Introduction to BiometricsOutlineWhat is Biometrics?What is the Process?Why Biometrics?Why Biometrics? (Continued)Slide 7Why Biometrics? (Concluded)Biometrics ResourcesBiometrics Resources: What is academia doing?Biometrics Resources: What is Industry doing?Biometrics Resources: What is Government doing?Activities of NISTActivities of NIST (Continued)Activities of NIST (Concluded)What is Secure Biometrics?Security VulnerabilitiesSecurity and Privacy for BiometricsRevisiting Topics CoveredSlide 20Outline of the Course (Continued)Slide 22Slide 23Outline of the Course (Concluded)Some Exploratory Research Areas not coveredSome Useful Reference BooksIntroduction to BiometricsDr. Bhavani ThuraisinghamThe University of Texas at DallasLecture #4Introduction to BiometricsAugust 31, 2005OutlineIntroduction to Biometrics-What is Biometrics?-What is the Process?-Why Biometrics?Biometrics ResourcesWhat is Secure BiometricsRevisiting Topics to be coveredSome exploratory research areasSome useful reference booksWhat is Biometrics?Biometrics are automated methods of recognizing a person based on a physiological or behavioral characteristicFeatures measured: Face, Fingerprints, Hand geometry, handwriting, Iris, Retinal, Vein and VoiceIdentification and personal certification solutions for highly secure applicationsNumerous applications: medical, financial, child care, computer access etc.What is the Process?Three-steps: Capture-Process-VerificationCapture: A raw biometric is captured by a sensing device such as fingerprint scanner or video cameraProcess: The distinguishing characteristics are extracted from the raw biometrics sample and converted into a processed biometric identifier record-Called biometric sample or templateVerification and Identification-Matching the enrolled biometric sample against a single record; is the person really what he claims to be?-Matching a biometric sample against a database of identifiersWhy Biometrics?Biometrics replaces Traditional Authentication MethodsProvides better securityMore convenientBetter accountabilityApplications on Fraud detection and Fraud deterrenceDual purpose-Cyber Security and National SecurityWhy Biometrics? (Continued)Authentication mechanisms often used are User ID and PasswordsHowever password mechanisms have vulnerabilities-Stealing passwords etc.Biometrics systems are less prone to attacksNeed sophisticated techniques for attacks-Cannot steal facial features and fingerprints-Need sophisticated image processing techniques for modifying facial featuresWhy Biometrics? (Continued)Biometrics systems are more convenientNeed not have multiple passwords or difficult passwords-E.g., characters, numbers and special symbols-Need not remember passwordsNeed not carry any cards or tokensBetter accountability-Can determine who accessed the system with less complexityWhy Biometrics? (Concluded)Dual Purpose-Cyber Security and National SecurityAccess to computer systems and networksFraud detection-Who has intruded the system?-Who has entered the building-Surveillance and monitoringFraud Deterrence-Because of biometrics systems, people are nervous to commit crimes-Stealing from supermarkets and shops, etc.Biometrics ResourcesBiometrics Consortium is the major resource-www.biometrics.orgAnother Resource-http://www.biometricsinfo.org/Has Information on-Who is doing whatAcademia, Industry and Government-White papers on Biometrics technologiesFingerprint detection, facial recognition, Iris scanning, - - - -Biometrics Resources: What is academia doing?Michigan State University-Developing algorithms for fingerprint detection, etc.West Virginia University-Forensic identification initiativeSan Jose State University -Mathematical conceptsBiometrics Resources: What is Industry doing?Focus is on building faster and cheaper devicesMore accuracy, less false positives and negativesIncorporating biometrics into mobile devices, SmartcardsBiometrics in healthcare: delivering medication to correct patientsBiometrics in child care: Children are picked up by those authorizedProtecting digital content-Ensuring that voice and video are not alteredVendors: http://www.biometricsinfo.org/vendors.htmBiometrics Resources: What is Government doing?NSA (National Security Agency)-Research on protecting critical information systemsDoD (Department of Defense)-Biometrics Management Office-Provide Armed forces access to Biometrics systems for combat operationsINS/DHS (Department of Homeland Security; Immigration and Nationalization Service)-Biometrics technologies at AirportsNIST (National Institute of Standards and Technologies)-Major player in BiometricsActivities of NISTMeasurements, Testing and Standards is NIST’s missionFocus on Biometrics StandardsActivities-Biometrics Consortium-Common Biometric Exchange File Format-Biometric Interoperability, Performance and Assurance Working Group-BioAPI Consortium-Various StandardsActivities of NIST (Continued)Biometrics Consortium is the Government focal point for research, development and testing of Biometric products and technologiesCommon Biometric Exchange File Format is a product of the consortium to develop common fingerprint template formatsBiometrics Interoperability working group promotes common definitions and concepts for exchanging information between national and international partnersBioAPI consortium develops common Application Programming Interfaces for biometrics technologiesActivities of NIST (Concluded)NIST is developing standards for the following:-Finger image format for data Interchange-Face image format for data interchange-Iris image format for data interchange-Signature image format for data interchangeNIST is working with International standards organizations for joint standards-ISO (International Standards Organization)What is Secure Biometrics?Study the attacks of biometrics systems-Modifying fingerprints-Modifying facial featuresDevelop a security policy and model for the system-Application independent and Application specific policies-Enforce Security constraintsEntire face is classified but the nose can be displayed -Develop a formal model-Formalize the policyDesign the system and identify security critical components-Reference monitor for biometrics systemsSecurity VulnerabilitiesType 1 attack: present fake biometric such
View Full Document