ga10 people and security lecture 3 biometrics
play

GA10 People and Security Lecture 3: Biometrics Applying risk - PDF document

Jan 28, 2024 •119 likes •654 views

GA10 People and Security Lecture 3: Biometrics Applying risk analysis Goals of this lecture Brief introduction to biometrics Context: ICAO,US Visit and the ID cards programme Issues with current equipment Performance

  1. GA10 People and Security Lecture 3: Biometrics

  2. Applying risk analysis Goals of this lecture • Brief introduction to biometrics • Context: ICAO,US Visit and the ID cards programme • Issues with current equipment – Performance – Usability – User Acceptance • How secure are biometrics?

  3. Applying risk analysis Basics on biometrics • Enrolment and subsequent – verification (through ID + biometric), or – identification (biometric only) • Full images or templates – Passports requires images, templates are more efficient • Size of database affects performance

  4. Applying risk analysis Physical biometrics • Fingerprint • Finger / Palm Vein • Hand geometry • Face recognition • Iris • Retina • Earshape

  5. Applying risk analysis Behavioural biometrics • Voice print • Dynamic Signature Recognition (DSR) • Typing pattern • Gait recognition • Heart rate analysis

  6. Applying risk analysis Fingerprint recognition • Applications – Authentication/Access control • Doors • PCs/laptops • US Visit programme (http://www.dhs.gov/dhspublic/interapp/content_multi_image /content_multi_image_0006.xml)

  7. Applying risk analysis Hand geometry • Applications – Authentication (e.g. INSPASS program) • Usability – Easier to position hand than fingers – Less susceptible to small injuries – Hygiene concerns

  8. Applying risk analysis Voice recognition applications • Applications – Speaker recognition – Telephony-based interactions (home banking and insurance) – Lie detector • Usability issues – Speaker training – Voice changes – colds etc. – Background noise

  9. Applying risk analysis Dynamic Signature Recognition • Applications – Electronic documents with signature: contracts, mortgage agreements – Anything that needs signing • Usability issues – Natural interaction that most users understand, but difficult on handhelds – Declaration of will

  10. Applying risk analysis Biometrics Authentication

  11. Applying risk analysis Enrolment • Crucial for security and subsequent performance – In some context, identity of enrolee needs to be checked – Biometrics enrolled need to be • genuine (see attacks) • good enough quality to work • Enrolment procedure needs to be formalised – Staff need to be trained – Staff need to be trustworthy or closely checked • Time taken to carry out enrolment often under-estimated

  12. Applying risk analysis Failure to Enrol (FTE) & Failure to Acquire (FTA) • FTEs and FTAs threaten Universal Access • Reasons for FTE/FTA – Biometric not present – Biometric not sufficiently prominent or stable • Finger – wearing down of fingerprints, callouses (manual work, chemicals, sports, age), deformation, arthritis • Iris – missing iris, very dark eyes, glasses or contacts (reflection or frame), drooping eyelids • Face – veils, eyepatches, headcoverings, severe disfigurement, inability to keep still

  13. Applying risk analysis Context • International developments – ICAO agreement – US Visit • UK ID legislation – Stand-alone ID card for everyone over 16 – 3 biometrics (face, 10 finger, 2 iris) on card, and in National Identity Register – Access by govt departments, federated ID – Access by commercial organisations

  14. Applying risk analysis Example FTE rates from UKPS enrolment trial Face Iris Finger Quota 0.15% 12.30% 0.69% Disabled 2.73% 39% 3.91%

  15. Applying risk analysis False Acceptance Rate (FAR) & False Rejection Rates (FRR) • FAR – accepting user who is not registered – mistaking one registered user for another – ICAO: FAR of .01% is regarded as acceptable • FRR • – rejecting registered user • High FRRs reduce usability, high FARs reduce security – customer-based applications tend to raise FAR

