Title: Emerging Biometric Applications
1Emerging BiometricApplications
Expectations meet Reality
2An Emerging Technology
3What are Biometrics?
- The term biometrics refers to a science involving
the standard analysis of biological
characteristics. - A biometric is a unique, measurable
characteristic or trait of a human being for
automatically recognising or verifying identity.
4Who are you?
No, who are you, really???
5Authentication Methods in Network Internet
Security
Something you know Passwords PINs Mothers maiden
name
Something you have ATM card Smart card Digital
certificate
Something you are Biometrics Positive
identification Never lost or stolen
6Biometric Techniques
Identification of all the biometric methods, both
mainstream and esoteric, known to the group.
Consider methods that relate to non-humans and
also combinations of methods.
7Biometrics
- Behavioral
- Gait
- Signature
- Typing style
- Mixed
- Voice
- Body odour
- Innate
- Iris
- Retina
- Ear
- Fingerprint
- Palm / hand
- Face (visual heat)
- Skin detail / veins
- DNA / Blood / Saliva / anti-bodies
- Heart rhythm
- Footprint
- Lips
8Why Biometrics?
Biometric identification (e.g., fingerprints,
face and voice) will emerge as the only way to
truly authenticate an individual, which will
become increasingly important as security and
privacy concerns grow. - Gartner Group 26th
April 2000
9How do Biometrics Work?
Enrollment Add a biometric identifier to a
database Fingerprint, Voice, Facial or
Iris
Verification Match against an enrolled record
10Fingerprint Image Identification
11Randomness
12Accuracy v. Affordability v. Acceptability
0
1
Affordability gtgt
2
3
4
Accuracy gtgt
Courtesy, Veridicom Corp.
13Benefits for the Consumer
14Benefits of Biometrics
- Biometrics link a particular event to a
particular individual, not just to a password or
token, which may be used by someone other than
the authorized user
15Business Scenarios
- The password problem
- Remote access
- Who is using our fee-based web-site?
- Challenge-response tokens
- Too many physical-access devices
- Protecting the single-sign-on vault
16Password Rules(an obligatory cartoon)
17How Do You Remember Passwords?
18The Password Problem
- Theyre either too easy or theyre written down
somewhere! - Users forget them!
- Help Desk has to sort out the mess!
19Password Survey
- Every user requesting password reset received
survey - 50 response
- No recriminations policy
- Source - CCH
20The Password Problem
Good passwords are bad for users
21The Password ProblemWrite it Down
47
28
8
16
of respondents
Never
Occasionally
Often
Always
22The Password Problem
User Overload
No of
57
36
7
Pswds
1-3
4-6
7-9
23The Password Problem
User Impact
Password
4
62
29
5
Resets
Zero
1-2
3-6
gt 6
24The Password Problem
Wait Time
25The Password Problem
Impact on Productivity
26The Password Problem
Who Knows your Password?
27The Password Problem
How Many Passwords do you Know?
28The Password ProblemResets per Year
Source CCH
29The Password Problem
- Identifiable costs
- Lost productivity
- Flow-on productivity losses
- Support team
- Management and infrastructure
- US research - 340 per incident
- Anecdotal some incidents over AU10,000
BioNetrix Corp - www.bionetrix.com/inserts.pdf
30Choosing Technologies and Partners
31Privacy Concerns and Ethics
- Criminal stigma
- 3rd party use of data
- Sold or given for other than intended purpose
- Provided to law enforcement
- Unauthorized access
- Identity theft
- Tracking of actions through biometrics
- Religious objections - Mark of the Beast
32Australian Privacy Act
- NPP 4 Data Security
- An organisation must take reasonable steps to
protect the personal information it holds from
misuse and loss and from unauthorised access,
modification or disclosure.
33Privacy Policy Recommendations
- 5 basic principles
- Notice disclose ALL data captured
- Access anyone can view their stored data
- Correction Mechanism
- Informed Consent no 3rd-party involvement
- Reliability Safeguarding
34Who would use Biometrics
- Strong identification and authentication
- Medium high data security
- Non-repudiation (I didnt do it!)
