Presentation is loading. Please wait.

Presentation is loading. Please wait.

Going beyond passwords

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Going beyond passwords"— Presentation transcript:

1 Going beyond passwords
Authentication II Going beyond passwords

2 Agenda Announcements Biometrics Physical devices
General authentication

3 Biometrics Biometrics is the comparison of live anatomical, physiological, or behavior characteristics to the stored template of a person. Physiological: Fingerprint, hand or finger geometry Patterns of retina, veins, irises, faces Behavioral: Signature Voice keypresses See for lists of vendors

4 Potential Advantages Eliminates certain password problems – difficult to share, misplace, and forge Convenient and potentially easy to use no remembering nothing physical to forget or misplace Improve access speed Reduces cost within organizations: eliminates passwords which are expensive to maintain and secure Increase security: eliminates the sharing of passwords, deters and detects fraudulent account access, and improves physical security. Competitive advantage: applications demand advanced technology Convenience to employees: passwords tend to be overwhelming, biometrics eliminates the need to memorize or reset passwords, while speeding up login Non-repudiation: transactions are difficult to negate

5 Authentication Identification vs. Verification
Question: what’s the difference?

6 Biometrics process Enrollment Use Acquisition Creation of template
Storage of template Use Acquisition(s) Comparison Decision

7 Performance metrics FTE – Failure To Enroll FTA – Failure To Accept
FAR – False Acceptance Rates FRR – False Reject Rates Common goal: FAR = FRR. Why?

8 Fingerprints Traditionally used in law enforcement and border control for identification Many uses Walt Disney World Payment systems – example: BioPay in North Carolina Variety of cheap devices available

9 Recognition Current technology Identify patterns Or Identify minutae
Optical Ultrasonic Capacitance Identify patterns Loops, whirls Or Identify minutae Ridge endings, etc. Optical – takes a digital image disadv., scratched, dirty surface causes bad image; easily fooled with pictures Ultrasonic – hig hfrequency sound waves, doesn’t need clean sensing surface Capacitance – measure ridge patterns, eliminates need for clean sensing surface

10 Fingerprints Advantages Disadvantages Long history of use
Unique and permanent Variety of cheap technologies Reasonable performance Disadvantages Association with law enforcement Quality of prints vary with race, age, environmental factors Dirt & grime Placement of finger can be important Can be easy to circumvent

11 Face recognition Select facial features from images and compare
Variety of environments Search for criminals in crowds (airports, large events) Border control & passports Casinos

12 Face recognition Advantages Disadvantages Universal More acceptable?
Indoor and outdoor use reasonable Easy to perform without awareness Disadvantages Requires straight on, neutral expression Photos can circumvent Accuracy is still a problem

13 Iris Recognition Unique patterns in the iris – iris code
Currently lowest false accept rates Can be used in variety of environments BUT Requires good image from cooperative user

14 Voice Recognition Speech input Easy deployment Frequency Duration
Cadence Easy deployment Microphones easy to install Gathering voice can be done unobtrusively

15 Voice recognition Background and ambient noise is a huge problem
Templates are large compared to other biometrics Longer enrollment time (training) Recording may be an issue

16 Keystroke biometrics Keypress timings or pressure Advantages:
Easily used in conjunction with computer-based passwords Can be gathered automatically Disadvantages: Not very unique or permanent Can listen to keyboard typing to determine Can be used to infer password

17 Other techniques Hand geometry Retinal scans Signature Hand veins Odor
Gait Ear DNA

18 General requirements Universality Distinctiveness Permanence
Collectability Performance Acceptability Circumvention Question: What other usability requirements?

19 Comparison Face Fingerprint Iris Voice Keyboard Universality
Distinctiveness Collectability Performance Acceptability Circumvention

20 Security Considerations
Biometrics are not secrets and are therefore susceptible to modified or spoofed measurements There is no recourse for revoking a compromised identifier Strategic Solutions Liveness testing Multi-biometrics Liveness testing: ensures input measurements are not originating from inanimate objects Multi-biometrics: fusing multiple and independent biometric identifiers

21 Privacy Considerations
A reliable biometric system provides an irrefutable proof of identity Threatens individuals right to anonymity Cultural or religious concerns Violates civil liberties Strategic Solutions Biometric cryptosystems Transparency Threatens individuals right to anonymity People believe that control and use of the human body is a violation of moral tenets, religious beliefs, and civil liberties. Strategic Solutions Biometric cryptosystems – generation of cryptographic keys based on biometric samples Transparency – failing to store any actual images

22 Other issues Exception handling Time consuming enrollment
Sociological concerns Cause personal harm or endangerment? Cultural or religious opposition Comparing systems in the real world User training Comfort with technology and methods Experience of specific device

23 Questions Where would you like to see biometrics used?
In what situations would it be inappropriate? How and when to offer user training?

24 Physical devices “What you have…” piece of the puzzle Typical example:
ATM cards Public transportation cards

25 Technologies Smart cards USB Cell phones OTP tokens

26 Comparisons Advantages? Disadvantages? User issues:
Acquiring the device (expense, time) Installing and connecting it properly Loss or failure of device

27 Usability study Motivation: compare alternative forms of cryptographic smart cards Question: which device is faster and easier to use in a mobile setting? Method: Within subjects user study with 3 devices task adapted from Johnny Can’t Encrypt Testing mobility by changing computers Debriefing questionnaire for user impressions

28 Results USB tokens faster to use USB token users made fewer errors
Smart card has poor feedback for inserting card USB token means no separate installation – device already plugged in Added value helps users care about them more

29 Questions Is it possible to have authorization without identification?
How would you increase acceptance of biometric systems? Are there any current password systems that you would like to replace with a biometric or hardware scheme? Why? How would you design a study to test the usability and utility of a laptop fingerprint reader?