  16. Applying risk analysis Performance • User performance depends on – frequency of use: • Frequent users complete faster and with fewer errors, infrequent users need step-by-step guidance and detailed feedback – Degree of cooperation – Total usage time (not just for matching)

  17. Applying risk analysis

  18. Applying risk analysis

  19. Applying risk analysis "W e w ere aim ing for it to scan 1 2 pupils a m inute, but it w as only m anaging 5 so has been tem porarily suspended as w e do not w ant pupils' m eals getting cold w hile they w ait in the queue." Careful balancing of business process requirements and security requirements needed

  20. Applying risk analysis Total Usage Process • Time quoted by suppliers often only refer to capture of live image & matching – Walk up to machine – Put down bags, remove hats, etc. – Find token (if used) – Put on token (if used) – Read token – Wait for live image to be captured & matched – Walk away & free machine for next user – Plus average number of rejections & re-tries Average usage time in BioPII 12-20 seconds, longer with infrequent users

  21. Applying risk analysis FRR rates from UKPS enrolment trial Face Iris Finger Quota 30.82% 1.75% 11.70% 39 sec 58 sec 1 min 13 sec Disabled 51.57% 8.22% 16.35% 1 min 3 sec 1 min 18 sec 1 min 20 sec

  22. Applying risk analysis Example: Disney Orlando • Goal: revenue protection • Technology: hand geometry • Users: season ticket holders (4000) • Performance: – High FAR threshold (5% +) – Soft response to rejections – 9-10 secs, ops people grumble: 5 secs needed

  23. Applying risk analysis Example: Smartgate Sydney Airport • Problem: speedy & secure immigration • Technology: Face recognition system • Users: Quantas air crew (2000) • Performance: – FAR “less than 1%” – FRR 2% – “could be faster” (average 12 secs) • Several re-designs necessary, including updating of image templates

  24. Applying risk analysis Usability Issues: Finger • Which finger? • How to position – Where on sensor? – Which part of finger? – Straight or sideways? • Problems: arthritis, long fingernails, handcreme, circulation problems

  25. Applying risk analysis Which finger?

  26. Applying risk analysis Finger position?

  27. Applying risk analysis Usability Issues: Iris • What is it – iris or face? • One or both eyes? • One eye: how to focus? • Distance adjustment • Positioning – “rocking” or “swaying” • Glasses and contact lenses – about half of population wear them – Target area difficult to see when glasses are removed

  28. Applying risk analysis Focussing

  29. Applying risk analysis Height adjustment • Often not sufficient for very short (under 1.55 m) or very tall (over 2.10) people, or wheelchair users • Need to use hand to adjust – If card needs to be held, other things users carry or hold need to be put down

  30. Applying risk analysis Height adjustment

  31. Applying risk analysis … but users may not realise this … or be reluctant to touch equipment, or think it takes too long

  32. Applying risk analysis Usability Issues: Face • What is it? • Where do I stand? • Where do I look/what am I looking at? • Standing straight, keeping still • “Neutral expression” • Hats, changes in (facial) hair, makeup

  33. Applying risk analysis Distance

  34. Applying risk analysis “Neutral expression”

  35. Applying risk analysis UK Passport Service Trial • Best performing: iris with “normal” users – FRR 4% • Worst performing: face recognition with disabled users - FRR 30% • Verification time: 40-80 secs • With a database of 10.000 people

  36. Applying risk analysis User Acceptance • Acceptance requires – perceived need for security – trust in operator – convenience, or at least usability

  37. Applying risk analysis User Acceptance Issues –Finger • Hygiene, Hygiene, Hygiene • Association with forensics/criminals • Finger chopped off

  38. Applying risk analysis

  39. Applying risk analysis

  40. Applying risk analysis Liveness detection • Detects movement, pulse, blood flow • Fitted to several systems, but tends to increase FRR • Users: fine, but do the criminals know about it?

