1. Biometric Authentication: Security Issues M. Fahim Zibran February 23, 2009

2. Authentication Definition: “Authentication is the binding of an identity to a subject.” “[Any] security measure designed to establish the validity of a transmission, message, or originator, or a means of verifying an individual’s authorization to receive specific categories of information.” Mechanisms knowledge based possession based physiological/behavioral trait (Biometric) 2

3. Biometric Authentication Fingerprint - 7000 to 6000 BC by the ancient Assyrians and Chinese. Clay pottery and clay seals

4. Security Issues Is biometric revocable? How reliably unique the biometrics are? How universal are the biometrics are? Are biometric traits invariant? How universal are the biometrics are? Biometrics have secondary uses.

5. Security Issues (contd.)

6. False sample presentation spoofing Sensor issues noise and distortion sensor characteristics unavailability of identical sensors Segmentation denial of service attack Feature extraction and QA exploit knowledge about algorithm

7. Security Issues (contd.) Template creation Is it one-way function? Data storage large data size cryptographic hashes not applicable database security Matching determining set of modality weights on modality

8. Security Issues (contd.) Decision based on statistical threshold configurable threshold level susceptible to human error

9. Security Issues (contd.)

10. Classification of Vulnerability Circumvention Covert acquisition (contamination) Collusion and Coercion Denial of Service (DoS) Repudiation

11. Towards Increased Security Multimodal authentication Template encryption Revokable biometric

12. Summary biometric authentication relieves from remembering passwords. accuracy is highly dependent on sensor and signal quality. decision is made based on statistical threshold. originally biometric is non-revokable, but distortion based algorithms may allow revokable use.