7/25/2019 08 Newton Biometrics Presentation FINAL
1/17
Strength
of
uthentication
for iometrics:An
Evaluation
Framework
ElaineNewton,NISTColinSoutar,Deloitte&Touche LLP
7/25/2019 08 Newton Biometrics Presentation FINAL
2/17
BackgroundontheAdvancedIdentityWorkshop:
ApplyingMeasurement
Science
in
the
Identity
Ecosystem
Purpose&Scope
Approach:
ProblemStatement
SystemAttackAnalysis
ZeroInformationAttack
ConsideranAdditionalFactor:Effort
IncorporatingEffort
StrengthofFunctionforAuthenticators(SOFA)
UltimateGoal:Comparing&CombiningAuthenticationTechnologies
Agenda
7/25/2019 08 Newton Biometrics Presentation FINAL
3/17
Background
on
the
Advanced
Identity
Workshop:ApplyingMeasurementScienceIntheIdentityEcosystem
January1213th @Gaithersburg
Focusonquantifyingstrengthoffunctiontoenableriskbaseddecisions
Threefocusareas:1. StrengthofAuthentication
2. StrengthofProofing
3. AttributeConfidence
StrengthofAuthenticationwillfocusinitiallyonmeasuringthestrengthofBiometricAuthenticationSystems
Theoverallgoalofthisareaistoreachthepointwherethestrength
ofauthenticationmechanismscanbemeasured,compared,andeventuallycombined
Whystartwithbiometrics?Growingavailabilityanduse.
7/25/2019 08 Newton Biometrics Presentation FINAL
4/17
Purpose
&
Scope
Produceaframeworkformeasuringandevaluatingthestrengthofa
biometric
authentication
system
that
enables: Greaterunderstandingofhowmuchtrustcanbeplacedinsolutions
Betteralignmentofsolutionswithassessedrisks
Focusisonpositiveauthenticationandonetoonematching:
Doesnotaddresswatchlistapplications
Doesnotdealwithsituationswhereusersareavoidingidentification
Intendedtobemodalityagnostic
FrameworkwillbereleasedasareportfromNIST,butmaybeusedascontributiontoastandardsdevelopmenteffort
Frameworkwillbeopenforpubliccommentthroughoutitsdevelopment
7/25/2019 08 Newton Biometrics Presentation FINAL
5/17
Approach
7/25/2019 08 Newton Biometrics Presentation FINAL
6/17
Problem
Statement
Startingpoint:Whatgenerallyacceptedmeasurementsexistaround
strengthofauthenticators? Entropyandthestrengthofpasswords/keylength
StrengthofFunction:CommonCriteria
Howcanwecomparestrengthofbiometricauthentication
mechanisms
to
each
other,
and
to
other
types
of
mechanisms?
Canwecreateacomparablemeasureinbiometricstoentropyorstrengthoffunction?
Canweestablishageneralframeworkforcomparingdifferentmechanisms?
SOFA=StrengthofFunctionforAuthenticators
7/25/2019 08 Newton Biometrics Presentation FINAL
7/17
System
and
Attack
Analysis
Manyattackscanbemitigatedbycore
securitycontrols:e.g.,encryption,
mutualauthentication,limitingof
unsuccessfulattempts
Someareasrequire
specificfocusin
biometrics:e.g.,template
protection
7/25/2019 08 Newton Biometrics Presentation FINAL
8/17
System
and
Attack
Analysis:
Biometric
Specific
PAD
Error
Rate:Probability
of
a
successfulpresentationattack
FMR:Probabilityofa
falsematchoccurring
Matching
Performance
Twoaspectsstoodoutasuniqueto
biometricauthN:PresentationAttacks
andtheMatchingPerformance;each
carriespotentialmetricstocontribute
tostrength.
7/25/2019 08 Newton Biometrics Presentation FINAL
9/17
Approach
Isolatetheaspectsofbiometrictechnologiesthatcanbequantified
Assumeabaselineofcyberhygiene
Inherentbiometricstrength
Zeroinformationattacks,
i.e.,
the
attacker
doesnt
have
the
PIN
or
biometric
patternTargetedattacks
Additionalcontrols(e.g.,limitingfailedattempts)maybelayeredontopofthequantifiedstrengthtoimprovethe
overallsecurityofasystemWhataretherelevantfactorsfortheframework?
7/25/2019 08 Newton Biometrics Presentation FINAL
10/17
ZeroInformationAttack
Factors:
FMR
and
PADER
FalseMatchRate(FMR)
Proportionofimpostorattempt
samplesfalselydeclaredtomatchthecomparedtemplate
Empiricallydetermined
Combinationof
Inherentdiscrimination
signal
fidelity;
sensor
performance;
processingandmatchingcapabilities
PresentationAttackDetectionErrorRate(PADER)
Proportionofpresentationattacks
incorrectlyclassifiedasbonafidepresentationsatthePADsubsysteminaspecificscenario*
ErrorratesandtestingbeingdevelopedinISO/IEC301073andFIDOAlliance
Testingstandardsandproceduresmayaddress
Typeofattacksused
Numberofattempts
Typesoftests:verifyingvendorclaims,orfullstatisticalsignificance
trials?
