1. BioSec Biometrics & Security IST-2002-001766 © 2005 BIOSEC Consortium 1May 2005 BioSec Biometrics & Security Orestes SanchezBioSec Coordinator Telefónica I+D, S.A.U. BioSec: Biometrics and Security in the 6th Framework Programme Porvoo Group 7 th meeting Reykjavik, Iceland

2. BioSec Biometrics & Security IST-2002-001766 © 2005 BIOSEC Consortium 2May 2005 Biometrics: Open issues Biometrics is a key technology for  improving security and trust  Privacy enhancing  Ambient intelligence Space Open Issues:  Unsatisfactory level of performance for some biometrics  Lacking reliability and security of sensor technology  Inapplicability of unimodal biometric systems on very large databases  Performance evaluation of biometric systems changes from method to method  Knowledge production is not coordinated  Research/market fragmentation as a result of missing coordinated actions.  Lack of interoperable and reliable biometric data storage  Establishing standards in biometric systems in all system components  Reluctance of users to accept biometry as a trustable, reliable technology  Biometric systems are lacking user point of view, both in ergonomics and in usability  Legal issues concerning the protection of user privacy and rights on biometric data

3. BioSec Biometrics & Security IST-2002-001766 © 2005 BIOSEC Consortium 3May 2005 BioSec BioSec: Biometrics and Security  FP6 IST Integrated Project IST-2002-001766:  Towards a global dependability and security framework  Starting activities 1st December, 2003 for two years. Security in BioSec means improvements in the following areas:  Usability and acceptance security perception  Designing for Trust and Confidence  Robustness and Performance  Physical and logical security  Law fulfilment Multidisciplinary approach across the elements of the biometric authentication chain:  devices, systems and scenarios implementation

4. BioSec Biometrics & Security IST-2002-001766 © 2005 BIOSEC Consortium 4May 2005 BioSec Objectives Enable new technology development in basic biometric technologies to leverage security, across biometric authentication chain Put the technology to work and to meet requirements of real world applications  Contribute to definition and adoption of standard and interoperable solutions in biometrics and ID Tokens.  Develop effective solutions for secure biometric template storage and match-on-tokens  Two selected scenarios:  physical Access  remote access  Performance, usability and acceptability evaluation with sound and scientific procedures.  Collection of Multiple-biometrics database

5. BioSec Biometrics & Security IST-2002-001766 © 2005 BIOSEC Consortium 5May 2005 BioSec Consortium Project Coordinator is Telefonica I+D Industrial partners:  Siemens AG, Germany (SIEMENS)  Atmel Grenoble, S.A., France (ATMEL)  Finnair Oy, Finland (FINNAIR)  Giesecke and Devrient GmbH, Germany (GandD)  VCON Telecommunications Ltd., Israel (VCON) Companies  Biometrika SRL, Italy (BIOK)  Etra I+D, S.A, Spain (ETRA)  Ibermatica, S.A. Spain (IBERMATICA)  MediaScore GmbH, Germany  Expertnet A.E., Greece (EXPERTNET)  Naukowa i Akademicka Sieć Komputerowa, Poland (NASK)

6. BioSec Biometrics & Security IST-2002-001766 © 2005 BIOSEC Consortium 6May 2005 BioSec Consortium II Government Bodies  Sisäasiainministeriö, Ministry of the Interior Finland (MIFIN) Research Centres  Valtion Teknillinen Tutkimuskeskus, Finland (VTT)  Centre for Research and Technology Hellas, Greece (ITI- CERTH) Academic centres  Tampereen Yliopisto (University of Tampere), Finland (UTA)  Alma Mater Studiorum – Universita Di Bologna, Italy (UNIBO)  Univ Carlos III de Madrid, Spain (UC3M)  Univ Politecnica de Madrid, Spain (UPM)  Univ Politecnica de Catalunya, Spain (UPC)  Universität zu Köln, Germany (UCOL)  Aristotle University Of Thessaloniki, Greece (AUTH)  Katholieke Universiteit Leuven, Belgium (KULRD) University of Cologne Department of Psychology BioLab University of Bologna

7. BioSec Biometrics & Security IST-2002-001766 © 2005 BIOSEC Consortium 7May 2005 BioSec Workflow Review Scenarios and applications Prototypes with BioSec technology BioSec Technology BioSec interfaces BioSec technology Scenarios and applications Biometric technologies Specs Current Technology BioSec interfaces State-of-the-art technology First Prototypes First year BioSec Results

8. BioSec Biometrics & Security IST-2002-001766 © 2005 BIOSEC Consortium 8May 2005 BioSec Interoperability Framework Interoperability framework  Vertical and horizontal integration Three components:  Sensor API  Capture  Low-level  BioAPI compliant: Lighter and object- oriented  Token API  APDU formats  Security Mechanisms: Confidentiality, Authenticity and Integrity  Services offered by the card and the terminal  Biometric Match-on-Token  Java Classes Specification for Terminal Programming  Biometric API  Integrated approach to matching  Logic and Biometric algorithms Sensor XSensor YToken BToken A BioSec sensor APIBioSec Token API Application and services Protocols and network security BioSec API

