Uid security
•
3 j'aime•1,925 vues
Security Audit in UID (Unique Identification) Biometric System.
![Agenda ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7)
Recommandé
Recommandé
Contenu connexe
Tendances
Tendances (20)
En vedette
En vedette (17)
Similaire à Uid security
Similaire à Uid security (20)
Dernier
Dernier (20)
Uid security
- 1. Security Audit in UID Biometric System
- 3. What is UID? Is an ambitious project initiated by government of India to give each Indian Resident a Unique ID (UID) Number that can establish their identity at any place, any time.
- 8. UID Agencies
- 11. Typical Biometric System Functions Enrollment Data acquisition Transmission Signal Processing Decision Data Storage Matching
- 12. Risks and vulnerabilities in the system
- 13. Threats and Counter Measures Location Threats Counter measures Data collection Spoofing Multimodal biometrics Device substitution Have authenticated, trusted devices Raw data transmission Reading/modification of data Sign in data, have session tokens Signal processing Component replacements Have digitally signed components and check integrity of the software Matching Manipulation of match scores Don’t allow processes to be running that introspect data and results coming back Hill Climbing Don’t provide detailed scoring data back to any 3 rd party Storage Database compromise Have database access controls, Sign and encrypt templates and store keys in a separate hardware Decision Threshold manipulation Protected function, data protection
Notes de l'éditeur
- Headed by a popular IT(Information Technology) Figure Mr. Nandan Nilekani as Chairman, whose rank is equal Cabinet Minister of Central Government. UID is a unique 16 digit number that is assigned to each individual in our billion-plus population, which will be used to identify the person for all interactions he or she will have with any public body, regulatory authority or law-enforcement agency. The UID along with the biometric data, will serve as a conclusive proof of identity across India, making it unnecessary for any citizen to carry multiple documentation from a variety of government agencies. It can be used while traveling, opening a bank account, getting a telephone connection, voting in elections and so on The Government hopes one immediate benefit will be the war on terror, with infiltrators and others finding it much harder to move around. People below the poverty line will find UID easier access to welfare schemes for their benefit, and not to find such aid diverted to those not entitled to them
- Headed by a popular IT(Information Technology) Figure Mr. Nandan Nilekani as Chairman, whose rank is equal Cabinet Minister of Central Government. UID is a unique 16 digit number that is assigned to each individual in our billion-plus population, which will be used to identify the person for all interactions he or she will have with any public body, regulatory authority or law-enforcement agency. The UID along with the biometric data, will serve as a conclusive proof of identity across India, making it unnecessary for any citizen to carry multiple documentation from a variety of government agencies. It can be used while traveling, opening a bank account, getting a telephone connection, voting in elections and so on The Government hopes one immediate benefit will be the war on terror, with infiltrators and others finding it much harder to move around. People below the poverty line will find UID easier access to welfare schemes for their benefit, and not to find such aid diverted to those not entitled to them
- Headed by a popular IT(Information Technology) Figure Mr. Nandan Nilekani as Chairman, whose rank is equal Cabinet Minister of Central Government. UID is a unique 16 digit number that is assigned to each individual in our billion-plus population, which will be used to identify the person for all interactions he or she will have with any public body, regulatory authority or law-enforcement agency. The UID along with the biometric data, will serve as a conclusive proof of identity across India, making it unnecessary for any citizen to carry multiple documentation from a variety of government agencies. It can be used while traveling, opening a bank account, getting a telephone connection, voting in elections and so on The Government hopes one immediate benefit will be the war on terror, with infiltrators and others finding it much harder to move around. People below the poverty line will find UID easier access to welfare schemes for their benefit, and not to find such aid diverted to those not entitled to them
