2. Slide 2
This Session…
-- Is Technical – will include an introduction/background
-- Will include Interactions, Questions and Answers…
-- The Sections….
The Start
User Authentications
Biometrics
So…
Thank You
-- Disclaimer
5. Slide 5
Nature and Man….
-- Question 2: Who is the painter? Where is it located now?
-- Depicts – “Human Being” as the supreme creation Combines: Science +
Math + Philosophy!!!!
-- “The Geometry of a Man”
References:
http://www.youtube.com/watch?v=GGUOtwDhyzc : Vitruvian Man – The
Beauty of Diagrams
http://www.youtube.com/watch?v=aMsaFP3kgqQ : Da Vinci’s Virtuvian Man
of Math - James Earle
6. Slide 6
Golden Ratio!!!
-- Question 3: What is “Golden Ratio” ?
-- Beautiful and Harmonious – It’s about Patterns!
-- Architecture and Arts – Across Cultures and Regions
-- Pyramids, Stonehenge, Parthenon, Many of the paintings, Music and
Musical Instruments, Symbols
-- Fibonacci Series
-- Nature: Conspicuous Reoccurrence, Surprisingly Oftem
-- Elliot Rafael Waves + Chaos Theory – The Influence
References:
Wikipedia
http://www.youtube.com/watch?v=O2wU-HT7FiM – Fibonacci and the Golden Mean.
http://www.youtube.com/watch?v=SjSHVDfXHQ4 : The magic of Fibonacci Numbers
7. Slide 7
So…
There is a
-- Brilliance in the design, And also is Uniformity…
-- Yet, they are unique – individually…
9. Slide 9
Question 4 : Why ?
-- Why “User Authentication” ?…
My Answers:
-- Part of our business, Daily Life
-- Always Fresh
-- Increased Awareness
-- Renewed Focus…
10. Slide 10
The Password World
– Few Facts
-- More than 70% of people revealed their passwords in exchange of a bar of
chocolate
-- 66% shared their passwords with colleagues
-- 75% knows their co-worker’s password
-- 60% use the same password for everything, including their personal
banking
-- Worst Passwords – Easy to predict
-- Own Name (16%), password (12%), football team (11%), DOB(8%)
http://www.forbes.com/sites/davelewis/2014/10/29/internet-of-things-security-vs-time-to-market/
12. Slide 12
Authentication - Basics
-- Question 6: What is “Authentication” ?
-- Examples:
Allow someone enter based on a photo id card
Entry into a Cinema Hall
ATM Withdrawal
Access a secured website, say Internet Banking
Emigration Clearance in an airport
Degree Certificate – Original or Not?
Checking the authority of a person…
Information Authenticity – Video Tapes, Source etc
Single Sign On
Confirmation E-mails, OTP
Tracing the date of an artifact – carbon dating
SO…. What is “Authentication” ?
13. Slide 13
The Identity!
-- The Identity Crisis
-- Basics: Definition – Authentication
1 - Accepting proof of Identity
2 – Comparing the attributes of the object itself to what is known about it
3 – Establishing identity based on external affirmations
-- Lingo : Identity, Authorization, Access, Strong Authorization
-- Multi-factor Authentication - MFA
14. Slide 14
Multi-factor Authentication!
-- Knowledge factors – Something you know
[Passphrase, PIN, Challenge/Response]
-- Possession factors – Something you have
[ID Card, Token, Phone]
-- Inherence factors – Something you are
[Fingerprint, Retina, Iris, Voice, Face]
-- Dynamic factors – Something you do - Question 6
-- Hybrid [Private Keys Encrypted by a Fingerprint Device Inside a USB
Token]
-- So… How many? Who will decide? Criterion?
More Reading: https://twofactorauth.org/
15. Slide 15
Multi-factor Authentication!
-- Tokens – Connected, Disconnected, H/W, S/W, USB
Based, Audio Port Based
-- Cards – Magnetic Strip Cards, Grid Cards, Patterns
-- Wireless Tokens [RF Id, Bluetooth]
-- Software: Capcha, SSO
-- Onetime pads, iButtons These are OLD….
-- Mobile Phone Based Tokens – Soft token, SMS, QR
Code, Call, smart phone Push, Mobile Signatures, Apps
19. Slide 19
Biometrics!!!
-- What is Biometrics?
Biometric refers to "automatic" identification of a person, based on her
physiological or behavioral characteristics.
