P Protected biometrics for Identity Trust Protected biometrics for - PowerPoint PPT Presentation

P Protected biometrics for Identity Trust Protected biometrics for Identity Trust P t t t d bi t d bi t i t i f f Id Id tit T tit T t t RISE - Awareness of Biometrics and Security Ethics y By Nicolas DELVAUX nicolas.delvaux@sagem.com Hong-Kong, 5 th of January 2010 DOCUMENT INTERNE - Equipe Marketing / 20 février 2010 0

SAFRAN AT A GLANCE  An international high technology group  More than 12 billion Euros sales in 2007 (At December 31, 2007)  58 200 employees in over 30 countries  58,200 employees in over 30 countries (At September 30, 2008)  Three branches of activity: - Aerospace propulsion - Aircraft equipment - Defense Security  Sagem Sécurité: worldwide leading positions  Multi modal biometrics solutions  ID  ID solutions l ti  Biometric terminals (access control)  Automated fingerprint identification systems  Secure ID documents including biometric features (passports, H&ID cards, driving licenses) Sagem Sécurité / DTS / ND / RISE – 05 Jan 2010 1

Sagem Sécurité / DTS / ND / RISE – 05 Jan 2010 2

Agenda 1. An Identity use case - from Passport to e-Passport: a short survey 1 2. Identity : a new field for organised crime 3. Biometrics for identity : strategies for trustworthy framework 4. Conclusion Sagem Sécurité / DTS / ND / RISE – 05 Jan 2010 3

An Identity use case - from Passport to e-Passport: a short survey DOCUMENT INTERNE - Equipe Marketing / 20 février 2010 4

Travel document : passport usage  Process for identity verification: 1. 1 T To authenticate the travel document: issuer, securities, etc… th ti t th t l d t i iti t 2. To check document personalisation 3. 3 To check the link between document data and holder To check the link between document data and holder  Majors identity’s issues j y  Fake travel documents  Genuine travel document with fraudulent personalisation  Stolen travel document with photo substitution Stolen travel document with photo substitution  Impostor using similarity with the genuine travel document holder Sagem Sécurité / DTS / ND / RISE – 05 Jan 2010 5

Challenging issues for checking process Genuine document Facial similarity Sagem Sécurité / DTS / ND / RISE – 05 Jan 2010 6

Identity on e-Passport: more authentication factors  ICAO 9303 introduces major updates  Electronic: to authenticate the genuine travel document and information  El t i t th ti t th i t l d t d i f ti consistency by electronic signature  Biometrics features: face (M), fingerprint and iris to link the document and the holder To be: To know: PIN biometrics biometrics To have: token 1 2 3 4 5 6 7 8 9 * 0 # Sagem Sécurité / DTS / ND / RISE – 05 Jan 2010 7

Identity : a new field for organised crime y g DOCUMENT INTERNE - Equipe Marketing / 20 février 2010 8

Biometric authentication  Biometrics technologies is not restricted to law enforcement  Since 90’s: large scale civil application for civil registry, welfare, etc. Since 90 s: large scale civil application for civil registry, welfare, etc.  Need for ID fraud prevention  US: $50 billions / year (source: Javelin Strategy & Research Survey – 2007 )  UK: £1.7 billions / year  UK £1 7 billi / (source: 2006 Home office report)  France:  France: € 6.2 Billions / year for welfare organizations € 474 Millions for 212,762 victims in 2008, (source CREDOC, June 2009) Sagem Sécurité / DTS / ND / RISE – 05 Jan 2010 9

Biometrics as Security Enhanced Technology for Identity  Identity management is a security target for the future  Biometrics: individual authentication or identification based on physiological / behavioral traits of individuals  Many modalities : fingerprint, face, iris, vein, DNA..  Different performances and no « silver bullet » modality or technology  Common characteristics: Universality, Uniqueness, Permanence, Collectability y, q , , y  As any stage, use of biometrics can potentially raise privacy & securiy concerns:  Misuse / Abuse breach function Creep  Misuse / Abuse, breach,function Creep  Collected without consent: collected from a trace, from a data base,  Nobody can revoke his/her biometrics  Protection schemes are essential! Sagem Sécurité / DTS / ND / RISE – 05 Jan 2010 10 10

