Securing Next- generation Mobile Platf orms: The User- to- Device Authentication I ssue MPSoC (August 2006) Srivaths Ravi (Email: sravi@nec- labs. com) NEC Laboratories America Princeton, NJ
Security Requirements of Mobile Appliances Secure User User Storage Identification Identification •Securit y is only as st rong as it s Secure weakest link Secure SW Content •Passwords Execution can be t he weakest link Secure Secure Data Network Communications Access Srivaths Ravi NEC Labs America
A Case f or Biometrics • Convent ional solut ions ( E.g., passwords, Tokens) – Easy- to- break: Most commonly used password is “password” – Cumbersome: 30% of system- admin help desk calls are reset requests • Cost of insecurit y is very high 3. 3 million identity thef ts in U. S. (2002) – 6. 7 million victims of credit card f raud – – US$ 10 billion loss per year due to identity thef t (Gartner, 2002) US$ 10 billion – • Solut ion: Use of biomet rics • Solut ion: Use of biomet rics • Physiological t rait s t hat are unique t o an individual & easily quant if iable – Fingerprint – Voice Face recognition Fingerprint Voice recognition – Face – I ris – Hand geometry Srivaths Ravi NEC Labs America
Biometric Technologies: Market Projections 5000 • Growt h +35% per 4500 Revenues ( US$, MILLIONS) annum 4000 – I n response to 3500 increasing needs 3000 f or security 2500 2000 1500 1000 500 Signature-Scan 0 3% Voice-Scan 2003 2004 2005 2006 2007 Iris-Scan 4% 6% Finger-Scan Source: International Biometrics Group 49% Facial-Scan 15% • Market breakdown by Technology (2001) – Fingerprint (49%) – Face (15%) Hand-Scan 11% – Voice (4%) Middleware 12% Srivaths Ravi NEC Labs America
How does Biometric Authentication Work? (An Example: Fingerprint) Enrollment User Processing Template Acquisition device minutiae database system Template minutiae database Verif ication User 1 Granted User 1 Processing Acquisition User 2 device system Denied User 2 Srivaths Ravi NEC Labs America
Challenges in Mobile Biometrics: Perf ormance SA-1110 Pentium4 3500 120 Processor MIPS • Heavy workload can easily 3000 Run time (sec) 100 overwhelm embedded processors in 2500 80 mobile t erminals! 2000 60 – E. g. , High- f idelity f ingerprint 1500 verif ication on a PDA with 40 1000 206MHz StrongARM CPU takes 20 500 > 100 sec ! 0 0 Desktop iPAQ • Current solut ions – Using better sensors: MORE COST MORE COST – Dedicated chip f or biometric authentication: MORE COST MORE COST – Trade- of f between perf ormance and accuracy • E. g. , skip image enhancement steps • LOWER ACCURACY • LOWER ACCURACY Srivaths Ravi NEC Labs America
Challenges in Mobile Biometrics: Accuracy Test Test False Reject False Parameter Rate Accept Rate Fingerprint FVC 20 years 2% 2% [2004] (average age) Face FRVT Varied 10% 1% [2002] Lighting (outdoor/ ind oor) Voice NI ST Text 10- 20% 2- 5% [2000] independent (Courtesy: Anil Jain, MSU) × High inaccuracies f or uni-modal biomet ric t echnologies × Can deny legal user ent ry × Can provide unaut horized user access × Poor User Experience × Poor User Experience × × Low Securit y Low Securit y Srivaths Ravi NEC Labs America
Challenges in Mobile Biometrics: Vulnerability to Attacks Replay previous Fake biometric data Sensor • Several points of Replace feature vulnerabilities in a Compromise extractor output biometric system Feature Extractor feature extractor Alter transmitted template Modify Matcher Template(s) matcher 0.7 Source: Info. Security TR, 2002 Override Attack 0.6 Success Ratio Decision decision template database 0.5 0.4 0.3 • Success ratio of attacks can be 0.2 very high 0.1 • E.g. Spoofing with Playdoh molds 0 on various fingerprint scanners Optical Capacitive electric Capacitive Opto- DC DC Scanners Srivaths Ravi NEC Labs America
Summary of Challenges • Perf ormance Gap – Comput at ional workload of biomet ric aut hent icat ion algorit hms can overwhelm embedded processor capabilit ies Accuracy • – Biomet ric aut hent icat ion accuracy (f alse accept / rej ect ) needs t o be signif icant ly improved Attack Resistance • – Prot ect t he aut hent icat ion process f rom implement at ion at t acks (physical, SW,..) Srivaths Ravi NEC Labs America
HW/ SW Multimodal Biometric Platf orm � Multi-modal biometric manager SW � Higher security by Services combining biometrics User Encrypted Secure � Multi-threaded for Authentication FS Transactions efficient utilization of multi-processor platforms Multimodal Biometric Manager � Mobile biometric processor � Custom instruction set MW Face Voice Fingerprint accelerates biometric algorithms Common Biometric and Crypto Libraries � Over 10X speedup OS � Low overheads Multi-Processor Operating System � Attack resistance Co-processor � Several elements Scratch CPU2 CPU0 CPU1 including boot-time HW pad PE verification, runtime protection using access control monitors, etc. Srivaths Ravi NEC Labs America
Benef its: Faster Authentication 30 • Example (Face Authentication) SW (Orig) 25 – PCA/ LDA Time (sec) +FP – Bayesian 20 • Evaluation +CodeOpt – A commercial 2. 3X +Cust om I nst r. 15 embedded processor 4. 8X +Copro – Open-source f ace 10 recognit ion SW (CSU) – I mage Dat abase: 3. 2X 5. 0X 5 FERET (NI ST) 8. 1X 0 Verif icat ion Verif icat ion (Bayesian) (PCA/ LDA) Enhancement ) (PCA/ LDA) Enrollment Enrollment (Bayesian) SW (opt) I mage SW Perf ormance Results Architecture Srivaths Ravi NEC Labs America
Benef its: I mproved Accuracy A Bi- modal biometric architecture using f ace and f ingerprint Sensor 1 Sensor 2 Feature Extractor 1 Feature Extractor 2 Matcher 1 Fingerprint Matcher 2 Face Template(s) Template(s) Matching 100 Decision Module Parameters Face+Fingerprint Accept/ Reject Genuine Accept Rate (%) 90 80 Signif icant improvement in accuracy Fingerprint 70 when f ace and f ingerprint based biometrics are combined Face 60 Courtesy: Anil Jain, MSU 50 0.001 0.01 0.1 1 10 100 False Accept Rate (%) Log Scale Srivaths Ravi NEC Labs America
Recommend
More recommend
