What are Biometrics? The term biometrics refers to a science
involving the standard analysis of biological characteristics. A
biometric is a unique, measurable characteristic or trait of a
human being for automatically recognising or verifying
identity.
Slide 4
Who are you? No, who are you, really???
Slide 5
Authentication Methods in Network & Internet Security
Something you are Biometrics Positive identification Never lost or
stolen Something you know Passwords PINs Mothers maiden name
Something you have ATM card Smart card Digital certificate
Slide 6
Biometric Techniques Identification of all the biometric
methods, both mainstream and esoteric, known to the group. Consider
methods that relate to non-humans and also combinations of
methods.
Slide 7
Biometrics Innate Iris Retina Ear Fingerprint Palm / hand Face
(visual & heat) Skin detail / veins DNA / Blood / Saliva /
anti-bodies Heart rhythm Footprint Lips Behavioral Gait Signature
Typing style Mixed Voice Body odour
Slide 8
Why Biometrics? Biometric identification (e.g., fingerprints,
face and voice) will emerge as the only way to truly authenticate
an individual, which will become increasingly important as security
and privacy concerns grow. - Gartner Group 26 th April 2000
Slide 9
How do Biometrics Work? Enrollment: Add a biometric identifier
to a database Fingerprint, Voice, Facial or Iris Verification:
Match against an enrolled record Present biometric CaptureProcess
Store Present biometric Capture Process Compare Match IDENTIFIED No
Match DENIED
Slide 10
Fingerprint Image Identification
Slide 11
Randomness
Slide 12
Accuracy v. Affordability v. Acceptability 0 1 2 3 4 Accuracy
>> Affordability >> Courtesy, Veridicom Corp.
Slide 13
Benefits for the Consumer
Slide 14
Benefits of Biometrics Biometrics link a particular event to a
particular individual, not just to a password or token, which may
be used by someone other than the authorized user
Slide 15
Business Scenarios The password problem Remote access Who is
using our fee-based web- site? Challenge-response tokens Too many
physical-access devices Protecting the single-sign-on vault
Slide 16
Password Rules (an obligatory cartoon)
Slide 17
How Do You Remember Passwords?
Slide 18
The Password Problem Theyre either too easy or theyre written
down somewhere! Users forget them! Help Desk has to sort out the
mess!
Slide 19
Password Survey Every user requesting password reset received
survey 50% response No recriminations policy Source - CCH
Slide 20
The Password Problem Good passwords are bad for users
Slide 21
The Password Problem Write it Down 4728816 % of respondents
Never OccasionallyOftenAlways
Slide 22
The Password Problem User Overload 57367 No of Pswds %
1-34-67-9
Slide 23
The Password Problem User Impact 462295 Password Resets %
Zero1-23-6> 6
Slide 24
The Password Problem Wait Time
Slide 25
The Password Problem Impact on Productivity
Slide 26
The Password Problem Who Knows your Password?
Slide 27
The Password Problem How Many Passwords do you Know?
Slide 28
The Password Problem Resets per Year 4 62295 % of respondents
Zero1-23-6> 6 Source: CCH
Slide 29
The Password Problem Identifiable costs Lost productivity
Flow-on productivity losses Support team Management and
infrastructure US research - $340 per incident* Anecdotal some
incidents over $AU10,000 *BioNetrix Corp -
www.bionetrix.com/inserts.pdf
Slide 30
Choosing Technologies and Partners
Slide 31
Privacy Concerns and Ethics Criminal stigma 3rd party use of
data Sold or given for other than intended purpose Provided to law
enforcement Unauthorized access Identity theft Tracking of actions
through biometrics Religious objections - Mark of the Beast
Slide 32
Australian Privacy Act NPP 4 Data Security An organisation must
take reasonable steps to protect the personal information it holds
from misuse and loss and from unauthorised access, modification or
disclosure.
Slide 33
Privacy Policy Recommendations 5 basic principles Notice
disclose ALL data captured Access anyone can view their stored data
Correction Mechanism Informed Consent no 3 rd -party involvement
Reliability & Safeguarding
Slide 34
Who would use Biometrics Strong identification and
authentication Medium high data security Non-repudiation (I didnt
do it!)
