Presentation is loading. Please wait.

Presentation is loading. Please wait.

Biometrics Technology Charlie Ahrens Director, DigitalPersona December 12, 2002.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Biometrics Technology Charlie Ahrens Director, DigitalPersona December 12, 2002."— Presentation transcript:

1 Biometrics Technology Charlie Ahrens Director, DigitalPersona December 12, 2002

2 Increasingly Networked World Intranets WAN Extranets Remote access and VPN Last mile broadband (DSL / cable modems) Wireless networking Mobile wireless (PDAs / cell phones) ASPs

3 Computer and Network Security SSL, VPNs, Digital Certificates, S/MIME, PGP, RAS, Databases, network logon Each has a foundation in the use of cryptographic keys - 1024 bit private keys, 128 bit symmetric keys, and password hashes Theory shows that it would take longer than the age of the universe to crack any of these keys…so it must be secure?

4 Shifting Security Threat Previous decade focused on perimeter security Securing entry points into the network and applications that had weak access controls. Firewalls, VPN’s, Cryptography… Proliferation of Access Control (and points of access) Today’s threat model revolves around end users Perimeter security has increased, raising the difficulty of breaking through access controls Other areas of attack are now the highest risk Social engineering attacks are gaining recognition as a path of least resistance for hackers leading to corporate “identity theft”

5 The Art of Deception… "The biggest threat to the security of a company is not a computer virus, an unpatched hole in a key program or a badly installed firewall… The weakest link in the chain is the people“ - Kevin Mitnick; Oct 2002, BBC Interview

6 Passwords Security is actually left in the hands of the users. People cannot remember 1024 bit keys, so a password encryption or access mechanism is used. People forget passwords, write them down on post-it notes, tell them to colleagues, choose ones that are easy to remember. Open to social engineering attacks Expensive to administer, inconvenient for users, and a big security hole.

7 User Authentication The ‘Achilles Heel’ of Network Security Server Security Intrusion Detection Strict Access Controls Digital Certificates Server Security Intrusion Detection Strict Access Controls Digital Certificates Network Security Firewalls, DES, SSL encryption Network Security Firewalls, DES, SSL encryption PC Security Secure OS’s TCPA PC Security Secure OS’s TCPA User Authentication Passwords User Authentication Passwords

8 Corporate Identity Theft Passwords- the Achilles heal of security 71% of computer fraud is due to unauthorized insider activity; 2000 CSI/FBI Computer Crime Survey 4 out 5 workers will disclose their passwords to someone in the company, when asked. PentaSafe Security Technologies; Cnet News, 2002 Largest database of Corporate Passwords = Adult content sites Password issues cost between $100-300 per user per year Morgan Keegan, 2001; Gartner Group/Forrester Research. Current employees pose 2x greater threat to company technology infrastructure than external, non-employees. CSO Magazine Survey, 2002; CXO Media Inc. Password polices are ineffective and expensive Password security policies rely on end-user cooperation Strict policies motivate users to compromise security Those who comply will generate higher support costs… Catch 22; stricter policies can actually lower security

9 Digital Certificates Require Secure User Authentication Digital Certificates are electronic tokens / keys used in many high security environments. 010111011000101… Digital Certificate USER AUTHENTICATION They can be stored on a PC, a smart card, or a server. Use of the key requires secure user authentication!

10 Biometrics as the Primary Credential A fingerprint match becomes the key building block for user authentication More secure Easier to use Less costly to support Add additional credentials as necessary Multi-factor authentication for higher security Passwords, tokens, other biometrics…

11 Biometrics Security & Convenience Biometric technology options: Voice Face Iris Hand Fingerprint Telephone ID Surveillance High speed identification Difficult environments Low cost, embeddable

12 Fingerprint recognition Has been studied for 100+ years Tens of millions invested in R&D and processes. Constrained environment We have 10 fingers Easily cost and size reduced High user acceptance

13 Fingerprint Technology Rapidly Securing IT Environments 199619982000200219942004 $99-$149 (today) PRICE MARKET $12M / yr (‘98) $600M/yr (‘03) $6,000 (‘94) Market Forecast Source: International Biometric Group

14 Case Studies City of Glendale Glendale, California Centre Hospitalier Laurentien Montreal, Canada

15 Demonstration

Download ppt "Biometrics Technology Charlie Ahrens Director, DigitalPersona December 12, 2002."

Similar presentations

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Building a Wide Area Public Safety Network Technologies Used, Lessons Learned EMS Summit October 2, 2003 William E. Ott, MS, Paramedic.

Building a Wide Area Public Safety Network Technologies Used, Lessons Learned EMS Summit October 2, 2003 William E. Ott, MS, Paramedic.
Enterprise Data Solutions A Better Network. A Better ROI. Martin Matthews Technical Sales Engineer.

Enterprise Data Solutions A Better Network. A Better ROI. Martin Matthews Technical Sales Engineer.
Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.

Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.
By Aidan Summerville.  The process inn which a person’s unique physical and other traits are detected and recorded by an electronic device or system.

By Aidan Summerville.  The process inn which a person’s unique physical and other traits are detected and recorded by an electronic device or system.
Chapter 9 Information Systems Ethics, Computer Crime, and Security

Chapter 9 Information Systems Ethics, Computer Crime, and Security
Company Confidential WiFiSPARK Limited 2003-2006 The Benefits of Wireless Networking Matt O’Donovan WiFiSPARK Limited Tel : 0845 838.

Company Confidential WiFiSPARK Limited The Benefits of Wireless Networking Matt O’Donovan WiFiSPARK Limited Tel :
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.

McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
Unit 9 Network Fundamentals. Describe a network Explain the benefits of a network Identify risks in computing Describe the roles of clients & servers.

Unit 9 Network Fundamentals. Describe a network Explain the benefits of a network Identify risks in computing Describe the roles of clients & servers.
BUSINESS PLUG-IN B6 Information Security.

BUSINESS PLUG-IN B6 Information Security.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
BIOMETRICS AND NETWORK AUTHENTICATION Security Innovators.

BIOMETRICS AND NETWORK AUTHENTICATION Security Innovators.
Polytechnic University of Tirana Faculty of Information Technology Computer Engineering Department Identification of on-line users and Digital Signature.

Polytechnic University of Tirana Faculty of Information Technology Computer Engineering Department Identification of on-line users and Digital Signature.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
FIT3105 Security and Identity Management Lecture 1.

FIT3105 Security and Identity Management Lecture 1.
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.

Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
Security Week 10 Lecture 1. Why do we need security? Identify and authenticate people wanting to use the system Prevent unauthorised persons from accessing.

Security Week 10 Lecture 1. Why do we need security? Identify and authenticate people wanting to use the system Prevent unauthorised persons from accessing.
Business Data Communications, Fourth Edition Chapter 10: Network Security.

Business Data Communications, Fourth Edition Chapter 10: Network Security.

Similar presentations

Ads by Google