Upload
shanae
View
40
Download
2
Embed Size (px)
DESCRIPTION
Emerging Biometric Applications. Expectations and Reality (in 25 minutes or less!). An Emerging Technology. What are Biometrics?. The term biometrics refers to a science involving the standard analysis of biological characteristics. - PowerPoint PPT Presentation
Citation preview
Emerging BiometricApplications
Expectations and Reality(in 25 minutes or less!)
An Emerging Technology
What are Biometrics?
The term biometrics refers to a science involving the standard analysis of biological
characteristics.
A biometric is a unique, measurable characteristic or trait of a human being for automatically recognising or
verifying identity.
Who are you?
No, who are you, really???
Authentication Methods in Network & Internet Security
Something you areBiometrics Positive identificationNever lost or stolen
Something you knowPasswordsPINsMother’s maiden name
Something you haveATM cardSmart cardDigital certificate
BiometricsInnate
IrisRetinaEarFingerprintPalm / handFace (visual & heat)Skin detail / veinsDNA / Blood / Saliva / anti-bodiesHeart rhythmFootprintLips
BehavioralGait
Signature
Typing style
MixedVoice
Body odour
Why Biometrics?
“Biometric identification (e.g., fingerprints, face and voice) will emerge as the only way to truly authenticate an individual, which will become increasingly important as security
and privacy concerns grow.”
- Gartner Group 26th April 2000
How do Biometrics Work?Enrolment: Add a biometric identifier to a database
Fingerprint, Voice, Facial or Iris
Verification: Match against an enrolled record
Presentbiometric
Capture Process Store
Presentbiometric
Capture Process
Compare
Match
IDENTIFIED
No Match
DENIED
Fingerprint Image Identification
Randomness
Accuracy v. Affordability v. Acceptability
0
1
2
3
4
Accuracy >>
Aff
ord
ab
ility
>>
Courtesy, Veridicom Corp.
Benefits for the Consumer
Benefits of Biometrics
Biometrics link a particular event to a particular individual, not just to a password or token, which may be used by someone
other than the authorized user
Business Scenarios
The password problem
Remote access
Who is using our fee-based web-site?
Challenge-response tokens
Too many physical-access devices
Protecting the single-sign-on vault
The Password Problem
They’re either too easy or they’re written down somewhere!
Users forget them!
Help Desk has to sort out the mess!
The Password Problem
Write it Down
47 28 8 16
% of respondents
Never Occasionally Often Always
Source: CCH
The Password Problem
Resets per Year
4 62 29 5
% of respondents
Zero 1-2 3-6 > 6
Source: CCH
The Password Problem
Identifiable costsLost productivityFlow-on productivity lossesSupport teamManagement and infrastructure
US research - $340 per incident*
Anecdotal – some incidents over $AU10,000
*BioNetrix Corp - www.bionetrix.com/inserts.pdf
Choosing Technologies and Partners
Privacy Concerns and Ethics
Criminal stigma3rd party use of data
Sold or given for other than intended purposeProvided to law enforcementUnauthorized access
Identity theft“Tracking” of actions through biometricsReligious objections - “Mark of the Beast”
Australian Privacy Act
NPP 4 – Data Security
An organisation must take reasonable steps to protect the personal information it holds from misuse and loss and from unauthorised access, modification or disclosure.
Privacy Policy Recommendations
5 basic principlesNotice – disclose ALL data captured
Access –anyone can view their stored data
Correction Mechanism
Informed Consent – no 3rd-party involvement
Reliability & Safeguarding
Who would use Biometrics
Strong identification and authentication
Medium – high data security
Non-repudiation (I didn’t do it!)
Who would use Biometrics
The last metre
Fee-for-service web sites
e-Commerce transaction verification
Selecting Biometric Technologies
User / environment considerations
Technology factors
Technology ComparisonIris Face Finger Signature Voice
Accuracy Very HighMedium High High Medium
Ease of Use Medium Medium High High High
Barrier toAttack
Very High Medium High Medium Medium
UserAcceptability
Medium Medium Medium Very High High
Long TermStability
High Medium High Medium Medium
Interference ColouredContacts
Lighting Aging,Glasses,Hair
DrynessDirt,Age,Race
ChangingSignatures
Noise,Colds,Weather
Accuracy
False rejection rateMeasures how often an authorized user, who should be recognized by the system, is not recognized.I am not recognised as me!
False acceptance rateMeasures how often a non-authorized user, who should not be recognized by the system, is falsely recognized.You are pretending to be me!
Matching vs. Non-Matching Prints
Non-matchingprints
Matchingprints
MatchingThreshold
False non-matches False matches
d
Selecting a Biometric Solution
Who can help?
Your Vendor / Consultant
Existing relationship
Ability to integrate biometrics into existing platform
Ability to draw on other experience
Australian Biometric Testing Organisation
Recently incorporatedImpartial testerEducation sourceGovernment & industry funded
www.biomet.org/[email protected]
“Introduction to Biometrics” 1-day course August 30th
What problem are we solving?
If biometrics is the answer, what’s the question?
Evaluation Strategy
Define the requirements
Testing & trialing
Management buy-in
Internal champion (not the IT Manager)
Who is using it?
Connecticut Dept Social Welfare
Health Application
ABN-AMRO
What are some of the products?
Give Passwords the Finger!