1 / 13

Biometric Information Management For Security

Biometric Information Management For Security. Phillip H. Griffin Griffin Consulting 1625 Glenwood Avenue Hayes Barton at Five Points Raleigh, North Carolina 27608-2319 USA +1 919 291 0019 phil.griffin@asn-1.com. OASIS XCBF TC. XCBF - XML Common Biometric Format

emilia
Download Presentation

Biometric Information Management For Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Biometric Information Management For Security Phillip H. Griffin Griffin Consulting 1625 Glenwood Avenue Hayes Barton at Five Points Raleigh, North Carolina 27608-2319 USA +1 919 291 0019 phil.griffin@asn-1.com

  2. OASIS XCBF TC • XCBF - XML Common Biometric Format • X9.84Biometric Information Management and Security • BioAPI Specification Version 1.0 and 1.1 • CBEFF - Common Biometric Exchange File Format • X.693 - ASN.1 XML Encoding Rules (XER) • X9.96 XML Cryptographic Message Syntax- X9.73 Cryptographic Message Syntax- X.509 Certificates 1024 bytes- X9.68 Compact Domain Certificates 170 bytes

  3. XCBF/X9.84 BiometricObject <?xml version="1.0" encoding="UTF-8"?> <!-- Generated by Griffin Consulting Biometric Security Java Tools --> <BiometricObject> <biometricHeader> <version> <hv1/> </version> <recordType> <id> <finger-Image/> </id> </recordType> <dataType> <processed/> </dataType> <purpose> <enroll/> </purpose> <quality> <highest/> </quality> <format> <formatOwner> <id> <ibia-SecuGen/> </id> </formatOwner> <formatType> <INTEGER> 1 </INTEGER> </formatType> </format> </biometricHeader> <biometricData> 14000000F40100000100120003 ... 000000000EC010000BEF7F15DC593F44F </biometricData> </BiometricObject>

  4. X9.84 Revelation • Biometric data cannot be kept confidential • faces can be photographed • voices can be recorded • fingerprints can be lifted • signatures can be copied • Thus the security of an authentication system cannot rely on secrecy of biometric data • Instead, must ensure the integrity and authenticity of the biometric data – privacy is optional

  5. X9.84 in a Nutshell • Establishes a FRAMEWORK consisting of components • Data Capture, Signal Processing, Matching, Storage, etc. • Defines REQUIREMENTS for operating a biometric authentication system in a financial services environment • Enrollment, Verification, Identification and Storage • Provides TECHNIQUIES satisfying the privacy, integrity and authenticity requirements for biometric data (ASN.1) • Harmonized w/ NISTR 6529 CBEFF & BioAPI Specification 1.0 • Offers comprehensive set of CONTROL OBJECTIVES • professional auditor can validate a biometric authentication system

  6. XER/DERBiometric Object Biometric Validation Control Objectives X9.84 Biometric Security CBEFF Cryptographic Service Provider XCBF Biometric Architecture Application BIR BioAPI Framework Biometric Service Provider

  7. XCBF Integrity BiometricSyntax and ASN.1 Encoding Rules (DER, XER) • Integrity and mutual authentication requirements Unprotected Integrity • Algorithm Identifier • RSA / SHA-1 • DSA / SHA-1 • ECDSA / SHA-1 • MAC or HMAC • Security Info • algorithm parameters • key management info • Integrity Value • digital signature • MAC [0] Biometric Header [1] Biometric Header Biometric Data (BD) Biometric Data (BD) • Integrity Block • AID • Security Info • Integrity Value

  8. XCBF Integrity ASN.1 BiometricObject can be digitally signed, MACed (or HMAC), or used in CMS SignedData or CMS AuthenticatedData using DER or XER Unprotected Integrity [0] Biometric Header [1] Biometric Header IntegrityObject ::= SEQUENCE { biometricObject BiometricObject, integrityBlock IntegrityBlock } IntegrityBlock ::= CHOICE { signature Signature, mac Mac, signedData SignedData, authenticateData AuthenticatedData } Biometric Data (BD) Biometric Data (BD) • Integrity Block • AID • Security Info • Integrity Value

  9. XCBF Privacy Biometric Syntax and ASN.1 Encoding Rules (DER, XER) • Privacy Option Unprotected Privacy • Algorithm Identifier • DES • Triple DES • AES • Security Info • algorithm parameters • key management info • Biometric Data • encrypted data [0] Biometric Header [2] Biometric Header Biometric Data (BD) • Privacy Block • AID • Security Info • Biometric Data Biometric Data (BD) Biometric Data (BD) encrypt

  10. XCBF Privacy ASN.1 BiometricObject can be used in CMS EncryptedData, CMS EnvelopedData or encrypted with a named key using DER or XER encoding rules Unprotected Privacy PrivacyObject ::= SEQUENCE { biometricHeader BiometricHeader, privacyBlock PrivacyBlock } PrivacyBlock ::= CHOICE { fixedKey EncryptedData, namedKey NamedKeyEncryptedData, establishedKey EnvelopedData } NamedKeyEncryptedData ::= SEQUENCE { keyName OCTET STRING, encryptedData EncryptedData } [0] Biometric Header [2] Biometric Header Biometric Data (BD) • Privacy Block • AID • Security Info • Biometric Data Biometric Data (BD) Biometric Data (BD) encrypt

  11. XCBF Integrity & Privacy Biometric Syntax and ASN.1 Encoding Rules (DER, XER) • Integrity and authentication with privacy [0] Biometric Header [1] Biometric Header [3] Biometric Header Biometric Data (BD) Biometric Data (BD) • Privacy Block • AID • Security Info • Biometric Data encrypt • Integrity Block • AID • Security Info • Integrity Value • Integrity Block • AID • Security Info • Integrity Value generate digital signature

  12. XCBF Integrity&Privacy ASN.1 Biometric Syntax and ASN.1 Encoding Rules (DER, XER) • Integrity and authentication with privacy [1] Biometric Header [3] Biometric Header PrivacyAndIntegrityObject ::= SEQUENCE { biometricHeader BiometricHeader, privacyBlock PrivacyBlock, integrityBlock IntegrityBlock } Represented in XML as <PrivacyAndIntegrityObject> <biometricHeader> ... </biometricHeader> <privacyBlock> ... </privacyBlock> <integrityBlock> ... </integrityBlock> </PrivacyAndIntegrityObject> Biometric Data (BD) • Privacy Block • AID • Security Info • Biometric Data encrypt • Integrity Block • AID • Security Info • Integrity Value • Integrity Block • AID • Security Info • Integrity Value

  13. Useful Links XCBF and X9.84 rely heavily on ITU-T SG17 Technologies.ASN.1 X.680 and X.690 - Directory X.500 Standards Module Database http://www.itu.int/ITU-T/asn1/database/index.html Syntax Checker and Books http://www.ossnokalva.com/ Recommendations http://www.itu.int/ITUT/studygroups/com17/languages/index.html Host:ftp://ties.itu.int login: asn1 password: notation1 Griffin Consulting -Secure Messaging Design, Tools and Services http://ASN-1.com/

More Related