique, measurable characteristic or trait of a human being for automatically recognising or verifying identity.
4
Who are you? No, who are you, really???
5
Authentication Methods in Network & Internet Security Something you are Biometrics Positive identification Never lost or stolen Something you know Passwords PINs Mother’s maiden name Something you have ATM card Smart card Digital certificate
6
Biometric Techniques Identification of all the biometric methods, both mainstream and ‘esoteric,’ known to the group. Consider methods that relate to non-humans and also combinations of methods.
7
Biometrics Innate Iris Retina Ear Fingerprint Palm / hand Face (visual & heat) Skin detail / veins DNA / Blood / Saliva / anti-bodies Heart rhythm Footprint Lips Behavioral Gait Signature Typing style Mixed Voice Body odour
8
Why Biometrics? “Biometric identification (e.g., fingerprints, face and voice) will emerge as the only way to truly authenticate an individual, which will become increasingly important as security and privacy concerns grow.” - Gartner Group 26 th April 2000
9
How do Biometrics Work? Enrollment: Add a biometric identifier to a database Fingerprint, Voice, Facial or Iris Verification: Match against an enrolled record Present biometric CaptureProcess Store Present biometric Capture Process Compare Match IDENTIFIED No Match DENIED
10
Fingerprint Image Identification
11
Randomness
12
Accuracy v. Affordability v. Acceptability 0 1 2 3 4 Accuracy >> Affordability >> Courtesy, Veridicom Corp.
13
Benefits for the Consumer
14
Benefits of Biometrics Biometrics link a particular event to a particular individual, not just to a password or token, which may be used by someone other than the authorized user
15
Business Scenarios The password problem Remote access Who is using our fee-based web- site? Challenge-response tokens Too many physical-access devices Protecting the single-sign-on vault
16
Password Rules (an obligatory cartoon)
17
How Do You Remember Passwords?
18
The Password Problem They’re either too easy or they’re written down somewhere! Users forget them! Help Desk has to sort out the mess!
19
Password Survey Every user requesting password reset received survey 50% response “No recriminations” policy Source - CCH
20
The Password Problem Good passwords are bad for users
21
The Password Problem Write it Down 4728816 % of respondents Never OccasionallyOftenAlways
22
The Password Problem User Overload 57367 No of Pswds % 1-34-67-9
23
The Password Problem User Impact 462295 Password Resets % Zero1-23-6> 6
24
The Password Problem Wait Time
25
The Password Problem Impact on Productivity
26
The Password Problem Who Knows your Password?
27
The Password Problem How Many Passwords do you Know?
28
The Password Problem Resets per Year 4 62295 % of respondents Zero1-23-6> 6 Source: CCH
29
The Password Problem Identifiable costs Lost productivity Flow-on productivity losses Support team Management and infrastructure US research - $340 per incident* Anecdotal – some incidents over $AU10,000 *BioNetrix Corp - www.bionetrix.com/inserts.pdf
30
Choosing Technologies and Partners
31
Privacy Concerns and Ethics Criminal stigma 3rd party use of data Sold or given for other than intended purpose Provided to law enforcement Unauthorized access Identity theft “Tracking” of actions through biometrics Religious objections - “Mark of the Beast”
32
Australian Privacy Act NPP 4 – Data Security An organisation must take reasonable steps to protect the personal information it holds from misuse and loss and from unauthorised access, modification or disclosure.
33
Privacy Policy Recommendations 5 basic principles Notice – disclose ALL data captured Access –anyone can view their stored data Correction Mechanism Informed Consent – no 3 rd -party involvement Reliability & Safeguarding
34
Who would use Biometrics Strong identification and authentication Medium – high data security Non-repudiation (I didn’t do it!)
