Download
biometrics n.
Skip this Video
Loading SlideShow in 5 Seconds..
Biometrics PowerPoint Presentation

Biometrics

179 Views Download Presentation
Download Presentation

Biometrics

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Biometrics Zachary Olson and Yukari Hagio CIS 4360 Computer Security November 19, 2008

  2. A definition • Biometrics is a branch of computer security centering on authenticating a person’s identity based on some physiological or behavioral characteristic unique to that person • Authentication system: verifies the identity of a user before allowing them access to the internal system

  3. Stages of Operation • Enrollment • Biometric data is collected for a known identity • Reference template is created and stored • Authentication • Identification: comparison of biometric data to all available data files in a database • Verification: comparison of biometric data to previously stored version

  4. A Better Approach to Security… • Biometrics is seen as more secure than traditional methods: • Biometrics vs. Passwords • Biometrics vs. Tokens

  5. Types of Biometric Authentication • Fingerprints • Retina / Iris Scans • Facial Recognition • Hand Recognition • DNA Matching • Keystroke Recognition

  6. Fingerprints • Ridges vs. Valleys • Scanning Mechanisms • Optical Scanner • Capacitance Scanner

  7. Fingerprints (contd.) • Analyzing a Fingerprint - Minutiae

  8. Retina Scans • Small surface • Detailed Scan • Slow scan and compare procedure

  9. Iris Scans • More than 250 unique spots • Compares trabecular meshwork of the iris • Fast scans • Requires a human eye

  10. Facial Recognition • Uses a video image to look at distances between features and overall structure • Requires a human face • Difficulties in finding the features in images

  11. Hand Recognition • Hand geometry not as unique as fingerprints • Uses hand features and measurements increases uniqueness • Measures up to 90 different points on the hand including characteristics of the finger and features on the skin • Seen as less invasive than fingerprints

  12. DNA Matching • Comparison of a sample of a user’s DNA with a stored sample of the real person’s DNA • DNA is readily available to collect • Comparison process is slow and not completely automated

  13. Keystroke Recognition • Uses rhythm and manner in which characters are typed into a keyboard • Typing characteristics are unique to individuals • Indicators • Speed in words per minute • Delays • Specific sequences of characters • Typing errors • Seek time and hold time

  14. Issues / Concerns • Data Storage • Accuracy • Physical Danger • Privacy

  15. Data Storage • Permanence of Biometric data • Re-issue is not possible • Biometric data theft is permanent • Possible solution: decentralization of data storage • Store part of each record in the central database and the rest on a smart card with the individual user • Complete records become inaccessible to hackers

  16. Accuracy • No perfect matches in biometrics • Acceptance range of comparison algorithms • Types of errors • False positives: accepting wrong identity • False negatives: rejecting correct identity • Algorithm cut-off level is a compromise between the two error types

  17. Physical Danger • Thieves might target property owners to bypass biometric security measures • Example: in 2005, car thieves in Malaysia cut off a man’s finger to bypass the fingerprint reader on his Mercedes Benz S Class

  18. Privacy • Questions • Should organizations or individuals control biometric information? • Can biometric information be used without individual consent? • Can law enforcement agencies demand biometric data from individuals for forensic purposes? • Answers • ISO 17799 • Department of Health, Education, and Welfare

  19. Examples of Biometrics Usage • Governments worldwide use biometrics for passports and airport security. • Police agencies use fingerprints and DNA for identification and forensics. • Financial institutions use palm/finger vein authentication to secure ATMs. • Companies use biometrics to keep time records, secure locations and improve user convenience.

  20. The Future of Biometrics September 11, 2001 resulted in unprecedented growth for the large-scale deployment of biometrics. Biometrics is being incorporated into national passports worldwide. Because of its advantages over traditional authentication methods, biometrics will continue to helm the endeavor for increased computer security.

  21. References • http://www.raysmallopt.co.uk/images/retinal-scan.gif • http://img.dailymail.co.uk/i/pix/2008/05_03/FaceRecogL_468x352.jpg • http://peninsulatime.com/hk2hand.gif • http://www.csb.yale.edu/userguides/graphics/ribbons/help/dna_rgb.gif • http://www.nlc.bc.ca/files/photos/newsreleases/241_webcsiprint.jpg • http://www.core77.com/blog/images/about-biometrics.jpg • http://img100.imageshack.us/img100/7820/imousepo7.jpg • http://www.engadget.com/media/2006/03/palmsecure.jpg • http://www.popsofa.com/wp-content/uploads/2007/12/smartscan-biometric-keyless-entry-system.JPG • http://www.avinashilingam.edu/images/biometric.jpg • http://aftermathnews.files.wordpress.com/2007/11/pay_by_touch.jpghttp://www.biometrics.org/introduction.php • http://en.wikipedia.org/wiki/Biometrics • http://www.biometrics.dod.mil/Bio101/1.aspx • http://computer.howstuffworks.com/fingerprint-scanner1.htm

  22. References (contd.) • http://www.aimglobal.org/technologies/biometrics/biometric_retinalscan.asp • http://www.globalsecurity.org/security/systems/biometrics-eye_scan.htm • http://ctl.ncsc.dni.us/biomet%20web/BMIris.html • http://ctl.ncsc.dni.us/biomet%20web/BMFacial.html • www.rand.org/pubs/documented_briefings/DB396/DB396.pdf • http://www.cse.msu.edu/~cse891/Sect601/CaseStudy/DNABiometricIdentifier.pdf • Langenderfer, J. & Linnhoff, S. (2005). The Emergence of Biometrics and Its Effect on Consumers. The Journal of Consumer Affairs, 39, 314-38. Retrieved 9 November 2008 from H.W. Wilson database. • Barton, B., Byciuk, S., & Harris, C. (2005). The Emerging Cyber-Risks of Biometrics. Risk Management, 52, 26-8, 30-1. Retrieved 6 November 2008 from H.W. Wilson database. • Gates, K. (2006). Biometrics and Access Control in the Digital Age. NACLA Report on the Americas, 39, 35-40. Retrieved 12 November 2008 from H.W. Wilson database. • http://www.duke.edu/~rob/kerberos/authvauth.html