35Who would use Biometrics
- The last metre
- Fee-for-service web sites
- e-Commerce transaction verification
36Selecting Biometric Technologies
- User / environment considerations
- Cooperative/non-cooperative users
- Overt/covert capture
- Habituated/non-habituated
- Attended/unattended
- Public/private
- Indoor/outdoor
- Possible interference
- User lifestyle/occupation
- Compatibility with existing/legacy systems
37Selecting Biometric Technologies
- Technology factors
- Cost
- Accuracy
- Ease of use
- Public acceptance
- Long term stability
- Existence/use of standards
- Barriers to attack
- Track record of vendor/product
- Availability of alternate sources
- Scalability
38Technology Comparison
39Accuracy
- False rejection rate
- Measures how often an authorized user, who should
be recognized by the system, is not recognized. - I am not recognised as me!
- False acceptance rate
- Measures how often a non-authorized user, who
should not be recognized by the system, is
falsely recognized. - You are pretending to be me!
40Matching vs. Non-Matching Prints
41FRR vs. FAR
- FAR / FRR are loosely inverse
- FAR FER Equal Error Rate
- Failure to enroll rate (FER)
- Measures how often users are unable to enroll a
biometric record
42Selecting a Biometric Solution
43Biometrics Institute
- Recently incorporated
- Impartial tester
- Education source
- Government industry funded
- www.biomet.org
- support_at_biomet.org
- Introduction to Biometrics 1-day course
September 25th
44What problem are we solving?
- If biometrics is the answer, whats the question?
45Reference Sites
- Health
- Health Technologies (Australia)
- Patient Records
- Capital Coast Health (NZ)
- Access security SSO
- e-Commerce (Australia)
- e-Contracts
- Big Sky Contracting
- Social Security
- States of New Jersey, Virginia, Connecticut
- Social Welfare systems
- Banking Finance
- ING Direct (Canada) On-line banking
- ABN AMRO (Australia)
- Network Security
- Pt Makindo (Indonesia)
- Network Security
- On-line Trading
- Government
- Network Security and ID systems
- Defence Stratcom
- US GSA Govt-wide Smart Card Program
46What are some of the products?
47Biometric Scanning Devices
PC Video Camera
Secugen EyeD Mouse II Scanner
Sensar Iris Scanner
Veridicom 5th Sense Fingerprint Scanner
Phoenix Keyboards
Veridicom Combo Fingerprint SmartCard Scanner
Telex Microphones
48SAF/2000
- SAF/NT
- System requirements
- Versions
- Hardware
- Client environment
49Data Flow During Login
SAFserver
1. Client displays NRIgina.dll
Biometric device
9x/NT client
BSP
6. SAFserver determines validity of biometric
Login Server
50NMAS
- Modular interface to NDS
- Choice of biometric method supplier
- Multiple graded authentication
- Free starter pack
- Enterprise Edition
51Graded Authentication
52Veridicom Protector Suite
- Logon Protector secure log-on based on
fingerprints and smart cards - FileDisk Protector - strong on-line encryption
in a virtual disk - Password Protector PasswordBank for
applications and Internet access - PKI Protector En/decrypt email and www user
authentication using PKI
53More Information
- SAFLINK Corporation
- http//www.saflink.com/safnmas
- http// www.saflink.com/
- Biometric Consortium
- http// www.biometrics.org
- International Computer Security Association
- http// www.icsa.net
- Biometrics in Human Services Newsletter
- http// www.dss.state.ct.us/digital.htm
- Biometric Technology Today
- http// www.sjb.co.uk
- The International Biometric Society
- http// www.tibs.org
- The Connecticut Project
- http//www.dss.state.ct.us/digital.htm
- Human Identification in Information Systems
- http//www.anu.edu.au/people/Roger.Clarke/DV/Human
ID
54More Information
- International Biometric Industry Association
- http//www.ibia.org/
- BioAPI Consortium
- http//www.bioapi.org/
- Biometric Digest
- http//biodigest.com
- Association for Biometrics (Europe)
- http//www.afb.org.uk
- National Biometric Test Centre
- http//www.engr.sjsu.edu/biometrics/
- Biometrics Research
- http//biometrics.cse.msu.edu/
- International Biometric Group
- http//www.biometricgroup.com/
- Biometrics Scanning, Law Policy
- http//www.pitt.edu/7Elawrev/592D1/woodward.htm
55And for a Negative View
- Biometrics
- http//www.666soon/biometri.htm
- Fight the Fingerprint
- http//www.networkusa.org/fingerprint.shtml
56Give Passwords the Finger!