27-11-2012, 01:03 PM
Privacy & Identity - Security and Usability: The viability of Passwords & Biometrics
1Privacy & Identity.ppt (Size: 209.5 KB / Downloads: 32)
Empirical Data
Yearly cyber crime cost in the US is over $377 million and rising – CSI/FBI Study
Federal Trade Commission found that identity theft accounted for $48 billion in losses to business over the past five years
Background on Passwords & Biometrics
Passwords
Ubiquitous Technology
Passwords are one of the oldest authentication methods.
Many organizations and institutions have used passwords for computer access since 1963 when Fernando J. Corbato added private codes to the CTSS at MIT
Biometrics
First introduced in the 1970s and early 1980s
This technology gathers unique physiological or behavioral attributes of a person for storing it in a database or comparing it with one already found in a database.
Reason for biometrics include the positive authentication and verification of a person and ensuring confidentiality of information in storage or in transit
Biometrics
2 Categories of Biometrics
Physiological – also known as static biometrics: Biometrics based on data derived from the measurement of a part of a person’s anatomy. For example, fingerprints and iris patterns, as well as facial features, hand geometry and retinal blood vessels
Behavioral – biometrics based on data derived from measurement of an action performed by a person and, distinctively, incorporating time as a metric, that is, the measured action. For example, voice (speaker verification)
Biometrics – How do they work?
Although biometric technologies differ, they all work in a similar fashion:
The user submits a sample that is an identifiable, unprocessed image or recording of the physiological or behavioral biometric via an acquisition device (for example, a scanner or camera)
This biometric is then processed to extract information about distinctive features to create a trial template or verification template
Templates are large number sequences. The trial template is the user’s “password.”
Conclusion
All authentication methods are prone to errors. Nevertheless, reliable user authentication must ensure that an attacker cannot masquerade as a legitimate user
Biometrics is uniquely bound to individuals and may offer organizations a stronger method of authentication
Biometric systems are not foolproof; they can be compromised by:
Submission of another person’s biometric
Submission of enrollee’s biometric with the user under duress or incapacitated
A prudent balance between Security and Privacy needs to be achieved