AssumptionFMRandPADERareindependentofoneanother.*ThisisverysimilartotheAPCERmeasureusedinthedraftofISO/IECCD301073
HypothesisFMRandPADERcanbecombinedtoproduceameasurethatcan
becomparedtoapasswordsentropy.
7/25/2019 08 Newton Biometrics Presentation FINAL
11/17
Consider
an
Additional
Factor:
EffortTounderstandtheinherentstrengthofabiometricsystem,more
thanPADERandFMRarerequiredeffortshouldalsobeconsidered
Password/Pin Biometrics
Samplesizeandcomplexity
Accesstosensor/device
Computationalcomplexityofmatching
Lengthandcomplexity
Zero
Info.
Targeted Shouldersurf Retrievebiometric
CreateartefactNotepads
7/25/2019 08 Newton Biometrics Presentation FINAL
12/17
Incorporating
Effort
Effort=Levelofeffortrequiredtoattackspecificcomponentsofan
authenticationsystem. Focusesonthepointofinputorsensor
Requiresqualitativeassessmentandcomparisonofattacksextendingacross
systems Thetime,knowledge,andresources
requiredforanattackmaycontributetotheeffort
Consequencesmayalsobeconsidered
Manyfactorscouldbeincorporatedintoeffort:furtherexplorationrequired
EffortScale
Difficult
Easy
Coercion
Artefact
Brute
Force
(PIN/PW
orPassive
Imposter)
7/25/2019 08 Newton Biometrics Presentation FINAL
13/17
Strength
of
Function
for
Authenticators
(SOFA)InherentStrength
IncorporatingtheFMR,PAD,andeffortintoasinglemeasureof
strengthcouldlooksomethinglikethis:
Inthecaseoftargetedattacks,themeasureofstrengthmaylooklike:
EffortSOFAZero Info(Biometrics)
FMRxPADER
EffortSOFATargeted (Biometrics)(1 FNMR)xPADER
7/25/2019 08 Newton Biometrics Presentation FINAL
14/17
Ultimate
Goal:
Comparing
&
Combining
AuthenticationTechnologies
Goalistomovetowardsdevelopingmetricsthatcanbecompared
andcombinedtobetterunderstandauthenticationsystemsUltimately,wewouldbeabletodeterminethesametypeofmeasure
formostauthenticationsystems
SOFAZero Info(Biometrics)FMRxPADER
Effort
SOFAZero Info(PIN/PW) NL
Effort x
ForPIN/PW,NisthenumberofpossiblesymbolsandListhe
lengthofthestringofthesetofNsymbols.
7/25/2019 08 Newton Biometrics Presentation FINAL
15/17
Next
Steps
NISTwillproduceaninitialdraftdocument
Usingshort,openpubliccommentperiodsthedocumentwillbeiterativelyreviewedandupdatedbasedoncommunityfeedback
NIST
will
finalize
the
document
and
identify
the
most
appropriatevenuetoforwardadditionalwork
Yourfeedbackiswelcomedandencouragedthroughtheentireprocess!Pleasesendcommentsto([email protected])or
throughthecommentmechanismduringtheiterativepublicreviewperiods
7/25/2019 08 Newton Biometrics Presentation FINAL
16/17
References
M1.4AHGBEAStudyReportonBiometricsinEAuthentication
OASISAnalysisofMethodsofTrustElevationVersion1.0(2013)and
ElectronicIdentity
Credential
Trust
Elevation
Framework
Version
1.0
(2014)
ISO19092:2008 FinancialservicesBiometricsSecurityframework
ISO/IEC301071:2016 InformationtechnologyBiometricpresentationattackdetectionPart1:Framework
CommitteeDraftofISO/IEC301073 Informationtechnology
Biometric
presentationattackdetectionPart3:TestingandReporting
ISO/IEC24745:2011 InformationtechnologySecuritytechniquesBiometricinformationprotection
ISO/IEC
19792:2009
Information
technology
Security
techniques
Securityevaluationofbiometrics
MeasuringStrengthofAuthentication Workshop:ApplyingMeasurementScienceintheIdentityEcosystem
http://www.commoncriteriaportal.org/
7/25/2019 08 Newton Biometrics Presentation FINAL
17/17
RyanGalluzzo
Deloitte&Touche LLPCyberRiskServices
ElaineNewton,PhD
NationalInstituteofStandardsandTechnology
PaulGrassi
NationalInstituteofStandardsandTechnology
KevinMangold
NationalInstituteofStandardsandTechnology
ColinSoutar,PhD
Deloitte&Touche LLPCyberRiskServices
RajDinh
Deloitte&Touche LLPCyberRiskServices
ContractsupporttoNIST
CathyTilton
CSRAInc.
SpecialguestcontributionstoNIST
NIST
Contributors