View
48
Download
0
Category
Preview:
Citation preview
Biometric Security
for MobileTHE “WHO YOU ARE” OF AUTHENTICATION
JERRY RUGGIERI / CITIZENS BANK
1
All Authentication Options
What you know, e.g. password
What you have, e.g. soft- or hard-token
Who you are, e.g. any biometric
How you behave, e.g. adaptive
authentication
2
PasswordsYour password is “dinosaur”
October 2013 – Adobe announces 38 M passwords are compromised
Password hints posted in cleartext
Passwords not salted
Days later they’re posted online and many are soon broken
June 2012 – LinkedIn announces 7M of 150M passwords stolen
Passwords not salted
Days later they’re posted online and …
Customers using same password for Facebook, garage door openers, and banking
Passwords heavily re-used or shared
Passwords have to be remembered (and typed)
Passwords can be “cracked” (recovered)
3
Biometric Authentication Methods 4
Biometric Categories 5
Facial Recognition
Pro’s
Convenient
Liveness Test
Con’s
Lighting condition requirement
Can be faked with static and/or animated gif from
public photos
Repudiation
6
Fingerprint Pro’s
EER of around 1%
Convenience
Liveness Test
Non-repudiation
Con’s
Specialized Hardware
Finger cleanliness
Cuts to finger
Angle or pressure of placement
Biometric privacy concerns
Fingerprints can be captured easily
Search for “MythBusters Fingerprints Busted” on YouTube
7
Voice Pro’s
Convenience
Cost
EER of around 2-3%
Liveness Test
Non-repudiation
Can be authenticated remotely
Con’s
Cold or illness affecting voice
Environmental noise
Behavioral or temporal speaking differences
User education or awareness to use
8
Biometric Evaluation Factors Accuracy Factors
False Acceptance Rate (FAR)
False Rejection Rate (FRR)
Equal Error Rate (EER)
Failure To Enroll (FTE)
Failure To Capture (FTC)
Security
Usability
Integration
Cost
Privacy and Regulatory Factors
9
Equal Error Rate Curve 10
11
Apple’s Fingerprint Hardware 12
True Speaker Recordings 13
Imposter Speaker Recordings 14
Enrollment, Authentication Process 15
Biometric Distance for Imposters 16
Voice Biometric Use Cases Use Cases
Fast Balance
Step up authentication option
Online Account Opening
Login authentication
Male v. Female voices
Male frequency 85-180 Hz
Female frequency 165-255 Hz
We hear frequency as the pitch
Double the frequency we perceive it as “twice as high”
17
VoiceKeyID™ AlgorithmAuthenticates in ½ second
Runs on device, no servers needed
Configurable for low FAR (False Acceptance Rate)
Multi-lingual, any language or song or repeatable gibberish will work
Requires 10-12 syllables or 4-6 seconds of speech
Robustness against recorded attacks
Low Failure To Enroll Errors
Low Storage Requirement (50-100KB)
Secure Storage
Can identify forced failure attempts and deny them
Available for use anywhere in apps
Patent protected in US and China
18
19VoiceKeyID™ Demo App
Recommended