Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Biometrics - Basics

1 228 vues

Publié le

Biometrics - Basics - May 2013

Publié dans : Formation, Technologie, Business
  • Soyez le premier à commenter

Biometrics - Basics

  1. 1. Franck Franchin1
  2. 2. Franck Franchin - © 2013 Automated process to identity and authenticatehumans based on one or more physical orbehavioral traits Based on assessment that each human being isunique and that this uniqueness allowsidentification2
  3. 3. Franck Franchin - © 2013 You have to prove who you are ?◦ Something you know: PIN, password...◦ Something you have: key, token, card...◦ Something you are: a biometric… Biometrics encompass:◦ Voice◦ Fingerprint & Palmprint◦ Facial Recognition◦ Eye (iris, retinal patterns)◦ Vein Because it can be fooled, it should be implemented into2-factor or 3-factor authentication3
  4. 4. Franck Franchin - © 2013 Unique ID Third Authentication Factor Hard to forge by basic hackers Forget, Loss, Stealth and Borrow most difficult… Allows to know WHO did WHAT, WHERE andWHEN Unequivocally link to acting person(accountability)4
  5. 5. Franck Franchin - © 2013 Success Rate Issue (dirt for finger, diabete foreye, flu for voice) Privacy Revocation Cost Permanence risk (resistance to ageing) Acceptability by people5
  6. 6. Franck Franchin - © 2013 Physiological◦ fingerprint recognition◦ palm print recognition◦ palm geometry◦ facial recognition◦ voice recognition◦ retinal scans◦ iris scans Behavorial◦ typing rhythm/patterns (keystroke)◦ accents and speaking rhythms◦ gait (locomotion behavior)◦ writing speed and pressure (signature matching)6
  7. 7. Franck Franchin - © 2013 Not two fingerprints are alike High level of acceptance by people Template easily generated from minutiae pointsand/or ridges and/or valleys Different types of sensors : thermal, optical,capacitance, minutiae-based7
  8. 8. Franck Franchin - © 2013 Ability of discriminating identical twins with sameDNA Low level of acceptance by people Relatively expensive (processing power andstorage)8
  9. 9. Franck Franchin - © 2013 Police Immigration ATM School (library, lunch, …) Payment in Stores Site Access Control9
  10. 10. Franck Franchin - © 2013 Enrollment◦ Samples of the biometric are captured and processed◦ Unique features of these samples are extracted andcomputed which generates a ‘template’◦ From this template, it’s not possible to go back to theoriginal biometric Authentication or Identification◦ The biometrics system captures the biometric of the ’livebiometric’ and searches for a match against its databaseof templates Revocation10
  11. 11. Franck Franchin - © 2013 Biometrics matching process is based onthreshold detection - False acceptances/rejections Sensor tolerance Anonymation information loss (for somealgorythms) Some people categories always rejected (twins,aged people) ? Attended or unattended system (fake/deadfinger) ?11
  12. 12. Franck Franchin - © 2013 Aside IT regular vulnerabilities and risks,biometrics solutions are sensitive to specificthreats :◦ Attack to the biometric sensor◦ Spoofing (cutoff finger, gummy finger, photography of irispattern)◦ Mimicry (signature and voice)◦ Eavesdropping or man-in-the middle between the sensorand the template repository◦ Template insertion using compromise IT or admin !12
  13. 13. Franck Franchin - © 2013 How to protect the biometric template ?◦ Hashing : template are protected, revokable and rewable◦ But one has to prove it’s impossible to get back to the original key(one-way function cyphering)◦ The best solution : public-key encryption which cyphers templatesand deciphers only during access control◦ Mix architectures involve session keys too (public-key and privatekey schemes) Innovative ways◦ During the enrollment process, combining the biometric imagewith a digital key to create a secure block of data. Key can bethen retrieved using the biometric ! (but the key is independent ofthe biometric, mathematically speaking !)13
  14. 14. Franck Franchin - © 2013 Once compromise, a biometric trait wouldn’t be reused –hence if someone copy your finger, the only way torevoke your finger would be to cut it ? Hum… Physical biometric is different from store template ! If your password is lost or compromised, you have tochange your password AND the password accesscontrol storage… In biometrics, you can’t change your ‘pwd’ (aka yourbiometric) but you can revoke the stored encryptedtemplate14