- Headed by a popular IT(Information Technology) Figure Mr. Nandan Nilekani as Chairman, whose rank is equal Cabinet Minister of Central Government. UID is a unique 16 digit number that is assigned to each individual in our billion-plus population, which will be used to identify the person for all interactions he or she will have with any public body, regulatory authority or law-enforcement agency. The UID along with the biometric data, will serve as a conclusive proof of identity across India, making it unnecessary for any citizen to carry multiple documentation from a variety of government agencies. It can be used while traveling, opening a bank account, getting a telephone connection, voting in elections and so on The Government hopes one immediate benefit will be the war on terror, with infiltrators and others finding it much harder to move around. People below the poverty line will find UID easier access to welfare schemes for their benefit, and not to find such aid diverted to those not entitled to them
- Vulnerabilities Data collection Signal processing Data storage Matching Decission
- Vulnerabilities Data collection Signal processing Data storage Matching Decission
- The following are used as performance metrics for biometric systems:[3] false accept rate or false match rate (FAR or FMR) – the probability that the system incorrectly matches the input pattern to a non-matching template in the database. It measures the percent of invalid inputs which are incorrectly accepted. false reject rate or false non-match rate (FRR or FNMR) – the probability that the system fails to detect a match between the input pattern and a matching template in the database. It measures the percent of valid inputs which are incorrectly rejected. receiver operating characteristic or relative operating characteristic (ROC) – The ROC plot is a visual characterization of the trade-off between the FAR and the FRR. In general, the matching algorithm performs a decision based on a threshold which determines how close to a template the input needs to be for it to be considered a match. If the threshold is reduced, there will be less false non-matches but more false accepts. Correspondingly, a higher threshold will reduce the FAR but increase the FRR. A common variation is the Detection error trade-off (DET), which is obtained using normal deviate scales on both axes. This more linear graph illuminates the differences for higher performances (rarer errors). equal error rate or crossover error rate (EER or CER) – the rate at which both accept and reject errors are equal. The value of the EER can be easily obtained from the ROC curve. The EER is a quick way to compare the accuarcy of devices with different ROC curves. In general, the device with the lowest EER is most accurate. Obtained from the ROC plot by taking the point where FAR and FRR have the same value. The lower the EER, the more accurate the system is considered to be. failure to enroll rate (FTE or FER) – the rate at which attempts to create a template from an input is unsuccessful. This is most commonly caused by low quality inputs. failure to capture rate (FTC) – Within automatic systems, the p include all all are related to biometrics and can be imp to be mentioned
- The following are used as performance metrics for biometric systems:[3] false accept rate or false match rate (FAR or FMR) – the probability that the system incorrectly matches the input pattern to a non-matching template in the database. It measures the percent of invalid inputs which are incorrectly accepted. false reject rate or false non-match rate (FRR or FNMR) – the probability that the system fails to detect a match between the input pattern and a matching template in the database. It measures the percent of valid inputs which are incorrectly rejected. receiver operating characteristic or relative operating characteristic (ROC) – The ROC plot is a visual characterization of the trade-off between the FAR and the FRR. In general, the matching algorithm performs a decision based on a threshold which determines how close to a template the input needs to be for it to be considered a match. If the threshold is reduced, there will be less false non-matches but more false accepts. Correspondingly, a higher threshold will reduce the FAR but increase the FRR. A common variation is the Detection error trade-off (DET), which is obtained using normal deviate scales on both axes. This more linear graph illuminates the differences for higher performances (rarer errors). equal error rate or crossover error rate (EER or CER) – the rate at which both accept and reject errors are equal. The value of the EER can be easily obtained from the ROC curve. The EER is a quick way to compare the accuarcy of devices with different ROC curves. In general, the device with the lowest EER is most accurate. Obtained from the ROC plot by taking the point where FAR and FRR have the same value. The lower the EER, the more accurate the system is considered to be. failure to enroll rate (FTE or FER) – the rate at which attempts to create a template from an input is unsuccessful. This is most commonly caused by low quality inputs. failure to capture rate (FTC) – Within automatic systems, the p include all all are related to biometrics and can be imp to be mentioned