  41. Applying risk analysis User Acceptance Issues - Iris • Iris – Risk to health (e.g. damage to eyes, triggering epilepsy) – Covert medical diagnosis • Illnesses (iridiology) • Pregnancy • Drugs • “Minority Report” attacks

  42. Applying risk analysis User Acceptance Issues - Face • Covert identification • Surveillance/tracking – Direct marketing

  43. Applying risk analysis User Acceptance – General Issues • Data protection – threat to privacy • Abuse by employer, commercial organisations, state, or malicious individuals – Increasing capability of technology – e.g. iris recognition at a distance – Integration with other technologies – e.g. RFID • Doubts about reliability – Sophisticated attackers – Can governement really keep systems secure? – Cheap systems and successful attacks erode confidence

  44. Applying risk analysis

  45. Applying risk analysis

Recommend

Biometrics and Security Biometrics and Security Biometrics and Security Biometrics and Security

Biometrics and Security Biometrics and Security Biometrics and Security Biometrics and Security

Biometrics and Security Biometrics and Security Biometrics and Security Biometrics and Security WS 06/07 Seminar Prof. Dr.-Ing. Jana Dittmann & Dr.-Ing. Claus Vielhauer with support from Tobias Scheidat

419 views • 16 slides
Biometrics & Privacy Stefan Katzenbeisser Security Engineering Group Technische Universitt

Biometrics & Privacy Stefan Katzenbeisser Security Engineering Group Technische Universitt

Biometrics & Privacy Stefan Katzenbeisser Security Engineering Group Technische Universitt Darmstadt skatzenbeisser@acm.org http://www.seceng.informatik.tu-darmstadt.de 1 Biometrics Goal : Identification of people through

286 views • 14 slides
CSCI E-170: Computer Security, Privacy and Usability Hour #2: Biometrics Biometrics Something

CSCI E-170: Computer Security, Privacy and Usability Hour #2: Biometrics Biometrics Something

CSCI E-170: Computer Security, Privacy and Usability Hour #2: Biometrics Biometrics Something that you know Something that you have Something that you are Uses of Biometrics: Simple: Verification Is this who he claims to be?

592 views • 40 slides
CS 528 Mobile and Ubiquitous Computing Lecture 10b: Mobile Security and Mobile Measurements

CS 528 Mobile and Ubiquitous Computing Lecture 10b: Mobile Security and Mobile Measurements

CS 528 Mobile and Ubiquitous Computing Lecture 10b: Mobile Security and Mobile Measurements Emmanuel Agu Authentication using Biometrics Biometrics Passwords tough to remember, manage Many users have simple passwords (e.g. 1234) or do

780 views • 54 slides
CS 528 Mobile and Ubiquitous Computing Lecture 11b: Mobile Security and Mobile Software

CS 528 Mobile and Ubiquitous Computing Lecture 11b: Mobile Security and Mobile Software

CS 528 Mobile and Ubiquitous Computing Lecture 11b: Mobile Security and Mobile Software Vulnerabilities Emmanuel Agu Authentication using Biometrics Biometrics Passwords tough to remember, manage Many users have simple passwords (e.g.

506 views • 34 slides
CS 528 Mobile and Ubiquitous Computing Lecture 9b: Mobile Security and Mobile Measurements

CS 528 Mobile and Ubiquitous Computing Lecture 9b: Mobile Security and Mobile Measurements

CS 528 Mobile and Ubiquitous Computing Lecture 9b: Mobile Security and Mobile Measurements Emmanuel Agu Authentication using Biometrics Biometrics Passwords tough to remember, manage Many users have simple passwords (e.g. 1234) or do

827 views • 54 slides
Mobile and Ubiquitous Computing on Smartphones Lecture 10b: Mobile Security and Mobile Software

Mobile and Ubiquitous Computing on Smartphones Lecture 10b: Mobile Security and Mobile Software

Mobile and Ubiquitous Computing on Smartphones Lecture 10b: Mobile Security and Mobile Software Vulnerabilities Emmanuel Agu Authentication using Biometrics Biometrics Passwords tough to remember, manage Many users have simple passwords

