NSF Workshop on Fundamental Research Challenges for Trustworthy Biometrics 2010

Dr. Colin Soutar 1

CSC Identity and Privacy Assurance 1

Biometrics and Identity Assurance

Dr. Colin Soutar

CSC

NSF Workshop on Fundamental Research Challenges for Trustworthy Biometrics 2010

Dr. Colin Soutar 2

CSC Identity and Privacy Assurance 2

Identity Assurance Frameworks• Establish the trustworthiness of Services in Identity system

– c.f. the delegation of trust via PKI or other architecture

• Components– Identity Provider– Service Provider– Federation Broker

• Considerations– Operating Procedures– Identity Proofing (LoA)– Identity Authentication (LoA)– Privacy

• OMB 04-04/NIST SP 800-63• Kantara Initiative (formerly Liberty Alliance), STORK…• Identity Eco-system in draft of:

– National Strategy for Trusted Identities in Cyberspace

separation of identity from entitlement

NSF Workshop on Fundamental Research Challenges for Trustworthy Biometrics 2010

Dr. Colin Soutar 3

CSC Identity and Privacy Assurance 3

Identity and Privacy Assurance

Identity AssurancePrivacy Assurance

Individual

IdentityLevels ofIdentity Assurance

Safeguarding of Identity Data

Strength of Binding

NSF Workshop on Fundamental Research Challenges for Trustworthy Biometrics 2010

Dr. Colin Soutar 4

CSC Identity and Privacy Assurance 4

Identity Assurance -> Enterprise

IdentityAssurance

(transaction)

IdentityProofing

(enrollment)

IdentityAuthentication(transaction)

= +

Ability to Support Level of Assurance

(LOA)

Strength of Function

Assurance ofConformance

Uniqueness of Identity

Interoperability

NSF Workshop on Fundamental Research Challenges for Trustworthy Biometrics 2010

Dr. Colin Soutar 5

CSC Identity and Privacy Assurance 5

Biometric Identification and Verification• Biometric Identification used as part of Identity Proofing

– Relatively Mature and Controllable Applications• Distinguish individuals in a large population, Border and Immigration, Forensic ,

Interoperability– Supervised

• Mitigates spoofing– Dedicated Sensors– Secure Data Storage

• Biometric Verification used on a daily basis as part of an authentication mechanism– Verification needs to authenticate a user to a certain strength of function– Remote authentication

• Non-supervised– Diverse Systems (and thus Performance)

• Sensors, Algorithms, Unsecured memory– Biometric Verification modality or algorithms (and thus templates) not be the same – Conformance required, not necessarily interoperability– Cross Jurisdictional

NSF Workshop on Fundamental Research Challenges for Trustworthy Biometrics 2010

Dr. Colin Soutar 6

CSC Identity and Privacy Assurance 6

Biometrics in Multi-Factor Environment

• How should these be used in practice:1. Determine level of performance on varied platforms2. Evaluate other potential vulnerabilities and combine to create overall strength

of function3. Align commensurable biometric strength of function with other authentication

factors to support resulting level of Identity Assurance

• Template Protection Techniques – Self protecting templates– Application-specific templates

• Intra-class variation versus discrimination– Error correction codes and data leakage– Crypto-analysis

• Interface analysis– Security Evaluation

• Liveness checks

NSF Workshop on Fundamental Research Challenges for Trustworthy Biometrics 2010

Dr. Colin Soutar 7

CSC Identity and Privacy Assurance 7

Questions?

csoutar@csc.com416 644 8640.

NSF Workshop on Fundamental Research Challenges for Trustworthy Biometrics 2010

Dr. Colin Soutar 8

CSC Identity and Privacy Assurance 8

• Government and industry identity and privacy initiatives and standards bodies

Identity and Privacy Assurance Standards

National Security Telecommunications Advisory Committee (NSTAC) workinggroupsANSI/INCITS M1 standards (Biometrics; Privacy)Radio Technical Commission for Aeronautics (RTCA)Armed Forces Communications and Electronics Association (AFCEA)TechAmericaACT Canada ELSACenter for Identification Technology Research (Citer)International SC 37 Standards – BiometricsInternational SC 27 Standards – IT SecurityCanadian National Committee on Identity ManagementSmart Card AllianceAll Hazards Consortium (AHC)Inter-Agency Advisory Board (IAB)KantaraOasis(U.S.) National Strategy for Trusted Identities in Cyberspace

NSF Workshop on Fundamental Research Challenges for Trustworthy Biometrics 2010

Dr. Colin Soutar 9

CSC Identity and Privacy Assurance 9

Levels of Assurance

Identity Assurance Framework

Identity Authentication

Identity Proofing

Identity Providers

Privacy ProfileDocumentsDevicesBiometric attributesBiographical dataEvents or knowledge

Service Providers(government,health care, financial,defence etc.

Accreditatione.g. ICAM Trust FrameworkProvider Adoption Process

Certificatione.g. Kantara Identity Assurance Certification Program

Jurisdictional (by geography or industry) Directives, Privacy Policies, andPrivacy Principles

Users

Identity Assurance

Kantara Identity Assurance Framework