1 / 106

Identity A desiderata for the Next Generation Internet

Identity A desiderata for the Next Generation Internet. presented by Pat Burke and Christian Loza University of North Texas at the “Seminar II, Saturday October 6, 2005”. Biometric ID Problem Definition. Conventional password security is NOT secure because passwords tend to be:

leoma
Download Presentation

Identity A desiderata for the Next Generation Internet

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IdentityA desideratafor the Next Generation Internet presented by Pat Burke and Christian Loza University of North Texas at the “Seminar II, Saturday October 6, 2005”

  2. Biometric ID Problem Definition • Conventional password security is NOT secure because passwords tend to be: • Easily guessed • Forgotten • Written down in easily accessible locations • Shared with a friend • Common for a given user across a wide range of applications/systems

  3. Biometric ID Problem Definition • Biometric Identification is one possible solution to the user authentication problem • Biometric ID refers to verifying individuals based on their physical and behavioral characteristics such as face, fingerprint, hand geometry, iris, keystroke, signature, voice, and even body odor. [7] • Two proposed Biometric ID solutions will be presented: • Robust hashing with a one-way transformation [8] • Multimodal Biometric ID [9]

  4. Biometrics ID Problem Definition • Biometric data has some shortcomings: • If compromised, cannot be reset • Storing of actual biometric templates should be avoided • Variability of biometric data precludes the use of exact matching hashing algorithms such as MD-5 and SHA-1 [8] • “Fuzzy” logic must be employed in evaluating the biometric input

  5. Biometric ID Background • Enrollment and Authentication Process

  6. Biometric ID Background • KEY METRICS • False Acceptance Rate • How many unauthorized individuals gain access due to biometric features similar to an authorized user • MUST BE MINIMIZED to maintain security • MUST BE ZERO for some security applications • False Rejection Rate • How many authorized individuals are denied access due to the inability to match their input with their biometric template. • This is an inconvenience, but not a security problem

  7. Biometric ID Background • OTHER METRICS • Time required for the enrollment process • Time required for the verification process • Computer resources utilized for the security system • Memory • Algorithmic efficiency (CPU time)

  8. Robust Hashing • Is it possible to design a robust hashing algorithm such that the hashes of two close inputs are judged identical while those inputs which are not so close will give completely different outputs? • “Features” of the biometric data are selected based upon the type of biometric data chosen • During enrollment, “enough” samples are acquired from each user to obtain a range value (2δ) for EACH feature value.

  9. Robust Hashing • A unique hash value is then assigned to EACH feature and stored (encrypted) for verification • A Gaussian function is then fitted to the data for each feature which results in the assigned hashed output value. • The Gaussian function is then combined with “fake Gaussian peaks” to hide the true input, resulting in a non-invertable one-way transformation

  10. Robust Hashing Parameters of the Guassian non-invertable transforms are stored on “smartcards” of some sort which the user must present at authentication time. TRUE GUASSIAN FUNCTION (red)

  11. Robust Hashing USER AUTHENTICATION

  12. Robust Hashing • Tested against the OLR Database of Faces available at http:/www.uk.research.att.com/facedatabase.html • Consists of 10 different images taken under extensively varying conditions of 40 distinct subjects • 6 of the images for each individual was used in the enrollment phase • The remaining 4 were used in the test sets • 20 features were selected • Tests were conducted with 5% and 10% tolerance factors for the inputs to account for variation in the non-enrolled faces

  13. Robust Hashing • Tested against the OLR Database of Faces available at http:/www.uk.research.att.com/facedatabase.html • Consists of 10 different images taken under extensively varying conditions of 40 distinct subjects • 6 of the images for each individual was used in the enrollment phase • The remaining 4 were used in the test sets • 20 features were selected • Tests were conducted with 5% and 10% tolerance factors for the inputs to account for variation in the non-enrolled faces

  14. Robust Hashing TEST RESULTS FALSE REJECTION RATE How many GOOD GUYS could not get in 15 subjects were correctly identified on 4/4 images with a 10% tolerance factor. 1 subject was NEVER correctly identified using ANY of the 4 images with a 10% tolerance factor. FALSE ACCEPTANCE RATE How many BAD GUYS COULD get in 12 subjects who were NEVER falsely admitted using ANY another person’s credentials with a 5% tolerance factor. 25 subjects WERE authenticated using at least 4 other individual’s credentials at a 10% tolerance factor.

  15. Multimodal • Description of the Dialog Communication System’s BioID commercial user-authentication system • In use in many systems worldwide • Uses three different sources of biometric data to achieve better accuracy than a single feature system • Voice – using a user-resetable “password” • Lip Movement – using the same password • Facial Data

  16. Multimodal • During enrollment, biometric templates are collected for each biometric feature • For authentication, the system compares these templates against the biometric input • The client sets the recognition threshholds for each of the features independently to achieve the desired level of security. [9]

  17. Multimodal • FACE PROCESSING [9] Original image Edge-extracted image Face Model Face model overlaid on the edge-extracted image

  18. Multimodal • FACE PROCESSING Samples of extracted faces: BioID scales all faces to the same size and crops the images uniformly for easier comparison. This photo collection shows 12 individuals. Note the uniformity that the system achieves. [9]

  19. Multimodal • TEST RESULTS • Live Test using 150 individuals for 3 months • “False-acceptance rate significantly below 1 percent, depending on the security level.

