Presentation is loading. Please wait.

Presentation is loading. Please wait.

Biometrics and Security Colin Soutar, CTO Bioscrypt Inc. 10th CACR Information Security Workshop May 8th, 2002.

Published byMelvyn Wilkinson Modified over 9 years ago

Similar presentations

Presentation on theme: "Biometrics and Security Colin Soutar, CTO Bioscrypt Inc. 10th CACR Information Security Workshop May 8th, 2002."— Presentation transcript:

1 Biometrics and Security Colin Soutar, CTO Bioscrypt Inc. 10th CACR Information Security Workshop May 8th, 2002

2 2 Presentation Outline n Company Overview l Bioscrypt Inc. n Bioscrypt Technology n Evaluated Product l Bioscrypt Enterprise for NT Logon n Vulnerabilities Addressed l Cryptography and Biometrics n Conclusions

3 3 Bioscrypt Inc. n Mytec Technologies and Biometric Identification Inc. n Based in Toronto and Los Angeles n Fingerprint authentication for physical and logical access n TSE:BYT

4 4 Security Evaluation n Common Criteria Scheme l Communication Security Establishment l EWA Canada n “Trusted device” n Integration with security architecture l Authorization Credentials

5 5 Trusted Device Host Computer Bioscrypt Device Template Encryption/Decryption Enroll/Verify Trusted Path Link Encryption Diffie-Hellman El Gamal Triple-DES

6 Encrypted Link * Critical operations *  Host PC  User Record Stored Bioscrypt Enterprise  Trusted Device  Fingerprint scanned  Template created  Encryption/decryption  Verification accomplished  Credentials released * * * * *

7 7 Authentication + Authorization Credentials Host Application Authorization Bioscrypt Device User (human) Authentication Authorization Credentials

8 8  Examples of Credentials  password, PIN, private key  signed data Benefits  Link between User Authentication and Authorization  Complex authentication “answer”  API’s (BioAPI, CDSA/HRS)  Single user - multiple system identities (Roles)

9 9 Data structure – User Record 3-DES Encrypted Device Key FIPS 46-3 and FIPS 81 Authorization Credentials Biometric Template User record can be stored in clear – prevents “Identity Theft”

10 10 Evaluated Product n Authorization Credentials l User Password n Application l Replacement for the Microsoft GINA

11 Software Developer’s Kit Bioscrypt Enterprise Reader 3-DES encrypted Authorization Credentials NT Administration: System User + Credentials Enrollment (Administrative Supervision) Credentials combined with template User’s biometric captured User Record 2 3 4 15 stored in SAM

12 Software Developer’s Kit Bioscrypt Enterprise Reader 3-DES decrypted GINA application: User Verification Compared with template User’s biometric captured Authorization Credentials User Record (from SAM) 2 3 4 5 1

13 13 Vulnerabilities n Confidentiality of biometric data/user credentials l 3-DES Encryption n Data Integrity l Link encryption n Replay Attack l Authorization Credentials, Unique session key n Biometric Performance l Strength of Function

14 14 Strength of Function  False Acceptance Rate

15 15 Statistical Confidence – Cost of Testing Number of trials limits the extent of the performance claim Tests are expensive n = 14,111  FAR  0.001 Based on normal approximation   0.0245, and so  = z*  /  n  0.00034. Thus, we have 95% confidence that FAR = 0.0006  0.0003, or 1/1000.

16 16 Conclusions Biometrics can be evaluated within a security context Powerful combination with cryptography Common Criteria Evaluation for biometrics Methodology evaluation working group Biometric Protection Profiles colin.soutar@bioscrypt.com

Download ppt "Biometrics and Security Colin Soutar, CTO Bioscrypt Inc. 10th CACR Information Security Workshop May 8th, 2002."

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Match On Card Technology and its use for PKI Mgr. Miroslav Valeš Sales Manager Eastern Europe May 9, 2001 CATE 2001 Security and Protection.

Match On Card Technology and its use for PKI Mgr. Miroslav Valeš Sales Manager Eastern Europe May 9, 2001 CATE 2001 Security and Protection.
Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
SPEKE S imple Password-authenticated Exponential Key Exchange Robert Mol Phoenix Technologies.

SPEKE S imple Password-authenticated Exponential Key Exchange Robert Mol Phoenix Technologies.
Hardware Cryptographic Coprocessor Peter R. Wihl Security in Software.

Hardware Cryptographic Coprocessor Peter R. Wihl Security in Software.
Fuzzy Vaults: Toward Secure Client-Side Matching Ari Juels RSA Laboratories 10th CACR Information Security Workshop 8 May 2002 LABORATORIES.

Fuzzy Vaults: Toward Secure Client-Side Matching Ari Juels RSA Laboratories 10th CACR Information Security Workshop 8 May 2002 LABORATORIES.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
SAP checks if USER ID & Password combination is valid. No identification. User requests Log-on, enters USER ID & Password, (not necessarily their own)!

SAP checks if USER ID & Password combination is valid. No identification. User requests Log-on, enters USER ID & Password, (not necessarily their own)!
Authentication & Kerberos

Authentication & Kerberos
Cryptography and Network Security Chapter 15 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 15 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Security Controls – What Works

Security Controls – What Works
User Managed Privacy Using Distributed Trust Privacy and Security Research Workshop Carnegie Mellon University May 29-30, 2002 Lark M. Allen / Wave Systems.

User Managed Privacy Using Distributed Trust Privacy and Security Research Workshop Carnegie Mellon University May 29-30, 2002 Lark M. Allen / Wave Systems.
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
Copyright © 1995-2003 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.
Introduction (Pendahuluan)  Information Security.

Introduction (Pendahuluan)  Information Security.
Remote Networking Architectures

Remote Networking Architectures
Certificate and Key Storage Tokens and Software

Certificate and Key Storage Tokens and Software
OV 11 - 1 Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.

OV Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.
Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam.

Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam.

Similar presentations

Ads by Google