Slide 35
Who would use Biometrics The last metre Fee-for-service web
sites e-Commerce transaction verification
Slide 36
Selecting Biometric Technologies User / environment
considerations Cooperative/non-cooperative users Overt/covert
capture Habituated/non-habituated Attended/unattended
Public/private Indoor/outdoor Possible interference User
lifestyle/occupation Compatibility with existing/legacy
systems
Slide 37
Selecting Biometric Technologies Technology factors Cost
Accuracy Ease of use Public acceptance Long term stability
Existence/use of standards Barriers to attack Track record of
vendor/product Availability of alternate sources Scalability
Slide 38
Technology Comparison
Slide 39
Accuracy False rejection rate Measures how often an authorized
user, who should be recognized by the system, is not recognized. I
am not recognised as me! False acceptance rate Measures how often a
non-authorized user, who should not be recognized by the system, is
falsely recognized. You are pretending to be me!
Slide 40
Matching vs. Non- Matching Prints Non-matching prints Matching
prints Matching Threshold False non-matchesFalse matches d
Slide 41
FRR vs. FAR FAR / FRR are loosely inverse FAR = FER = Equal
Error Rate Threshold FAR FRR Error Rate Failure to enroll rate
(FER) Measures how often users are unable to enroll a biometric
record
Slide 42
Selecting a Biometric Solution
Slide 43
Biometrics Institute Recently incorporated Impartial tester
Education source Government & industry funded www.biomet.org
[email protected] Introduction to Biometrics 1-day course
September 25th
Slide 44
What problem are we solving? If biometrics is the answer, whats
the question?
Slide 45
Reference Sites Health Health Technologies (Australia) Patient
Records Capital Coast Health (NZ) Access security & SSO
e-Commerce (Australia ) e-Contracts Big Sky Contracting Social
Security States of New Jersey, Virginia, Connecticut Social Welfare
systems Banking & Finance ING Direct (Canada) On-line banking
ABN AMRO (Australia) Network Security Pt Makindo (Indonesia)
Network Security On-line Trading Government Network Security and ID
systems Defence Stratcom US GSA Govt-wide Smart Card Program
Slide 46
What are some of the products?
Slide 47
Biometric Scanning Devices Veridicom 5 th Sense Fingerprint
Scanner Secugen EyeD Mouse II Scanner Sensar Iris Scanner PC Video
Camera Telex Microphones Phoenix Keyboards Veridicom Combo
Fingerprint & SmartCard Scanner
Slide 48
SAF/2000 SAF/NT System requirements Versions Hardware Client
environment
Slide 49
Data Flow During Login 9x/NT client Login Server SAFserver
Biometric device BSP 1. Client displays NRIgina.dll 6. SAFserver
determines validity of biometric 2. Client accepts username passed
to SAFserver 3. SAFserver advises login method 4. Client collects
biometric 5. Summarized biometric passed to SAFserver for
confirmation 7. If user is valid, SAFserver passes user password to
client 8. Client passes username and password to login server to
complete the login
Slide 50
NMAS Modular interface to NDS Choice of biometric method &
supplier Multiple & graded authentication Free starter pack
Enterprise Edition
Slide 51
Graded Authentication
Slide 52
Veridicom Protector Suite Logon Protector secure log-on based
on fingerprints and smart cards FileDisk Protector - strong on-line
encryption in a virtual disk Password Protector PasswordBank for
applications and Internet access PKI Protector En/decrypt email and
www user authentication using PKI
Slide 53
More Information SAFLINK Corporation
http://www.saflink.com/safnmas http:// www.saflink.com/ Biometric
Consortium http:// www.biometrics.org International Computer
Security Association http:// www.icsa.net Biometrics in Human
Services Newsletter http:// www.dss.state.ct.us/digital.htm
Biometric Technology Today http:// www.sjb.co.uk The International
Biometric Society http:// www.tibs.org The Connecticut Project
http://www.dss.state.ct.us/digital.htm Human Identification in
Information Systems
http://www.anu.edu.au/people/Roger.Clarke/DV/HumanID
Slide 54
More Information International Biometric Industry Association
http://www.ibia.org/ BioAPI Consortium http://www.bioapi.org/
Biometric Digest http://biodigest.com Association for Biometrics
(Europe) http://www.afb.org.uk National Biometric Test Centre
http://www.engr.sjsu.edu/biometrics/ Biometrics Research
http://biometrics.cse.msu.edu/ International Biometric Group
http://www.biometricgroup.com/ Biometrics Scanning, Law &
Policy http://www.pitt.edu/%7Elawrev/59%2D1/woodward.htm
Slide 55
And for a Negative View Biometrics
http://www.666soon/biometri.htm Fight the Fingerprint
http://www.networkusa.org/fingerprint.shtml