  20. Pro’s and Con’s ROBUST HASHING • Scalable – easy to add new users • Secure – lost or stolen ID card not likely to compromise security of the system • Flexible – can be set up using other features than fingerprints PRO CON • Test results not good • Intelligent attacker may be able to fool system with brute force guessing • Much research left to make the system more secure (fewer FAR violations)

  21. Pro’s and Con’s Multimodal BioID • Scalable – easy to add new users • Secure – lost or stolen ID card not likely to compromise security of the system • Flexible – feature values can be manipulated to meet security needs PRO CON • Stable product • Multiple Bio sources make it more secure

  22. Conclusion • Biometrics is a current area of intense research • Multiple Bio-sources should yield a more desirable product

  23. IDENTITY • Second Part: Federated Systems, Identity Management

  24. Desiderata Desiderata What we want • Federate Identity across organizations maintaining access rights and privileges • Web-based Federated Identity integrated with Web-based privilege management systems • One identity, multiple roles across organizations. Trust management and Information sharing between trusted organizations

  25. Desiderata Desiderata • NSF: About the Next generation Internet: In the context of the GENI Research Program “Creating new core functionality: Going beyond existing paradigms of datagram, packet and circuit switching; designing new naming, addressing, and overall identity architectures, and new paradigms of network management;” “Building higher-level service abstractions: Using, for example, information objects, location-based services, and identity frameworks;”

  26. Desiderata Desiderata • Microsoft Research: In the context of The Next Generation Internet “.NET Building Block Services. A new family of highly distributed, programmable developer services that run across standalone machines, in corporate data centers and across the Internet. Services include Identity, Notification and Messaging, Personalization, Schematized Storage, Calendar, Directory, Search and Software Delivery.”

  27. Federated Identity Proposal Bhatti, Bertino and Ghafoor • SSO Single sign on • Effective access control • Decentralized model • Authentication for estrangers • Trust, Anatomy and Privacy • Standardized Approach Towards Improved Federated Identity And Privilege Management System in Open Systems

  28. Proposed Approach Proposal • Proposed Approach

  29. Proposed Approach Proposal > Other approaches • The other approaches • Earlier Authentication/Authorization mechanisms (IAPM, XECB… etc). • X.509 • X.509 PKI + PMI • Kerberos

  30. The Earlier approach Proposal > The Earlier approach

  31. Problems of Earlier Approaches Proposal > Problems of all Traditional Approaches

  32. Credentials Based Systems Kerberos > Credentials Based Systems • Kerberos

  33. Kerberos Based on Tickets Centralized Initiates getting a initial ticket With the ticket, it can request services Credentials Based Systems Kerberos > Credentials Based Systems

  34. Kerberos The authentication process can run in both Master and Slaves machines The slaves are read-only The KDBM manages changes of passwords. WHY? Credentials Based Systems Kerberos > Credentials Based Systems

  35. Kerberos The changes can be introduced in the KDBM Each Kerberos has a realm master machine You can have additional master machines Credentials Based Systems Kerberos > Credentials Based Systems

  36. Kerberos Kerberos > Credentials Based Systems Authorization Authorization Authentication Authentication CREDENTIALS BASED ON ROLES CREDENTIALS BASED ON IDENTITY I know WHO you are, therefore, I know what you are allowed to do. I know WHAT role you are allowed to play Kerberos Desiderata

  37. Credentials Based Systems X.509 > Credentials Based Systems • X.509

  38. Credentials Based Systems X.509 > Credentials Based Systems Proposal X.509 Authorization Authorization Authentication Authentication CREDENTIALS BASED ON ROLES CREDENTIALS BASED ON ROLES BINDS Credentials to a KEY BINDS Credentials to Role

  39. Credentials Based Systems X.509 > Credentials Based Systems Proposal X.509 Authorization Authorization Authentication Authentication CREDENTIALS BASED ON ROLES CREDENTIALS BASED ON ROLES BINDS Credentials to a KEY BINDS Credentials to Role

  40. Credentials Based Systems X.509 > Credentials Based Systems • X.509 PKI + PMI

  41. Credentials Based Systems X.509 > Credentials Based Systems • X.509 PKI + PMI

  42. Credentials Based Systems Authentication Schemes > Credentials Based Systems • X.509 PKI + PMI

  43. Proposed Approach Proposed Approach

  44. Proposed Approach Proposed Approach

  45. Proposed Approach Proposed Approach • XKMS, the four corner approach

  46. Proposed Approach Proposed Approach

  47. Federated IdentityXML Public Protocols Proposed Approach • SAML (Security Assertion Markup Protocol) • XML based • Avoid limitations of cookies • SSO Interoperability: Different implementations can be compatible • Web Services: Suited to work on browser environments • Federations: Can simplify Federation usability

  48. Proposed Approach Proposed Approach

  49. Proposed Approach Proposed Approach • XML Key Signature /

  50. Desiderata Proposed Approach 1. Request page 2. Auto redirect 7. Request page w/credentials 8. Set ticket Roles 4. Request credentials 3. Redirect 5. Login 6. Redirect w/tickets in header

More Related