minimizing flight risks: biometric airport deployments 25 june, 2003 biometritech tony moore, senior...
Post on 20-Dec-2015
216 views
TRANSCRIPT
Minimizing Flight Risks: Minimizing Flight Risks: Biometric Airport DeploymentsBiometric Airport Deployments
25 June, 200325 June, 2003
BiometriTechBiometriTech
Tony Moore, Senior ConsultantTony Moore, Senior Consultant
www.biometricgroup.comwww.biometricgroup.com© Copyright 2003
International Biometric Group
© Copyright 2003 International Biometric Group Page 2www.biometricgroup.com
AgendaAgenda
About International Biometric Group Real-World Biometrics: Strengths and Weaknesses Air Travel Applications and Deployments
– Surveillance and Screening– Trusted Traveler Programs– Employee Physical Access
U.S. Legislation and International Standards
© Copyright 2003 International Biometric Group Page 3www.biometricgroup.com
About International Biometric GroupAbout International Biometric Group
© Copyright 2003 International Biometric Group Page 4www.biometricgroup.com
About International Biometric GroupAbout International Biometric Group
Independent biometric consulting, technology solutions and research firm
Founded in 1996 Offices in New York City, Washington, D.C. & London
– Operate BiometricStore™, a hands-on showroom and test facility with over 100 hardware and software solutions
Technology-neutral and vendor-independent– Extensive experience across all biometric technologies– IBG does not resell or distribute biometric hardware or software
Key differentiator: breadth of biometric experience and capabilities
© Copyright 2003 International Biometric Group Page 5www.biometricgroup.com
Core CapabilitiesCore Capabilities
Biometric Consulting– Build long-term product and solution development strategies – Perform feasibility studies on large-scale biometric usage– Develop market entry strategies including partnership and acquisition
opportunities Biometric Technology Solutions
– Evaluate, design and deploy custom biometric solutions for IT security, e-commerce, access control, public sector ID systems
– Provide standards-compliant, interoperable solutions for employee, customer, and citizen authentication
Biometric Research– Biometric Market Report 2003-2007– Conduct annual Comparative Biometric Testing (“CBT”), industry’s
leading scenario-based system testing– Multimodal biometrics and fusion
© Copyright 2003 International Biometric Group Page 6www.biometricgroup.com
Representative IBG ClientsRepresentative IBG Clients
Technology & Transportation
Federal - State - Local Government Agencies
FinancialServices
American Airlines California DMV AIG
DieboldFederal Aviation Administration
Charles Schwab
EDS World Bank Chase Manhattan Bank
Ingersoll-Rand Ontario, CA MBS Citibank
IntelNational Institute of
JusticeDresdner Bank
Amer.Assoc of Motor Vehicle Administrators (AAMVA) NYPD Fidelity Investments
Lockheed Martin Transport Canada FSTC
MicrosoftWhite House Office of
Science & Technology Policy Visa
Raytheon
© Copyright 2003 International Biometric Group Page 7www.biometricgroup.com
Real-World Biometrics:Real-World Biometrics:Strengths and WeaknessesStrengths and Weaknesses
© Copyright 2003 International Biometric Group Page 8www.biometricgroup.com
Biometric Technologies for Air TravelBiometric Technologies for Air Travel
Technologies to know– AFIS (Automated Fingerprint Identification System)– Finger-Scan– Hand-Scan– Facial-Scan– Iris-Scan– Multi-biometric and fusion solutions must also be evaluated
Biometric technology and devices are a only a part of the overall equation: much more must be addressed– Secure infrastructure– Standards compliance– Interoperability with other systems– Privacy design– Migration path to new devices and approaches
© Copyright 2003 International Biometric Group Page 9www.biometricgroup.com
AFISAFIS
Why is it relevant?– Only technology proven capable of providing accurate and
scalable 1:N operations – Technology is directly aligned with finger-scan (1:1 usage of
fingerprints for authentication) What are the risks?