520 views • 38 slides
P Protected biometrics for Identity Trust Protected biometrics for Identity Trust P t t t d

P Protected biometrics for Identity Trust Protected biometrics for Identity Trust P t t t d

P Protected biometrics for Identity Trust Protected biometrics for Identity Trust P t t t d bi t d bi t i t i f f Id Id tit T tit T t t RISE - Awareness of Biometrics and Security Ethics y By Nicolas DELVAUX

625 views • 20 slides
Recognize people by the way they type Typing Biometrics Authentication Cybercrime & identity

Recognize people by the way they type Typing Biometrics Authentication Cybercrime & identity

Typing Biometrics Authentication Recognize people by the way they type Typing Biometrics Authentication Cybercrime & identity theft 17 million victims $30 billion / year Typing Biometrics Authentication The way you type is unique Typing

143 views • 10 slides
BIOMETRICS Security Systems 5338025 Hyungseok C. 5418102 Wooram L. 5655248 Jutamas T.

BIOMETRICS Security Systems 5338025 Hyungseok C. 5418102 Wooram L. 5655248 Jutamas T.

BIS4857 Internet Security BIOMETRICS Security Systems 5338025 Hyungseok C. 5418102 Wooram L. 5655248 Jutamas T. CONTENTS What is Biometric Security System? Evolution of Biometric Security Systems Types of Biometric Security

783 views • 29 slides
Biometrics Outline Biometrics What is a Biometric Signature? What is an Authentication

Biometrics Outline Biometrics What is a Biometric Signature? What is an Authentication

Biometrics Outline Biometrics What is a Biometric Signature? What is an Authentication System? How does a Biometric System work? Biometric Comparisons Types of Biometrics Fingerprint-Scan Iris-Scan 2 BIOMETRICS

568 views • 36 slides
Helper data schemes for privacy-preserving biometrics Boris kori TU Eindhoven van der

Helper data schemes for privacy-preserving biometrics Boris kori TU Eindhoven van der

Helper data schemes for privacy-preserving biometrics Boris kori TU Eindhoven van der Meulen seminar Leuven, December 2011 1 Outline Security with noisy data - biometrics & privacy - Physical Unclonable Functions (PUFs)

828 views • 39 slides
CSCE 790 Computer Systems Security Biometrics (Something You Are) Professor Qiang Zeng

CSCE 790 Computer Systems Security Biometrics (Something You Are) Professor Qiang Zeng

CSCE 790 Computer Systems Security Biometrics (Something You Are) Professor Qiang Zeng Spring 2020 Previous Class Credentials Something you know (Knowledge factors) Something you have (Possession factors) Something

506 views • 24 slides
Multi Modal Biometrics for O One Billion People Billi P l Raj Mashruwala, UIDAI and Salil

Multi Modal Biometrics for O One Billion People Billi P l Raj Mashruwala, UIDAI and Salil

Multi Modal Biometrics for O One Billion People Billi P l Raj Mashruwala, UIDAI and Salil Prabhakar, The World Bank Agenda Agenda g Need Mandate UID 101 UID 101 Strategy Biometric Architecture PoC Thesis

1.07k views • 43 slides
Biometrics & Security Seminar Fingerprint-based Fuzzy Vault: Implementation and Performance

Biometrics & Security Seminar Fingerprint-based Fuzzy Vault: Implementation and Performance

Biometrics & Security Seminar Fingerprint-based Fuzzy Vault: Implementation and Performance Based on the journal article of K. Nandakumar, A. K. Jain and S. Pankanti Presenter: Marko Pascan Seminar instructors: Laila El Aimani and Deniz

831 views • 50 slides
SSB AND BIOMETRICS: SAFEGUARDING YOUR IDENTITY AND YOUR MONEY October 2019 Social Security

SSB AND BIOMETRICS: SAFEGUARDING YOUR IDENTITY AND YOUR MONEY October 2019 Social Security

SSB AND BIOMETRICS: SAFEGUARDING YOUR IDENTITY AND YOUR MONEY October 2019 Social Security Board: Safeguarding YOU, your FAMILY, your FUTURE! What is Biometrics Anyways? Social Security Board: Safeguarding You, your Family, your Future!