30

31 Let’s compare Paypal: (user id) + strong password, challenge questions + for password recovery + OTP, defaults to password if token lost + fingerprint, defaults to password if reader unavailable

32 Evaluation Accessibility Memorability Security Cost
Depth of processing, retrieval, meaningfulness Security Predictability, abundance, disclosure, crackability, confidentiality Cost Environmental considerations Range of users, frequency of use, type of access, etc.

Download ppt "Going beyond passwords"

Similar presentations

BIOMETRICS By Lt Cdr V Pravin 05IT6019. BIOMETRICS  Forget passwords...  Forget pin numbers...  Forget all your security concerns...

BIOMETRICS By Lt Cdr V Pravin 05IT6019. BIOMETRICS  Forget passwords...  Forget pin numbers...  Forget all your security concerns...
(Biometrics Consortium)

(Biometrics Consortium)
AN OVERVIEW OF BIOMETRIC ATMs. WHY ? CONVENTIONAL ATMs -> BIOMETRIC ATMs Environmental Concerns Environmental Concerns Security Concerns Security Concerns.

AN OVERVIEW OF BIOMETRIC ATMs. WHY ? CONVENTIONAL ATMs -> BIOMETRIC ATMs Environmental Concerns Environmental Concerns Security Concerns Security Concerns.
BTC - 1 Biometrics Technology Centre (BTC) Biometrics Solution for Authentication Prof. David Zhang Director Biometrics Technology Centre (UGC/CRC) Department.

BTC - 1 Biometrics Technology Centre (BTC) Biometrics Solution for Authentication Prof. David Zhang Director Biometrics Technology Centre (UGC/CRC) Department.
Section 2.3.5 – Biometrics 1. Biometrics Biometric refers to any measure used to uniquely identify a person based on biological or physiological traits.

Section – Biometrics 1. Biometrics Biometric refers to any measure used to uniquely identify a person based on biological or physiological traits.
BIOMETRICS AND NETWORK AUTHENTICATION Security Innovators.

BIOMETRICS AND NETWORK AUTHENTICATION Security Innovators.
Department of Electrical and Computer Engineering Physical Biometrics Matthew Webb ECE 8741.

Department of Electrical and Computer Engineering Physical Biometrics Matthew Webb ECE 8741.
FIT3105 Biometric based authentication and identity management

FIT3105 Biometric based authentication and identity management
Introduction to Biometrics Dr. Pushkin Kachroo. New Field Face recognition from computer vision Speaker recognition from signal processing Finger prints.

Introduction to Biometrics Dr. Pushkin Kachroo. New Field Face recognition from computer vision Speaker recognition from signal processing Finger prints.
GUIDE TO BIOMETRICS CHAPTER I & II September 7 th 2005 Presentation by Tamer Uz.

GUIDE TO BIOMETRICS CHAPTER I & II September 7 th 2005 Presentation by Tamer Uz.
Biometrics and Authentication Shivani Kirubanandan.

Biometrics and Authentication Shivani Kirubanandan.
Biometrics Kyle O'Meara April 14, 2008. Contents Introduction Specific Types of Biometrics Examples Personal Experience Questions.

Biometrics Kyle O'Meara April 14, Contents Introduction Specific Types of Biometrics Examples Personal Experience Questions.
B IOMETRICS Akash Mudubagilu Arindam Gupta. O VERVIEW What is Biometrics? Why Biometrics? General Biometric System Different types of Biometrics Uses.

B IOMETRICS Akash Mudubagilu Arindam Gupta. O VERVIEW What is Biometrics? Why Biometrics? General Biometric System Different types of Biometrics Uses.
Usable Biometrics Ashley Brooks Usability and Privacy 95-899 Cranor, Reiter, and Hong April 11, 2006.

Usable Biometrics Ashley Brooks Usability and Privacy Cranor, Reiter, and Hong April 11, 2006.
Marjie Rodrigues 411154.

Marjie Rodrigues
Security-Authentication

Security-Authentication
1J. M. Kizza - Ethical And Social Issues Module 16: Biometrics Introduction and Definitions Introduction and Definitions The Biometrics Authentication.

1J. M. Kizza - Ethical And Social Issues Module 16: Biometrics Introduction and Definitions Introduction and Definitions The Biometrics Authentication.
Module 14: Biometrics Introduction and Definitions The Biometrics Authentication Process Biometric System Components The Future of Biometrics J. M. Kizza.

Module 14: Biometrics Introduction and Definitions The Biometrics Authentication Process Biometric System Components The Future of Biometrics J. M. Kizza.
A survey of image-based biometric identification methods: Face, finger print, iris, and others Presented by: David Lin ECE738 Presentation of Project Survey.

A survey of image-based biometric identification methods: Face, finger print, iris, and others Presented by: David Lin ECE738 Presentation of Project Survey.
Biometrics: Ear Recognition

Biometrics: Ear Recognition

Similar presentations

Ads by Google