– Privacy perception: users fear that fingerprints are being sent for criminal investigation
– Multiple fingerprints (likely 2) must be acquired for highly reliable scalability
© Copyright 2003 International Biometric Group Page 10www.biometricgroup.com
Finger-ScanFinger-Scan
Why is it relevant?– Broadest usage history in 1:1 transactional authentication – Easier to use than most competing 1:1 approaches– Alignment with initial AFIS searches, if applicable
What are the risks?– Privacy perception: association with criminal uses of fingerprints– Constant contact can wear down devices– Devices must be designed for intuitive operation– Need alternative procedures for those who cannot enroll
© Copyright 2003 International Biometric Group Page 11www.biometricgroup.com
Hand-ScanHand-Scan
Why is it relevant?– The most proven technology for passenger movement in air
travel applications– Reliable, proven, stable core technology
What are the risks?– No ability to provide 1:N operation– Form factor limits deployment strictly to access control – difficult
to build a highly multi-functional system
© Copyright 2003 International Biometric Group Page 12www.biometricgroup.com
Facial-ScanFacial-Scan
Why is it relevant?– Only technology capable of surveillance operations– Can perform rudimentary 1:N searches on enrollment, identifying
a number of potential “matches”– Hands-free operation
What are the risks?– Core technology has improved, but accuracy still a major issue– Challenges in overcoming sub-optimal lighting, changes in facial
features, acquisition at angles– Cannot reliably identify a single person from a large database– Possible discrimination issues based on age and ethnic
background
© Copyright 2003 International Biometric Group Page 13www.biometricgroup.com
Iris-ScanIris-Scan
Why is it relevant?– Unique combination of accuracy and hands-free operation– Can provide 1:N searches on enrollment along with reliable 1:1
operation– Can operate in cardless mode, using iris for identification
What are the risks?– Iris acquisition requires well-trained, motivated, capable users– Scalability in 1:N operation an unknown – how will performance
change at 10,000 users, 100,000 users?– Closed technology: one core supplier
© Copyright 2003 International Biometric Group Page 14www.biometricgroup.com
Multiple Biometric ApplicationsMultiple Biometric Applications
Multiple Biometrics– Using more than one biometric technology for initial enrollment or
transactional authentication, using serial or weighted voting Why is it relevant?
– Ability to enroll those users unable to enroll in primary biometric– Ability to reduce false match rates– Ability to execute more rapid 1:N enrollment searches
What are the risks?– Likely to increase false rejection rates– More time-consuming, complex transactions– More complex, costly systems architecture– Largely unproven in operational environments
© Copyright 2003 International Biometric Group Page 15www.biometricgroup.com
Air Travel ApplicationsAir Travel Applications
© Copyright 2003 International Biometric Group Page 16www.biometricgroup.com
Uses of Biometrics in Air TravelUses of Biometrics in Air Travel
Passenger-facing– Surveillance and Screening
• A much more challenging application than “trusted traveler” authentication from a core technology perspective
• Passenger viewed more as potential risk than as customer
– Registered (Trusted) Traveler Programs• Proven successful over time in several airports
• Card-based and cardless models in deployment
• Question of security versus convenience
• Passenger viewed as both a customer and citizen
Employee-facing– Access control (finger-scan, hand-scan, iris-scan)– Background checks (fingerprinting)
© Copyright 2003 International Biometric Group Page 17www.biometricgroup.com
Typical Biometric Travel DeploymentsTypical Biometric Travel Deployments
Heathrow Airport Iris-scan Passenger authentication in airport
Schipol Iris-scanPassenger authentication for border
passage
INSPASS Hand-scanPassengers in immigration lines (North
American Airports)
Keflavik Airport Facial-scan Passenger surveillance against watch list
San Francisco Airport
Hand-scan Employee access in airport
Border Crossing Face & Hand Day workers to be identified (Israel)
Ben Gurion Hand-scan Israeli citizens circumvent lines
O'Hare Airport Finger-scan Employee cargo access (Chicago)
Asylum / Immigration
Finger-scanAsylum seekers carry smart cards (Dutch
Ministry of Justice)
Reagan National Finger-scan Background employee checks
