Presentation is loading. Please wait.

Presentation is loading. Please wait.

Managing Secure Biometric Systems Meghan Armes IA Management April 24, 2007.

Similar presentations


Presentation on theme: "Managing Secure Biometric Systems Meghan Armes IA Management April 24, 2007."— Presentation transcript:

1 Managing Secure Biometric Systems Meghan Armes IA Management April 24, 2007

2 Overview Description/Definition Description/Definition Why Use Biometrics Why Use Biometrics Commonly Used Biometrics Commonly Used Biometrics –Pros/Cons Security Issues Security Issues Future Applications Future Applications Conclusion Conclusion

3 Definition/Description of Biometrics Literally, “life measurement” Literally, “life measurement” Authentication mechanisms: Authentication mechanisms: –Something you are –Something you produce Examples: Examples: –Fingerprints –Voice –Hand topology

4 Definition/Description of Biometrics Technology scans human characteristics Technology scans human characteristics –Converts images to unique points of reference that are digitized and encrypted –Only 3 are considered “truly unique”: Fingerprints Fingerprints Retina (blood vessel pattern) Retina (blood vessel pattern) Iris Iris –DNA/genetic material also unique, but not cost- effective or socially accepted

5 Why Use Biometrics Takes advantage of some element that is inherent to the user Takes advantage of some element that is inherent to the user Used to authenticate users so they can be authorized and given access to resources Used to authenticate users so they can be authorized and given access to resources

6 Commonly Used Biometrics Fingerprints Fingerprints Palm scan Palm scan Hand geometry Hand geometry Hand topology Hand topology ID cards (face representation) ID cards (face representation) Facial recognition Facial recognition Retina scan Retina scan Iris scan Iris scan Signature recognition Signature recognition Voice recognition Voice recognition

7 Commonly Used Biometrics

8 Signature recognition/signature capture often used in retail stores Signature recognition/signature capture often used in retail stores –Signatures are digitized, compared to database for validation or saved for reference –Signatures can vary: age, fatigue, speed with which they’re written

9 Commonly Used Biometrics Voice recognition captures analog waveforms of human speech Voice recognition captures analog waveforms of human speech –Compared to stored version –User given phrase they must read each time –May vary: age, illness, fatigue, background noise

10 Commonly Used Biometrics Keystroke pattern recognition: timing between key signals Keystroke pattern recognition: timing between key signals –User types in a known/given sequence of keystrokes –Can provide unique identification when measured with sufficient precision –Can vary: injury, fatigue, familiarity with typing the known phrase

11 Security Issues in Biometrics Three basic criteria of evaluating biometric technologies: Three basic criteria of evaluating biometric technologies: 1.False reject rate: percentage of authorized users denied access 2.False accept rate: percentage of unauthorized users given access 3.Crossover error rate: point at which the number of false rejections = number of false acceptances

12 Security Issues in Biometrics False Reject Rate: result of failure in biometric device False Reject Rate: result of failure in biometric device Also called Type I error Also called Type I error Obstructs legitimate use (not often seen as a serious threat, merely an annoyance) Obstructs legitimate use (not often seen as a serious threat, merely an annoyance)

13 Security Issues in Biometrics False Accept Rate: also a result of biometric device failure False Accept Rate: also a result of biometric device failure Type II error Type II error Serious security breach: avoid by using multiple authentication measures to back up failing device Serious security breach: avoid by using multiple authentication measures to back up failing device

14 Security Issues in Biometrics Crossover Error Rate (CER): optimal outcome of biometrics-based systems Crossover Error Rate (CER): optimal outcome of biometrics-based systems CER used to compare biometrics, varies among manufacturers CER used to compare biometrics, varies among manufacturers Lower number is best (CER of 1% is better than CER of 5%) Lower number is best (CER of 1% is better than CER of 5%)

15 Security Issues in Biometrics Important to balance system’s effectiveness with intrusiveness and acceptability Important to balance system’s effectiveness with intrusiveness and acceptability Increase in rate of effectiveness usually means decrease in rate of acceptability Increase in rate of effectiveness usually means decrease in rate of acceptability

16 Security Issues in Biometrics Effective, Most to Least Retina pattern recognition Fingerprint recognition Handprint recognition Voice pattern recognition Keystroke pattern recognition Signature recognition Accepted, Most to Least Keystroke pattern recognition Signature recognition Voice pattern recognition Handprint recognition Fingerprint recognition Retina pattern recognition

17 Security Issues in Biometrics Cost: biometric technology averages more than $100/user just for simple thumbprint reader Cost: biometric technology averages more than $100/user just for simple thumbprint reader Interoperability: systems come from independent vendors so systems are not standardized Interoperability: systems come from independent vendors so systems are not standardized Social challenge: users unwilling to accept unfamiliar, invasive methods Social challenge: users unwilling to accept unfamiliar, invasive methods

18 Future Applications of Biometrics Integration in passports for the US, UK, and EU Integration in passports for the US, UK, and EU President Bush: future legal immigrants and visitors to the US should expect to be card-indexed and fingerprinted President Bush: future legal immigrants and visitors to the US should expect to be card-indexed and fingerprinted –ID card with digitized fingerprints

19 Future Applications of Biometrics Certification and Biometrics: the Security Certified Program offers: Certification and Biometrics: the Security Certified Program offers: –Public Key Infrastructure (PKI) and Biometrics Concepts and Planning –PKI and Biometrics Implementation

20 Conclusion Biometrics as authentication device Biometrics as authentication device Why use biometrics Why use biometrics Commonly used biometrics Commonly used biometrics –All have downside Security Issues in Biometrics Security Issues in Biometrics – Effective vs. Accepted Future applications Future applications

21 Sources Management of Information Security textbook, by Michael E. Whitman and Herbert J. Mattord, chapters 9 and 10 Management of Information Security textbook, by Michael E. Whitman and Herbert J. Mattord, chapters 9 and 10 http://en.wikipedia.org/wiki/Biometric #United_States http://en.wikipedia.org/wiki/Biometric #United_States

22 Questions


Download ppt "Managing Secure Biometric Systems Meghan Armes IA Management April 24, 2007."

Similar presentations


Ads by Google