12
Biometric Authentication: Security Issues M. Fahim Zibran February 23, 2009
| Date post: | 20-Dec-2015 |
| Category: |
Documents |
| View: | 214 times |
| Download: | 1 times |
Biometric Authentication: Security Issues
M. Fahim ZibranFebruary 23, 2009
AuthenticationDefinition:
• “Authentication is the binding of an identity to a subject.”
• “[Any] security measure designed to establish the validity of a transmission, message, or originator, or a means of verifying an individual’s authorization to receive specific categories of information.”
Mechanisms
• knowledge based
• possession based
• physiological/behavioral trait (Biometric)
2
Biometric Authentication• Fingerprint - 7000 to 6000 BC by the ancient Assyrians and Chinese.• Clay pottery and clay seals
Security Issues
•Is biometric revocable?
•How reliably unique the biometrics are?
•How universal are the biometrics are?
•Are biometric traits invariant?
•How universal are the biometrics are?
•Biometrics have secondary uses.
Security Issues (contd.)
Security Issues (contd.)• False sample presentation
• spoofing
• Sensor issues
• noise and distortion
• sensor characteristics
• unavailability of identical sensors
• Segmentation
• denial of service attack
• Feature extraction and QA
• exploit knowledge about algorithm
Security Issues (contd.)• Template creation
• Is it one-way function?
• Data storage
• large data size
• cryptographic hashes not applicable
• database security
• Matching
• determining set of modality
• weights on modality
Security Issues (contd.)
• Decision
• based on statistical threshold
• configurable threshold level
• susceptible to human error
Security Issues (contd.)
Security Issues (contd.)Classification of Vulnerability
• Circumvention
• Covert acquisition (contamination)
• Collusion and Coercion
• Denial of Service (DoS)
• Repudiation
Towards Increased Security
•Multimodal authentication
•Template encryption
•Revokable biometric
Summary• biometric authentication relieves from
remembering passwords.
• accuracy is highly dependent on sensor and signal quality.
• decision is made based on statistical threshold.
• originally biometric is non-revokable, but distortion based algorithms may allow revokable use.