© Copyright 2003 International Biometric Group Page 18www.biometricgroup.com
Surveillance and ScreeningSurveillance and Screening
Application objective: to locate, identify, and intercept wanted individuals in their movements through airports & facilities, utilizing a “watch list”
© Copyright 2003 International Biometric Group Page 19www.biometricgroup.com
Types of Surveillance and ScreeningTypes of Surveillance and Screening
Open Surveillance– Cameras positioned at locations past which some or all
passengers move Indirect Control Point
– Cameras positioned at choke points through which only one passenger proceeds at a time
Direct Control Point– Cameras positioned at points where passengers stop under the
direct observation of security personnel
DirectControl Point
IndirectControl Point
OpenSurveillance
Less Effective More Effective
More Impact on Current
Processes
Less Impact on Current
Processes
© Copyright 2003 International Biometric Group Page 20www.biometricgroup.com
Surveillance and Screening ChallengesSurveillance and Screening Challenges
Successful facial-scan identification requires the following– A cooperative, “posed” user looking directly at a camera– A stable acquisition environment– Dedicated, high-quality cameras– High-quality enrollment images– A reasonable ratio of “wanted” suspects to surveilled individuals
Identification is only as robust as the quality of enrollment images– Enrolling individuals from low-quality static images renders
accurate matching extremely difficult Future 3-D face and/or morphing technologies have
potential
© Copyright 2003 International Biometric Group Page 21www.biometricgroup.com
Surveillance and Screening: Key Variables Surveillance and Screening: Key Variables
1. How many records are in the “watch list” database?2. How were they enrolled (photo, still, multi-image)?
– Real-world watch lists may be built on poor quality images
3. What is the rate of subject movement through control points?– Directly impacts sustainable false match and non-match rates
4. What type of surveillance / screening is being implemented?
5. Are subjects cooperative, non-cooperative, or uncooperative?
6. How are true and false matches / non-matches defined?– To what extent is operator judgment applied?
7. Are aging and other appearance-related variables accounted for?
© Copyright 2003 International Biometric Group Page 22www.biometricgroup.com
Registered Travel / Frequent Travel ProgramsRegistered Travel / Frequent Travel Programs
Application objectives
– Primary: to increase convenience for travelers less likely to pose security risks
– Secondary: to differentiate airport / airline service against less tech-savvy competition
– Secondary: to increase security by focusing enforcement resources on unknown or less trusted individuals
© Copyright 2003 International Biometric Group Page 23www.biometricgroup.com
Registered Traveler DeploymentsRegistered Traveler Deployments
Among the most visible, successful pilots and deployments in the history of biometrics
Heathrow (Virgin and BA): iris Schipol (EU): iris SmartGate (Australia, Qantas): face CANPASS (Canada): iris Ben Gurion (Israel): hand INSPASS (U.S.): hand
© Copyright 2003 International Biometric Group Page 24www.biometricgroup.com
Characteristics of Current ProgramsCharacteristics of Current Programs
Opt-in Kiosk-based Driven by convenience more than security Relatively small-scale, little to no impact on overall
passenger processing (except Ben Gurion) Mostly trial-phase
© Copyright 2003 International Biometric Group Page 25www.biometricgroup.com
Primary Deployment IssuesPrimary Deployment Issues
Establishing biometric infrastructure and process flow Technology, vendor, and device selection Storage of biometric information Exception processing Balancing security and convenience
© Copyright 2003 International Biometric Group Page 26www.biometricgroup.com
Trusted Travel vs. Universal AuthenticationTrusted Travel vs. Universal Authentication
Trusted TravelState-Driven Passport /
Visa Clearance
Standalone solutions on an airport-per-airport basis
Requires general interoperability across airports and jurisdictions
Limited enrollment and transactional loads
Massive transactional loads and impact on infrastructure
Can be proprietary Must be standards-compliant
Compliant user population motivated to use technology
Ambivalent user base
Inability to enroll a nuisance, at worst
Technology or technologies must be available to all users
Supported by fees May be subsidized but less
