biometric authentication: security issues m. fahim zibran february 23, 2009
Post on 20-Dec-2015
215 views
TRANSCRIPT
AuthenticationDefinition:
• “Authentication is the binding of an identity to a subject.”
• “[Any] security measure designed to establish the validity of a transmission, message, or originator, or a means of verifying an individual’s authorization to receive specific categories of information.”
Mechanisms
• knowledge based
• possession based
• physiological/behavioral trait (Biometric)
2
Biometric Authentication• Fingerprint - 7000 to 6000 BC by the ancient Assyrians and Chinese.• Clay pottery and clay seals
Security Issues
•Is biometric revocable?
•How reliably unique the biometrics are?
•How universal are the biometrics are?
•Are biometric traits invariant?
•How universal are the biometrics are?
•Biometrics have secondary uses.
Security Issues (contd.)• False sample presentation
• spoofing
• Sensor issues
• noise and distortion
• sensor characteristics
• unavailability of identical sensors
• Segmentation
• denial of service attack
• Feature extraction and QA
• exploit knowledge about algorithm
Security Issues (contd.)• Template creation
• Is it one-way function?
• Data storage
• large data size
• cryptographic hashes not applicable
• database security
• Matching
• determining set of modality
• weights on modality
Security Issues (contd.)
• Decision
• based on statistical threshold
• configurable threshold level
• susceptible to human error
Security Issues (contd.)Classification of Vulnerability
• Circumvention
• Covert acquisition (contamination)
• Collusion and Coercion
• Denial of Service (DoS)
• Repudiation