Upload
homer-rodgers
View
216
Download
1
Embed Size (px)
Citation preview
N Stage Authentication with N Stage Authentication with Biometric DevicesBiometric Devices
Presented by:Presented by:
Nate RotschaferNate Rotschafer
SophomoreSophomore
Peter Kiewit InstitutePeter Kiewit Institute
Revised: July 8, 2002
N Stage AuthenticationN Stage Authentication OutlineOutline
– Background on AuthenticationBackground on Authentication– General Network SecurityGeneral Network Security– Need for High Grade AuthenticationNeed for High Grade Authentication– Need for Multiple Factor AuthenticationNeed for Multiple Factor Authentication– Background on Error TypesBackground on Error Types– Forms of Biometric AuthenticationForms of Biometric Authentication– Pros and Cons of Each Biometric TechnologyPros and Cons of Each Biometric Technology– What’s Hot? What’s Not?What’s Hot? What’s Not?– Major PlayersMajor Players– Network Management with Biometric DevicesNetwork Management with Biometric Devices– ProblemsProblems– Proper Network Security with Biometric DevicesProper Network Security with Biometric Devices– Demos and DiscussionDemos and Discussion– PrognosisPrognosis
Background on Background on AuthenticationAuthentication
IdentificationIdentification
The method used by a system (not The method used by a system (not necessarily a computer) to uniquely necessarily a computer) to uniquely identify an individual or group.identify an individual or group.
Examples: User names, Driver’s Examples: User names, Driver’s License, School ID, License, School ID,
Security Badge, Security Badge, Passport Passport
AuthenticationAuthentication
The method(s) used to verify the The method(s) used to verify the given identification against a given identification against a database of known information.database of known information.
Examples: Passwords, Examples: Passwords, Fingerprints, Iris Fingerprints, Iris
Prints,Prints, NegotiationNegotiation
Development of Development of AuthenticationAuthentication
What you know…What you know… What you have…What you have… What you are…What you are… Future Development: How you Future Development: How you
are...are...
General Network SecurityGeneral Network Security
Security is NOTSecurity is NOT
Installing a firewallInstalling a firewall A product or ServiceA product or Service Running an audit and shutting Running an audit and shutting
things offthings off
Security ISSecurity IS
Working productively and without Working productively and without interruptionsinterruptions
Only as good as the weakest linkOnly as good as the weakest link Risk management of resources Risk management of resources
(equipment, people)(equipment, people) Physical securityPhysical security A process, methodology, policies and A process, methodology, policies and
peoplepeople Is 24x7x365Is 24x7x365
General Network SecurityGeneral Network Security
No silver bullet to network securityNo silver bullet to network security Replay attacksReplay attacks Denial of Service ((D)DoS)Denial of Service ((D)DoS) SpoofingSpoofing UsersUsers Dictionary AttacksDictionary Attacks
Security ThoughtsSecurity Thoughts
80-90% are internal issues80-90% are internal issues Hard drive crash (what did you loose, Hard drive crash (what did you loose,
and how long to get back up?)and how long to get back up?) Firewall penetration (what can they do, Firewall penetration (what can they do,
what do they see?)what do they see?) Internet failed (how much lost Internet failed (how much lost
productivity/revenue, backup net productivity/revenue, backup net connection?)connection?)
Some can always get inSome can always get in
General Network Security General Network Security ConclusionConclusion
Biometrics will help but will not Biometrics will help but will not solve all problemssolve all problems
Users are the “weakest link”Users are the “weakest link” Proactive security planProactive security plan
Need for High Grade Need for High Grade AuthenticationAuthentication
Need for High Grade Need for High Grade AuthenticationAuthentication
High Security AreasHigh Security Areas Multiple Factor AuthenticationMultiple Factor Authentication Challenge and Response Challenge and Response
AuthenticationAuthentication High Assurance of Proper High Assurance of Proper
IdentificationIdentification Data Retrieval Based on the PersonData Retrieval Based on the Person
Background on Error TypesBackground on Error Types
Type I Error --- Accept in Type I Error --- Accept in ErrorError
Balance Between Type I and Type Balance Between Type I and Type II ErrorII Error
Most DangerousMost Dangerous High ExposureHigh Exposure PreventablePreventable Need for Additional Security Need for Additional Security
MeasuresMeasures
Type II --- Deny in ErrorType II --- Deny in Error
Balance Between Type I and Type Balance Between Type I and Type II ErrorII Error
Only an InconvenienceOnly an Inconvenience PrventablePrventable Established by a High Security Established by a High Security
PolicyPolicy
Forms of Biometric Forms of Biometric AuthenticationAuthentication
Forms of Biometric Forms of Biometric DevicesDevices
Fingerprint ScannersFingerprint Scanners Retina ScannersRetina Scanners Iris ScannersIris Scanners Voice Print ScannersVoice Print Scanners Handwriting RecognitionHandwriting Recognition Face RecognitionFace Recognition Personal GeometryPersonal Geometry DNADNA
Pros and Cons of Each Pros and Cons of Each Biometric TechnologyBiometric Technology
Fingerprint ScannersFingerprint Scanners
ProsPros ConsCons
Retina ScannersRetina Scanners
ProsPros ConsCons
Iris ScannersIris Scanners
ProsPros ConsCons
Voice Print ScannersVoice Print Scanners
ProsPros ConsCons
Handwriting RecognitionHandwriting Recognition
ProsPros ConsCons
Personal GeometryPersonal Geometry
ProsPros ConsCons
Face RecognitionFace Recognition
ProsPros ConsCons
DNADNA
ProsPros ConsCons
What’s Hot? What’s Not?What’s Hot? What’s Not?