likely to be fee-driven
© Copyright 2003 International Biometric Group Page 27www.biometricgroup.com
Challenge for Universal AuthenticationChallenge for Universal Authentication
188 ICAO Nations 700 million machine readable travel documents issued Currently minimal exit tracking In US alone:
– 505 million primary inspections / year– 8.4 million visa applications in FY2002; 50m applications on file – 422 ports of entry (this also includes land and sea)
© Copyright 2003 International Biometric Group Page 28www.biometricgroup.com
Potential ImplicationsPotential Implications
Few “lessons learned” from opt-in travel programs are applicable to mandatory issuance programs…
Technology selection may change– Security becomes a higher concern than convenience– Technology must work quickly for unskilled users– Alignment with large-scale enrollment searches may be required
International cooperation necessary Trusted Travel programs may become redundant or
obsolete; may also provide a model for moving forward
© Copyright 2003 International Biometric Group Page 29www.biometricgroup.com
Employee Physical AccessEmployee Physical Access
Application objective: to verify employee identity to grant access to secured areas in airports and airplanes, and to deter unauthorized persons from accessing such facilities
© Copyright 2003 International Biometric Group Page 30www.biometricgroup.com
Physical Access ChallengesPhysical Access Challenges
Failure to Enroll and False Reject Rate performance will be critical
Existing processes must change to assimilate biometrics– May result in reduced convenience
Costs driven by number of portals and integration with legacy infrastructure
Must determine least privacy-invasive use of biometrics
© Copyright 2003 International Biometric Group Page 31www.biometricgroup.com
U.S. Legislation and U.S. Legislation and International StandardsInternational Standards
© Copyright 2003 International Biometric Group Page 32www.biometricgroup.com
U.S. Aviation and Transportation Security Act of U.S. Aviation and Transportation Security Act of 20012001• Sec 106(a) – Biometric or other technology that verifies
each employee who enters secure area of airport• Sec 106(c) – Pilot programs in at least 20 U.S. airports
for access to secure areas…may include biometric or other technology that ensures only authorized access
• Sec 109 – TSA shall establish requirements for a trusted passenger program
• Sec 109 – Biometrics or other technologies to prevent a person who might be a threat from boarding
© Copyright 2003 International Biometric Group Page 33www.biometricgroup.com
U.S. Enhanced Border Security and Visa Entry U.S. Enhanced Border Security and Visa Entry Reform Act of 2002Reform Act of 2002• Sec 102(a) – $150MM for technology improvements• Sec 303(b)(1) – U.S. will issue to aliens only machine-
readable, tamper resistant visas and travel and entry documents that use biometric identifiers
• Sec 303(c)(1) – Visa Waiver Program: countries must issue machine readable passports that incorporate biometric identifiers
© Copyright 2003 International Biometric Group Page 34www.biometricgroup.com
Implications on International CommunityImplications on International Community
Aviation and Transportation Security Act– Visiting airline employees required to submit biometric identifier
in order to be granted access to secure areas– Visiting airline employees required to learn new security
measures incorporating biometric system Enhanced Border Security and Visa Entry Reform Act
– Visa Waiver Nations required to cooperate with U.S. regulations or be disqualified from program
– Countries wishing to comply must install biometric system by October 2004
– International visitors will need to submit biometric identifier at U.S. visa office
© Copyright 2003 International Biometric Group Page 35www.biometricgroup.com
ICAO (International Civil Aviation Organization)ICAO (International Civil Aviation Organization)
ICAO guidelines concerning biometrics– Recently selected facial-scan technology as the first choice for
integration into passports and other Machine Readable Travel Documents (MRTDs)
– Recommended use of high-capacity, contact less integrated circuit (IC) chips to store ID information in MRTDs
Implications for International Community– Must follow ICAO guidelines or go against guidelines
• Not enough storage space to have a secondary biometric on passports
– Possible emergence of different standards– Concerns about large-scale facial-scan deployment