Mais conteúdo relacionado
Semelhante a Biometrics - Basics (20)
Biometrics - Basics
- 2. Franck Franchin - © 2013
Automated process to identity and authenticate
humans based on one or more physical or
behavioral traits
Based on assessment that each human being is
unique and that this uniqueness allows
identification
2
- 3. Franck Franchin - © 2013
You have to prove who you are ?
◦ Something you know: PIN, password...
◦ Something you have: key, token, card...
◦ Something you are: a biometric…
Biometrics encompass:
◦ Voice
◦ Fingerprint & Palmprint
◦ Facial Recognition
◦ Eye (iris, retinal patterns)
◦ Vein
Because it can be fooled, it should be implemented into
2-factor or 3-factor authentication
3
- 4. Franck Franchin - © 2013
Unique ID
Third Authentication Factor
Hard to forge by basic hackers
Forget, Loss, Stealth and Borrow most difficult…
Allows to know WHO did WHAT, WHERE and
WHEN
Unequivocally link to acting person
(accountability)
4
- 5. Franck Franchin - © 2013
Success Rate Issue (dirt for finger, diabete for
eye, flu for voice)
Privacy
Revocation
Cost
Permanence risk (resistance to ageing)
Acceptability by people
5
- 6. Franck Franchin - © 2013
Physiological
◦ fingerprint recognition
◦ palm print recognition
◦ palm geometry
◦ facial recognition
◦ voice recognition
◦ retinal scans
◦ iris scans
Behavorial
◦ typing rhythm/patterns (keystroke)
◦ accents and speaking rhythms
◦ gait (locomotion behavior)
◦ writing speed and pressure (signature matching)
6
- 7. Franck Franchin - © 2013
Not two fingerprints are alike
High level of acceptance by people
Template easily generated from minutiae points
and/or ridges and/or valleys
Different types of sensors : thermal, optical,
capacitance, minutiae-based
7
- 8. Franck Franchin - © 2013
Ability of discriminating identical twins with same
DNA
Low level of acceptance by people
Relatively expensive (processing power and
storage)
8
- 9. Franck Franchin - © 2013
Police
Immigration
ATM
School (library, lunch, …)
Payment in Stores
Site Access Control
9
- 10. Franck Franchin - © 2013
Enrollment
◦ Samples of the biometric are captured and processed
◦ Unique features of these samples are extracted and
computed which generates a ‘template’
◦ From this template, it’s not possible to go back to the
original biometric
Authentication or Identification
◦ The biometrics system captures the biometric of the ’live
biometric’ and searches for a match against its database
of templates
Revocation
10
- 11. Franck Franchin - © 2013
Biometrics matching process is based on
threshold detection - False acceptances/rejections
Sensor tolerance
Anonymation information loss (for some
algorythms)
Some people categories always rejected (twins,
aged people) ?
Attended or unattended system (fake/dead
finger) ?
11
- 12. Franck Franchin - © 2013
Aside IT regular vulnerabilities and risks,
biometrics solutions are sensitive to specific
threats :
◦ Attack to the biometric sensor
◦ Spoofing (cutoff finger, gummy finger, photography of iris
pattern)
◦ Mimicry (signature and voice)
◦ Eavesdropping or man-in-the middle between the sensor
and the template repository
◦ Template insertion using compromise IT or admin !
12
- 13. Franck Franchin - © 2013
How to protect the biometric template ?
◦ Hashing : template are protected, revokable and rewable
◦ But one has to prove it’s impossible to get back to the original key
(one-way function cyphering)
◦ The best solution : public-key encryption which cyphers templates
and deciphers only during access control
◦ Mix architectures involve session keys too (public-key and private
key schemes)
Innovative ways
◦ During the enrollment process, combining the biometric image
with a digital key to create a secure block of data. Key can be
then retrieved using the biometric ! (but the key is independent of
the biometric, mathematically speaking !)
13
- 14. Franck Franchin - © 2013
Once compromise, a biometric trait wouldn’t be reused –
hence if someone copy your finger, the only way to
revoke your finger would be to cut it ? Hum…
Physical biometric is different from store template !
If your password is lost or compromised, you have to
change your password AND the password access
control storage…
In biometrics, you can’t change your ‘pwd’ (aka your
biometric) but you can revoke the stored encrypted
template
14