35
Who would use Biometrics The last metre Fee-for-service web sites e-Commerce transaction verification
36
Selecting Biometric Technologies User / environment considerations Cooperative/non-cooperative users Overt/covert capture Habituated/non-habituated Attended/unattended Public/private Indoor/outdoor Possible interference User lifestyle/occupation Compatibility with existing/legacy systems
37
Selecting Biometric Technologies Technology factors Cost Accuracy Ease of use Public acceptance Long term stability Existence/use of standards Barriers to attack Track record of vendor/product Availability of alternate sources Scalability
38
Technology Comparison
39
Accuracy False rejection rate Measures how often an authorized user, who should be recognized by the system, is not recognized. I am not recognised as me! False acceptance rate Measures how often a non-authorized user, who should not be recognized by the system, is falsely recognized. You are pretending to be me!
40
Matching vs. Non- Matching Prints Non-matching prints Matching prints Matching Threshold False non-matchesFalse matches d
41
FRR vs. FAR FAR / FRR are loosely inverse FAR = FER = Equal Error Rate Threshold FAR FRR Error Rate Failure to enroll rate (FER) Measures how often users are unable to enroll a biometric record
42
Selecting a Biometric Solution
43
Biometrics Institute Recently incorporated Impartial tester Education source Government & industry funded www.biomet.org support@biomet.org “Introduction to Biometrics” 1-day course September 25th
44
What problem are we solving? If biometrics is the answer, what’s the question?
45
Reference Sites Health Health Technologies (Australia) Patient Records Capital Coast Health (NZ) Access security & SSO e-Commerce (Australia ) e-Contracts Big Sky Contracting Social Security States of New Jersey, Virginia, Connecticut Social Welfare systems Banking & Finance ING Direct (Canada) On-line banking ABN AMRO (Australia) Network Security Pt Makindo (Indonesia) Network Security On-line Trading Government Network Security and ID systems Defence – Stratcom US GSA – Govt-wide Smart Card Program
46
What are some of the products?
47
Biometric Scanning Devices Veridicom 5 th Sense Fingerprint Scanner Secugen EyeD Mouse II Scanner Sensar Iris Scanner PC Video Camera Telex Microphones Phoenix Keyboards Veridicom ‘Combo’ Fingerprint & SmartCard Scanner
48
SAF/2000 SAF/NT System requirements Versions Hardware Client environment
49
Data Flow During Login 9x/NT client Login Server SAFserver Biometric device BSP 1. Client displays NRIgina.dll 6. SAFserver determines validity of biometric 2. Client accepts username passed to SAFserver 3. SAFserver advises login method 4. Client collects biometric 5. Summarized biometric passed to SAFserver for confirmation 7. If user is valid, SAFserver passes user password to client 8. Client passes username and password to login server to complete the login
50
NMAS Modular interface to NDS Choice of biometric method & supplier Multiple & graded authentication Free starter pack Enterprise Edition
51
Graded Authentication
52
Veridicom Protector Suite Logon Protector – secure log-on based on fingerprints and smart cards FileDisk Protector - strong on-line encryption in a virtual disk Password Protector – PasswordBank for applications and Internet access PKI Protector – En/decrypt email and www user authentication using PKI
53
More Information SAFLINK Corporation http://www.saflink.com/safnmas http:// www.saflink.com/ Biometric Consortium http:// www.biometrics.org International Computer Security Association http:// www.icsa.net Biometrics in Human Services Newsletter http:// www.dss.state.ct.us/digital.htm Biometric Technology Today http:// www.sjb.co.uk The International Biometric Society http:// www.tibs.org The Connecticut Project http://www.dss.state.ct.us/digital.htm Human Identification in Information Systems http://www.anu.edu.au/people/Roger.Clarke/DV/HumanID
54
More Information International Biometric Industry Association http://www.ibia.org/ BioAPI Consortium http://www.bioapi.org/ Biometric Digest http://biodigest.com Association for Biometrics (Europe) http://www.afb.org.uk National Biometric Test Centre http://www.engr.sjsu.edu/biometrics/ Biometrics Research http://biometrics.cse.msu.edu/ International Biometric Group http://www.biometricgroup.com/ Biometrics Scanning, Law & Policy http://www.pitt.edu/%7Elawrev/59%2D1/woodward.htm
55
And for a Negative View… Biometrics http://www.666soon/biometri.htm Fight the Fingerprint http://www.networkusa.org/fingerprint.shtml
56
Give Passwords the Finger!
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.