9. BioSec Biometrics & Security IST-2002-001766 © 2005 BIOSEC Consortium 9May 2005 Template storage and match-on-token Leverage the use of secure personal biometric storage and providing solutions to overcome the need of centralized biometric databases  Put biometrics under user control.  Enabling privacy preserving scenarios Develop Biometric ID Tokens: Smart Cards and USB-Tokens  Interoperable Token Application Program Interface.  Explore the integration of biometric template data formats  Robust and secure template storage and transmission in and out  Integrate Matching Algorithms on the Token Strong liaison with eEPOCH (FP5-IST) partners

10. BioSec Biometrics & Security IST-2002-001766 © 2005 BIOSEC Consortium 10May 2005 Personal storage for biometric data Main Target:  Develop new means to personal ID Token  able to perform Biometric Authentication  Increase the use of personal ID Tokens among European Society ID Tokens Requirements:  Secure storage, communication and processing  Comfortable for the user  Suitable for different environments  Interoperable Technologies under study  JavaCards  Tokens: USB – or suitable to be adapted to other interfaces.  New Microelectronic Designs for future smart cards

11. BioSec Biometrics & Security IST-2002-001766 © 2005 BIOSEC Consortium 11May 2005 Biometric ID Tokens Carried-on activities Definition of the storage format for Biometric Templates  Current standardization specifications: ISO SC37 drafts Development of an API for Biometric ID Tokens  1st version of specifications available at BioSec web site. Development of Match-on-Token Solutions  Currently with Iris Biometrics on JavaCard, and Fingerprint on native code  By the end of Q1 2005, prototypes with USB-Tokens and Match-on-Token USB Token Development Platform and Microelectronic Development Platform completed

12. BioSec Biometrics & Security IST-2002-001766 © 2005 BIOSEC Consortium 12May 2005 First phase studies on acceptance and usability of biometric technology Cross cultural study (Finland, Spain, Germany)  Crucial result: German participants are better acquainted with biometric security systems than Finnish and Spanish participants, also they express less concerns with regard to centralised data storage Field study (Vantaan Airport)  Crucial result: Usability and acceptance of the fingerprint system was high, perceived drawbacks are slowness and low reliability during first trial Laboratory study (Mediascore Lab Cologne)  Crucial result: participants´ acceptance increases after first usage, a number of variables (gender, age, expertise) mediate the evaluation of biometrics Acceptance and Usability

13. BioSec Biometrics & Security IST-2002-001766 © 2005 BIOSEC Consortium 13May 2005 Current status Sucessfull first year. Technical achievements:  Specification of interoperability framework: sensors and storage.  First prototypes:  aliveness detection in fingerprint,  3D recognition,  Voice noise models,  Iris recognition.  Match-on-Token  Multiple-biometrics database acquisition tools.  Two scenario setups:  Network access with remote authentication.  Physical access: Helsinki airport.  First results on usability and acceptance

14. BioSec Biometrics & Security IST-2002-001766 © 2005 BIOSEC Consortium 14May 2005 Steps for 2 nd year Proof of concept of BioSec technologies Evolve prototypes of sensors and biometric storage. Comparative study with first stage results:  Usability and acceptance  Interoperability: final version of BioSec API.  Performance evaluation. Improve tools for multiple-biometrics algorithms research Physical access:  Interoperation of components and systems in real usage situation Remote access:  Biometric authentication in new applications and security vulnerabilities Standardisation

15. BioSec Biometrics & Security IST-2002-001766 © 2005 BIOSEC Consortium 15May 2005 Challenges ahead User-centred issues:  Education.  Legal framework.  Identify acceptance barriers.  Cross-European studies. Technical:  Fusion of multimodal biometrics.  Aliveness detection.  Robustness.  Storage. Certification:  Evaluation of performance.  Interoperability.  Security. Applications:  verification of identity in new areas: e-Government, e- Health, e-Everything.  Scenarios for AmI Space  Networked applications  Every-day applications: private identification  Biometric in electronic signature  Biometric encryption  ROI and cost estimation

16. BioSec Biometrics & Security IST-2002-001766 © 2005 BIOSEC Consortium 16May 2005 Further contacts Coordinator  Orestes Sanchez  Telefónica I+D, S.A.U.  E-mail: biosec-coord@biosec.orgbiosec-coord@biosec.org BioSec 3rd workshop:  16th and 17th June, Helsinki, Finland Website: www.biosec.org  Biometrics Standard Observatory  BioSec Office: biosec-office@biosec.org  BioSec Interest Group  Public results of the project  BioSec Newsletters