Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
NSF Workshop on Fundamental Research Challenges for Trustworthy Biometrics 2010
Dr. Colin Soutar 1
CSC Identity and Privacy Assurance 1
Biometrics and Identity Assurance
Dr. Colin Soutar
CSC
NSF Workshop on Fundamental Research Challenges for Trustworthy Biometrics 2010
Dr. Colin Soutar 2
CSC Identity and Privacy Assurance 2
Identity Assurance Frameworks• Establish the trustworthiness of Services in Identity system
– c.f. the delegation of trust via PKI or other architecture
• Components– Identity Provider– Service Provider– Federation Broker
• Considerations– Operating Procedures– Identity Proofing (LoA)– Identity Authentication (LoA)– Privacy
• OMB 04-04/NIST SP 800-63• Kantara Initiative (formerly Liberty Alliance), STORK…• Identity Eco-system in draft of:
– National Strategy for Trusted Identities in Cyberspace
separation of identity from entitlement
NSF Workshop on Fundamental Research Challenges for Trustworthy Biometrics 2010
Dr. Colin Soutar 3
CSC Identity and Privacy Assurance 3
Identity and Privacy Assurance
Identity AssurancePrivacy Assurance
Individual
IdentityLevels ofIdentity Assurance
Safeguarding of Identity Data
Strength of Binding
NSF Workshop on Fundamental Research Challenges for Trustworthy Biometrics 2010
Dr. Colin Soutar 4
CSC Identity and Privacy Assurance 4
Identity Assurance -> Enterprise
IdentityAssurance
(transaction)
IdentityProofing
(enrollment)
IdentityAuthentication(transaction)
= +
Ability to Support Level of Assurance
(LOA)
Strength of Function
Assurance ofConformance
Uniqueness of Identity
Interoperability
NSF Workshop on Fundamental Research Challenges for Trustworthy Biometrics 2010
Dr. Colin Soutar 5
CSC Identity and Privacy Assurance 5
Biometric Identification and Verification• Biometric Identification used as part of Identity Proofing
– Relatively Mature and Controllable Applications• Distinguish individuals in a large population, Border and Immigration, Forensic ,
Interoperability– Supervised
• Mitigates spoofing– Dedicated Sensors– Secure Data Storage
• Biometric Verification used on a daily basis as part of an authentication mechanism– Verification needs to authenticate a user to a certain strength of function– Remote authentication
• Non-supervised– Diverse Systems (and thus Performance)
• Sensors, Algorithms, Unsecured memory– Biometric Verification modality or algorithms (and thus templates) not be the same – Conformance required, not necessarily interoperability– Cross Jurisdictional
NSF Workshop on Fundamental Research Challenges for Trustworthy Biometrics 2010
Dr. Colin Soutar 6
CSC Identity and Privacy Assurance 6
Biometrics in Multi-Factor Environment
• How should these be used in practice:1. Determine level of performance on varied platforms2. Evaluate other potential vulnerabilities and combine to create overall strength
of function3. Align commensurable biometric strength of function with other authentication
factors to support resulting level of Identity Assurance
• Template Protection Techniques – Self protecting templates– Application-specific templates
• Intra-class variation versus discrimination– Error correction codes and data leakage– Crypto-analysis
• Interface analysis– Security Evaluation
• Liveness checks
NSF Workshop on Fundamental Research Challenges for Trustworthy Biometrics 2010
Dr. Colin Soutar 7
CSC Identity and Privacy Assurance 7
Questions?
[email protected] 644 8640.
NSF Workshop on Fundamental Research Challenges for Trustworthy Biometrics 2010
Dr. Colin Soutar 8
CSC Identity and Privacy Assurance 8
• Government and industry identity and privacy initiatives and standards bodies
Identity and Privacy Assurance Standards
National Security Telecommunications Advisory Committee (NSTAC) workinggroupsANSI/INCITS M1 standards (Biometrics; Privacy)Radio Technical Commission for Aeronautics (RTCA)Armed Forces Communications and Electronics Association (AFCEA)TechAmericaACT Canada ELSACenter for Identification Technology Research (Citer)International SC 37 Standards – BiometricsInternational SC 27 Standards – IT SecurityCanadian National Committee on Identity ManagementSmart Card AllianceAll Hazards Consortium (AHC)Inter-Agency Advisory Board (IAB)KantaraOasis(U.S.) National Strategy for Trusted Identities in Cyberspace
NSF Workshop on Fundamental Research Challenges for Trustworthy Biometrics 2010
Dr. Colin Soutar 9
CSC Identity and Privacy Assurance 9
Levels of Assurance
Identity Assurance Framework
Identity Authentication
Identity Proofing
Identity Providers
Privacy ProfileDocumentsDevicesBiometric attributesBiographical dataEvents or knowledge
Service Providers(government,health care, financial,defence etc.
Accreditatione.g. ICAM Trust FrameworkProvider Adoption Process
Certificatione.g. Kantara Identity Assurance Certification Program
Jurisdictional (by geography or industry) Directives, Privacy Policies, andPrivacy Principles
Users
Identity Assurance
Kantara Identity Assurance Framework