813 views • 31 slides
Mobile Biometrics: Trends and Issues Jan. 11. 2017 Jaihie Kim Yonsei University Outlines 1

Mobile Biometrics: Trends and Issues Jan. 11. 2017 Jaihie Kim Yonsei University Outlines 1

Mobile Biometrics: Trends and Issues Jan. 11. 2017 Jaihie Kim Yonsei University Outlines 1 Biometrics Intro Mobile Biometrics: for you 2 3 Mobile Biometrics: for me Issues in Mobile Biometrics 4 Concluding Remarks 5 1. Why

849 views • 74 slides
Usable Biometrics Joshua Debner What kind of Biometrics? Physiological - Body Parts

Usable Biometrics Joshua Debner What kind of Biometrics? Physiological - Body Parts

Usable Biometrics Joshua Debner What kind of Biometrics? Physiological - Body Parts Specifically What Kind? Technologies dealing with your face... Facial Recognition Iris Recognition Retinal Scan Biometric Requirements FAR / FMR FRR /

415 views • 18 slides
Outline Privacy Protection for Biometrics Personal Background Threats of biometrics template

Outline Privacy Protection for Biometrics Personal Background Threats of biometrics template

Outline Privacy Protection for Biometrics Personal Background Threats of biometrics template leakage Authentication Systems Methods of template protection Implementation of template protection Kazuhiko Sumi Problems to be solved Graduate

362 views • 9 slides
Authentication: Beyond Passwords Prof. Tom Austin San Jos State University Biometrics

Authentication: Beyond Passwords Prof. Tom Austin San Jos State University Biometrics

CS 166: Information Security Authentication: Beyond Passwords Prof. Tom Austin San Jos State University Biometrics Something You Are Biometric You are your key Schneier Examples Fingerprint Are Handwritten

800 views • 32 slides
The sky is falling Nephological tales of security woe Ben Toews Snakeoil as a Service People are

The sky is falling Nephological tales of security woe Ben Toews Snakeoil as a Service People are

The sky is falling Nephological tales of security woe Ben Toews Snakeoil as a Service People are concerned about security these days - - People arent sure about the security impact of the cloud - Scared people are good customers - Lots of

588 views • 41 slides
BHF Conference 1 | MORPHO RESTRICTED QUESTION Why is Biometrics use so crucial to the

BHF Conference 1 | MORPHO RESTRICTED QUESTION Why is Biometrics use so crucial to the

Biometrics in HEALTHCARE CAPE TOWN, 18 July 2017 Positively Identifying Patient and Managing Membership Efficiently BHF Conference 1 | MORPHO RESTRICTED QUESTION Why is Biometrics use so crucial to the Healthcare sector? ANSWER Lets

583 views • 21 slides
Introduction to Computer Security Why do we need computer security? What are our goals and

Introduction to Computer Security Why do we need computer security? What are our goals and

Introduction to Computer Security Why do we need computer security? What are our goals and what threatens them? Lecture 1 Page 1 CS 236 Online Why Is Security Necessary? Because people arent always nice Because a lot of

415 views • 25 slides
Soft Biometrics and Continuous Authentication DR. TERENCE SIM SCHOOL OF COMPUTING NATIONAL

Soft Biometrics and Continuous Authentication DR. TERENCE SIM SCHOOL OF COMPUTING NATIONAL

Soft Biometrics and Continuous Authentication DR. TERENCE SIM SCHOOL OF COMPUTING NATIONAL UNIVERSITY OF SINGAPORE Brief Bio Associate Professor & Vice Dean Research: face recognition, biometrics, computational photography PhD

1.01k views • 73 slides

More recommend