ISO/IEC JTC1 SC37 Biometrics protection issues Reference Architecture Attacks Data Data Comparison Matching Decision Storage Collection Enrolment Matchi ng Compare Database Template Identity Matching Score(s) Claim Signal Candidate? Match? P Processing i Presentation Presentation T Template l t Threshold Template Candidate Match/ Creation List Non -match Biometric Characteristics Features Features Verified? Identified? Quality Control Re-acquire Sensor Feature Extraction Decision Criteria Segmentation Verification Identification Sample Sample Expansion Compression p Transmission Enrolment Channel Verification Transmission Identification Sagem Sécurité / DTS / ND / RISE – 05 Jan 2010 11 11

Biometrics for identity : strategies for trustworthy framework DOCUMENT INTERNE - Equipe Marketing / 20 février 2010 13

Biometrics protection: technological approaches  Secure token  Pros: an evaluated solution  Cons: what happens when Cons: what happens when token is cracked?  Cryptography  Pros: reliable solutions  Cons: ready for all your live  Multi-modalities  Pros: statics and dynamics mixture  Pros: statics and dynamics mixture  Cons: increase complexity only  Crypto-biometrics  Pros: revocability capability  Cons: accuracy & irreversibility Sagem Sécurité / DTS / ND / RISE – 05 Jan 2010 14 14

An implementation on bio-encryption Fingerprint biometry biometry Multiple + revocable Multivendor Multivendor identities based on the identities based on the Generation of Generation of interoperability same fingerprint protected pseudo identities Minutiae Minutiae Vendor A ID1 Hash Template ID3 protection Minutiae Minutiae Vendor B ID2 Identities are not invertible Sagem Sécurité / DTS / ND / RISE – 05 Jan 2010 15 15

Biometrics protection: Legal Approaches Solution providers in EU  Needs more developments Needs more developments  Depending MS: EU: legal Data Protection  from prior authorisation to simple framework notification  Interpretation by DPA principles:  “PROPORTIONALITY PRINCIPLE”  Directive 95/46 on personal data  Systematic warnings about biometrics protection protection databases d t b  National transposition in (27) laws  Deployment discrepancy &  different perceptions different identity management  In most MS:  I  different level of trust  diff t l l f t t t MS  no specific provisions on biometrics  Some MS:  biometric data as « sensitive data »  biometric data as sensitive data or only when reveal racial, ethnic origins or health  Needs of dedicated legal decision Sagem Sécurité / DTS / ND / RISE – 05 Jan 2010 16 16

Principles of proportionality: uses cases Time attendance Access control in sport stadium Access control in swimming pool At school (Fingerprint) Sagem Sécurité / DTS / ND / RISE – 05 Jan 2010 17 17

Biometrics database: submitted to DPA decision? Sagem Sécurité / DTS / ND / RISE – 05 Jan 2010 18 18

Conclusion Identity is a major value in society  To demonstrate Identity:  T d t t Id tit  Travel document: authentication factors by a token  Need of an additional authentication factor: biometrics modalities  Long-term mechanisms for a worldwide trust  Needs of technical and legal consistent approaches  N d f h i l d l l i h  Protect identity for citizen privacy  Protect identity for trusted relationship Protect identity for trusted relationship  Security against abuse, misuse and corruption of identity  Privacy and Security shall become “a positive-Sum Paradigm” Sagem Sécurité / DTS / ND / RISE – 05 Jan 2010 19 19

Th Thank you for your patience! Thank you for your patience! Th k k f f ti ti ! ! Protected biometrics for identity trust y RISE - Awareness of Biometrics and Security Ethics By Nicolas DELVAUX nicolas.delvaux@sagem.com @ g Hong-Kong, 5 th of January 2010 DOCUMENT INTERNE - Equipe Marketing / 20 février 2010 20