As a characteristic: is a measurable characteristic of an individual
As a Process: Automated Methods of Recognizing an individual based on the
measurable characterstic
20. Slide 20
Biometrics – Timelines…
1858: First systematic capture of hand images for identification is recorded
1870: Bertillon develops anthropometrics to identify individuals
1892: Galton develops a classification system for fingerprints
1896: Henry develops a finger print classification system
1936: Concept of using the iris pattern for identification is proposed
1960s: Face recognition becomes semi-automated
1960: First model of acoustic speech production is created
1965: Automated signature recognition research begins
1969: FBI pushes to make fingerprint recognition an automated process
1974: First commercial hand geometry systems become available
1986: Exchange of fingerprint minutiae data standard is published
1988: First semi-automated facial recognition system is deployed
1992: Biometric Consortium is established within US Government
1997: First commercial, generic biometric interoperability standard published
1999: FBI's IAFIS major components become operational
2002: M1 Technical Committee on Biometrics is formed
2003: Formal US Government coordination of biometric activities begins
2004: US-VISIT program becomes operational
2004: DOD implements ABIS
2005: US patent on iris recognition concept expire
21. Slide 21
Biometrics – Predecessors…
-- Handprints may have acted as a signature….
-- 500 BC – Fingerprint Usage as a person’s mark – settling transactions
-- Chinese used fingerprints and footprints to differentiate children
-- Early Egyptians:
Traders were identified by their physical description
Differentiate between trusted traders and new traders
25. Slide 25
Finger Prints – Few Facts
-- Oldest form of Biormterics; Widely in practice
-- Highly Reliable
-- Uses distinctive features of Fingerprints: Ridges,
Spurs, Bridges, Patterns
--
--
--
26. Slide 26
Iris Scan – Few Facts
-- Iris is a protected internal organ whose random
texture is stable throughout life
-- High degree of randomness; No 2 iris are identical
-- Stable in a persons life
-- Infra red / High Resolution Photograph
-- Iris Unique Characteristics: Ridges (Rings),
Furrows, Striations (freckles)
--
27. Slide 27
Other Biometrics…
-- Voice Scan: Measures sound waves of a human
speech; Voice print compared to a previous one.
-- Signature Scan: Measures speed, pressure, stroke
order of a signature
-- Retina Scan: Measures Unique characterestics of a
retina; Blood vessel patterns, Vein Patterns
-- Facial Scan: camera measures the following facial
features: Distance between eyes, eyes and nose
ridge, angles of cheek, slope of the nose, Facial
Temperatures
-- Hand Scan: Measures Top and Side of a hand – Not
the palm [Hand Geometry]
29. Slide 29
Biometrics – Areas
-- Identification Systems: Who am I ?
[Determine Identity]
-- Verification Systems: Am I who I claim to be ?
[Authenticate Identity]
-- In short, Determine or Authenticate Authority!
--Verification Systems:
More Accurate
Less Expensive
Faster
Limited in Functionality
More Efforts by User than Computer
33. Slide 33
Biometrics – Pros
-- Cannot be manipulated by Brute Force
-- Not easy to Copy or Steal and Avoids Lost Identity
Cases
-- No Need to memorize
-- Natural
-- Happens in Real Time, and in a Definitive Manner
34. Slide 34
Question 6: Biometrics – Cons
-- Can be faded with time : Fingerprint, Voice [Answer]
-- Not still matured – For example Fingerprint
-- Standards are not in place yet – Replacement, if Lost
-- Not easy to introduce variability
-- Still Expensive
-- Replacement, if Lost
-- Cultural/Religious Issues
-- Privacy Concerns of misuse
36. Slide 36
So, What are we guarding against ?
Question
Simple – “Unauthorized Access”
And what are the threats ? [Question]
--- Stealing
--- Confidence Tricks
--- Technical Tricks [Local, Remote]
--- Victim Mistakes
--- Implementation Oversights
--- DoS Attacks
--- Enrollment Attacks
https://www.owasp.org/index.php/Comprehensive_list_of_Threats_to_Authe
ntication_Procedures_and_Data
37. Slide 37
Concluding Remarks
-- IdM – is a new area of business and it is Serious!
-- Biometrics – You cannot ignore it!
-- Challenge is to make it simpler – the “User Experience”
around it…
-- User Authentication is an area that demands 100%
perfection without compromise!!!