biometric security mobile

Post on 06-Aug-2015

45 Views

Category:

Documents

0 Downloads

Preview:

Click to see full reader

TRANSCRIPT

Biometric Security

for MobileTHE “WHO YOU ARE” OF AUTHENTICATION

JERRY RUGGIERI / CITIZENS BANK

1

All Authentication Options

What you know, e.g. password

What you have, e.g. soft- or hard-token

Who you are, e.g. any biometric

How you behave, e.g. adaptive

authentication

2

PasswordsYour password is “dinosaur”

October 2013 – Adobe announces 38 M passwords are compromised

Password hints posted in cleartext

Passwords not salted

Days later they’re posted online and many are soon broken

June 2012 – LinkedIn announces 7M of 150M passwords stolen

Passwords not salted

Days later they’re posted online and …

Customers using same password for Facebook, garage door openers, and banking

Passwords heavily re-used or shared

Passwords have to be remembered (and typed)

Passwords can be “cracked” (recovered)

3

Biometric Authentication Methods 4

Biometric Categories 5

Facial Recognition

Pro’s

Convenient

Liveness Test

Con’s

Lighting condition requirement

Can be faked with static and/or animated gif from

public photos

Repudiation

6

Fingerprint Pro’s

EER of around 1%

Convenience

Liveness Test

Non-repudiation

Con’s

Specialized Hardware

Finger cleanliness

Cuts to finger

Angle or pressure of placement

Biometric privacy concerns

Fingerprints can be captured easily

Search for “MythBusters Fingerprints Busted” on YouTube

7

Voice Pro’s

Convenience

Cost

EER of around 2-3%

Liveness Test

Non-repudiation

Can be authenticated remotely

Con’s

Cold or illness affecting voice

Environmental noise

Behavioral or temporal speaking differences

User education or awareness to use

8

Biometric Evaluation Factors Accuracy Factors

False Acceptance Rate (FAR)

False Rejection Rate (FRR)

Equal Error Rate (EER)

Failure To Enroll (FTE)

Failure To Capture (FTC)

Security

Usability

Integration

Cost

Privacy and Regulatory Factors

9

Equal Error Rate Curve 10

11

Apple’s Fingerprint Hardware 12

True Speaker Recordings 13

Imposter Speaker Recordings 14

Enrollment, Authentication Process 15

Biometric Distance for Imposters 16

Voice Biometric Use Cases Use Cases

Fast Balance

Step up authentication option

Online Account Opening

Login authentication

Male v. Female voices

Male frequency 85-180 Hz

Female frequency 165-255 Hz

We hear frequency as the pitch

Double the frequency we perceive it as “twice as high”

17

VoiceKeyID™ AlgorithmAuthenticates in ½ second

Runs on device, no servers needed

Configurable for low FAR (False Acceptance Rate)

Multi-lingual, any language or song or repeatable gibberish will work

Requires 10-12 syllables or 4-6 seconds of speech

Robustness against recorded attacks

Low Failure To Enroll Errors

Low Storage Requirement (50-100KB)

Secure Storage

Can identify forced failure attempts and deny them

Available for use anywhere in apps

Patent protected in US and China

18

19VoiceKeyID™ Demo App

top related