Biometrics

1
Biometrics

• Zachary Olson and Yukari Hagio
• CIS 4360 Computer Security
• November 19, 2008

2
A definition

• Biometrics is a branch of computer security
  centering on authenticating a persons identity
  based on some physiological or behavioral
  characteristic unique to that person
• Authentication system verifies the identity of a
  user before allowing them access to the internal
  system

3
Stages of Operation

• Enrollment
• Biometric data is collected for a known identity
• Reference template is created and stored
• Authentication
• Identification comparison of biometric data to
  all available data files in a database
• Verification comparison of biometric data to
  previously stored version

4
A Better Approach to Security

• Biometrics is seen as more secure than
  traditional methods
• Biometrics vs. Passwords
• Biometrics vs. Tokens

5
Types of Biometric Authentication

• Fingerprints
• Retina / Iris Scans
• Facial Recognition
• Hand Recognition
• DNA Matching
• Keystroke Recognition

6
Fingerprints

• Ridges vs. Valleys
• Scanning Mechanisms
• Optical Scanner
• Capacitance Scanner

7
Fingerprints (contd.)

• Analyzing a Fingerprint - Minutiae

8
Retina Scans

• Small surface
• Detailed Scan
• Slow scan and compare
• procedure

9
Iris Scans

• More than 250 unique spots
• Compares trabecular meshwork of the iris
• Fast scans
• Requires a human eye

10
Facial Recognition

• Uses a video image to look at distances between
  features and overall structure
• Requires a human face
• Difficulties in finding the features in images

11
Hand Recognition

• Hand geometry not as unique as fingerprints
• Uses hand features and measurements increases
  uniqueness
• Measures up to 90 different points on the hand
  including characteristics of the finger and
  features on the skin
• Seen as less invasive than fingerprints

12
(No Transcript)
13
DNA Matching

• Comparison of a sample of a users DNA with a
  stored sample of the real persons DNA
• DNA is readily available to collect
• Comparison process is slow and not completely
  automated

14
Keystroke Recognition

• Uses rhythm and manner in which characters are
  typed into a keyboard
• Typing characteristics are unique to individuals
• Indicators
• Speed in words per minute
• Delays
• Specific sequences of characters
• Typing errors
• Seek time and hold time

15
Issues / Concerns

• Data Storage
• Accuracy
• Physical Danger
• Privacy

16
Data Storage

• Permanence of Biometric data
• Re-issue is not possible
• Biometric data theft is permanent
• Possible solution decentralization of data
  storage
• Store part of each record in the central database
  and the rest on a smart card with the individual
  user
• Complete records become inaccessible to hackers

17
Accuracy

• No perfect matches in biometrics
• Acceptance range of comparison algorithms
• Types of errors
• False positives accepting wrong identity
• False negatives rejecting correct identity
• Algorithm cut-off level is a compromise between
  the two error types

18
Physical Danger

• Thieves might target property owners to bypass
  biometric security measures
• Example in 2005, car thieves in Malaysia cut off
  a mans finger to bypass the fingerprint reader
  on his Mercedes Benz S Class

19
Privacy

• Questions
• Should organizations or individuals control
  biometric information?
• Can biometric information be used without
  individual consent?
• Can law enforcement agencies demand biometric
  data from individuals for forensic purposes?
• Answers
• ISO 17799
• Department of Health, Education, and Welfare

20
Examples of Biometrics Usage

• Governments worldwide use biometrics for
  passports and airport security.
• Police agencies use fingerprints and DNA for
  identification and forensics.
• Financial institutions use palm/finger vein
  authentication to secure ATMs.
• Companies use biometrics to keep time records,
  secure locations and improve user convenience.

21
(No Transcript)
22
The Future of Biometrics

• September 11, 2001 resulted in unprecedented
  growth for the large-scale deployment of
  biometrics.
• Biometrics is being incorporated into national
  passports worldwide.
• Because of its advantages over traditional
  authentication methods, biometrics will continue
  to helm the endeavor for increased computer
  security.

23
References

• http//www.raysmallopt.co.uk/images/retinal-scan.g
  if
• http//img.dailymail.co.uk/i/pix/2008/05_03/FaceRe
  cogL_468x352.jpg
• http//peninsulatime.com/hk2hand.gif
• http//www.csb.yale.edu/userguides/graphics/ribbon
  s/help/dna_rgb.gif
• http//www.nlc.bc.ca/files/photos/newsreleases/241
  _webcsiprint.jpg
• http//www.core77.com/blog/images/about-biometrics
  .jpg
• http//img100.imageshack.us/img100/7820/imousepo7.
  jpg
• http//www.engadget.com/media/2006/03/palmsecure.j
  pg
• http//www.popsofa.com/wp-content/uploads/2007/12/
  smartscan-biometric-keyless-entry-system.JPG
• http//www.avinashilingam.edu/images/biometric.jpg
  
• http//aftermathnews.files.wordpress.com/2007/11/p
  ay_by_touch.jpghttp//www.biometrics.org/introduc
  tion.php
• http//en.wikipedia.org/wiki/Biometrics
• http//www.biometrics.dod.mil/Bio101/1.aspx
• http//computer.howstuffworks.com/fingerprint-scan
  ner1.htm

24
References (contd.)

• http//www.aimglobal.org/technologies/biometrics/b
  iometric_retinalscan.asp
• http//www.globalsecurity.org/security/systems/bio
  metrics-eye_scan.htm
• http//ctl.ncsc.dni.us/biomet20web/BMIris.html
• http//ctl.ncsc.dni.us/biomet20web/BMFacial.html
• www.rand.org/pubs/documented_briefings/DB396/DB396
  .pdf
• http//www.cse.msu.edu/cse891/Sect601/CaseStudy/D
  NABiometricIdentifier.pdf
• Langenderfer, J. Linnhoff, S. (2005). The
  Emergence of Biometrics and Its Effect on
  Consumers. The Journal of Consumer Affairs, 39,
  314-38. Retrieved 9 November 2008 from H.W.
  Wilson database.
• Barton, B., Byciuk, S., Harris, C. (2005). The
  Emerging Cyber-Risks of Biometrics. Risk
  Management, 52, 26-8, 30-1. Retrieved 6 November
  2008 from H.W. Wilson database.
• Gates, K. (2006). Biometrics and Access Control
  in the Digital Age. NACLA Report on the Americas,
  39, 35-40. Retrieved 12 November 2008 from H.W.
  Wilson database.
• http//www.duke.edu/rob/kerberos/authvauth.html