What’s Hot?What’s Hot? Fingerprint ScannersFingerprint Scanners Iris ScannersIris Scanners N Stage AuthenticationN Stage Authentication InteroperabilityInteroperability InterchangeabilityInterchangeability StandardsStandards Server Signature StorageServer Signature Storage
What’s Not?What’s Not?
Retina ScannersRetina Scanners DNADNA 1 or 2 Stage Authentication1 or 2 Stage Authentication
Major PlayersMajor Players
Major PlayersMajor Players
Most ISP NOCsMost ISP NOCs Healthcare OrganizationsHealthcare Organizations Banking IndustryBanking Industry Military/Government AgenciesMilitary/Government Agencies Department of DefenseDepartment of Defense Schools?Schools?
Network Management with Network Management with Biometric DevicesBiometric Devices
CostCost
Fingerprint Scanner --- $100-150Fingerprint Scanner --- $100-150 Retina Scanner --- $400-500Retina Scanner --- $400-500 Iris Scanner --- $200-300Iris Scanner --- $200-300 Voice Print Scanner --- $150-200Voice Print Scanner --- $150-200 Face Recognition --- $150-250Face Recognition --- $150-250
Ease of DeploymentEase of Deployment
Fingerprint Scanner --- EasyFingerprint Scanner --- Easy Retina Scanner --- HardRetina Scanner --- Hard Iris Scanner --- HardIris Scanner --- Hard Voice Print Scanner --- MediumVoice Print Scanner --- Medium Face Recognition --- EasyFace Recognition --- Easy
Ease of ManagementEase of Management
Fingerprint Scanner --- EasyFingerprint Scanner --- Easy Retina Scanner --- MediumRetina Scanner --- Medium Iris Scanner --- MediumIris Scanner --- Medium Voice Print Scanner --- EasyVoice Print Scanner --- Easy Face Recognition --- MediumFace Recognition --- Medium
User EffectsUser Effects
Fingerprint Scanner --- MediumFingerprint Scanner --- Medium Retina Scanner --- MediumRetina Scanner --- Medium Iris Scanner --- MediumIris Scanner --- Medium Voice Print Scanner --- HighVoice Print Scanner --- High Face Recognition --- MediumFace Recognition --- Medium
ProblemsProblems
Proper Network Security With Proper Network Security With Biometric DevicesBiometric Devices
Securing Biometric Securing Biometric SignaturesSignatures
Tamper resistant storageTamper resistant storage Protection from corruptionProtection from corruption Secure signature changesSecure signature changes Secure backupsSecure backups Stop signature interceptionStop signature interception Protect latent signaturesProtect latent signatures
Logon SecurityLogon Security
Trusted Path to the authentication Trusted Path to the authentication device device
Tamper resistance Tamper resistance Clear or encrypted transmissionClear or encrypted transmission Continuous monitoringContinuous monitoring What “goes down the wire”?What “goes down the wire”? Real biometric?Real biometric?
Bypass PreventionBypass Prevention
Tamper resistance at the local Tamper resistance at the local machinemachine
Enhanced biometrics to tell a real Enhanced biometrics to tell a real biometric from a fake biometric biometric from a fake biometric
Both biometrics and passwords Both biometrics and passwords needed needed
ConsistencyConsistency
Environmental effects Environmental effects All network users adhere to the All network users adhere to the
same policysame policy All network machines configured All network machines configured
identicallyidentically
Can Biometrics be Can Biometrics be Bypassed?Bypassed?
How they are connectedHow they are connected The device can be fooledThe device can be fooled ConsistencyConsistency
Demos and DiscussionDemos and Discussion
Demo of Fingerprint Demo of Fingerprint Scanner AuthenticationScanner Authentication
Demo of Iris Scanner Demo of Iris Scanner AuthenticationAuthentication
Wire Capture AnalysisWire Capture Analysis
Recent Bypassing MethodsRecent Bypassing Methods
How to BypassHow to Bypass
Question and AnswerQuestion and Answer
Thanks To:Thanks To:
Dr. Blaine Burnham, Director of Dr. Blaine Burnham, Director of NUCIANUCIA
Defcon 10Defcon 10 Peter Kiewit InstitutePeter Kiewit Institute Dan DevriesDan Devries
Contact InfoContact Info
E-Mail: E-Mail: [email protected]@geniussystems.net
Slides: Slides: http://www.geniussystems.nethttp://www.geniussystems.net– Goto the :. Talks .: section and then to Goto the :. Talks .: section and then to
the “Biometrics” folder then to the the “Biometrics” folder then to the “Defcon” folder and download “Defcon” folder and download the .ppt slides of the presentation.the .ppt slides of the presentation.
LinksLinks
http://www.http://www.theregustheregus.com/content/55/24956.html.com/content/55/24956.html
http://www.http://www.heiseheise.de/.de/ctct//englishenglish/02/11/114//02/11/114/ http://www.http://www.precisebiometricsprecisebiometrics.com/.com/ http://www.http://www.saflinksaflink.com/.com/ http://http://statstat..tamutamu..eduedu/Biometrics//Biometrics/ http://www.biometrics.org/http://www.biometrics.org/ http://biometrics.http://biometrics.csecse..msumsu..eduedu//