The Need for Biometric Authentication

Similar documents
Define information security Define security as process, not point product.

Ethics and Information Security. 10 주차 - 경영정보론 Spring 2014

Lecture 9 User Authentication

CPET 499/ITC 250 Web Systems Chapter 16 Security. Topics

Syllabus: The syllabus is broadly structured as follows:

COMPUTER NETWORK SECURITY

Authentication Methods

Biometrics. Overview of Authentication

AIT 682: Network and Systems Security

Authentication. Identification. AIT 682: Network and Systems Security

In this unit we are continuing our discussion of IT security measures.

CSC 474 Network Security. Authentication. Identification

Protecting Information Assets - Week 10 - Identity Management and Access Control. MIS 5206 Protecting Information Assets

Information Security & Privacy

Authentication. Chapter 2

HIPAA Security. 3 Security Standards: Physical Safeguards. Security Topics

Hardening Fingerprint Authentication Systems Using Intel s SGX Enclave Technology. Interim Progress Report

Identity Based Attestation and Open Exchange Protocol Specification (IBOPS) Architecture and Security

Security Policies and Procedures Principles and Practices

Authentication Objectives People Authentication I

Network Security and Cryptography. December Sample Exam Marking Scheme

CS System Security Mid-Semester Review

Role of Biometrics in Cybersecurity. Sam Youness

AWS continually manages risk and undergoes recurring assessments to ensure compliance with industry standards.

CompTIA Security+ (Exam SY0-401) Course 01 Security Fundamentals

Introduction to Information Security Dr. Rick Jerz

Physical and Environmental Security Standards

Computer Security 3e. Dieter Gollmann. Security.di.unimi.it/1516/ Chapter 4: 1

Development Authority of the North Country Governance Policies

Stuart Hall ICTN /10/17 Advantages and Drawbacks to Using Biometric Authentication

Computer Security: Principles and Practice

CND Exam Blueprint v2.0

Comptia.Certkey.SY0-401.v by.SANFORD.362q. Exam Code: SY Exam Name: CompTIA Security+ Certification Exam

CIS 6930/4930 Computer and Network Security. Topic 6. Authentication

DFARS Requirements for Defense Contractors Must Be Satisfied by DECEMBER 31, 2017

Keystroke Dynamics: Low Impact Biometric Verification

Information Security Identification and authentication. Advanced User Authentication II

Who are you? Enter userid and password. Means of Authentication. Authentication 2/19/2010 COMP Authentication is the process of verifying that

KuppingerCole Whitepaper. by Dave Kearns February 2013

AIT 682: Network and Systems Security

FRONT RUNNER DIPLOMA PROGRAM Version 8.0 INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months

Authentication Technology Alternatives. Mark G. McGovern Chief Technologist Smart Cards, Crypto, Stego, PKI Lockheed Martin

BIOMETRIC MECHANISM FOR ONLINE TRANSACTION ON ANDROID SYSTEM ENHANCED SECURITY OF. Anshita Agrawal

Post-Class Quiz: Access Control Domain

Data Security at Smart Assessor

CS530 Authentication

Biometric Security Roles & Resources

The epassport: What s Next?

HIPAA Compliance Checklist

Paul A. Karger

Security+ SY0-501 Study Guide Table of Contents

CS System Security 2nd-Half Semester Review

EXAM - CAS-002. CompTIA Advanced Security Practitioner (CASP) Exam. Buy Full Product.

Access Controls. CISSP Guide to Security Essentials Chapter 2

Congratulations! You just ordered IdentaMaster software package featuring Biometric login, File/Folder Encryption and Entire Drive Encryption.

Identification, authentication, authorisation. Identification and authentication. Authentication. Authentication. Three closely related concepts:

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

CIS 4360 Secure Computer Systems Biometrics (Something You Are)

HELPFUL TIPS: MOBILE DEVICE SECURITY

Chapter 3: User Authentication

Introduction To IS Auditing

CSWAE Certified Secure Web Application Engineer

CHAPTER 3. Information Systems: Ethics, Privacy, and Security

SIMATIC. Process Control System PCS 7 Symantec Endpoint Protection 11.0 Configuration. Using virus scanners 1. Configuration 2. Commissioning Manual

The Eight Rules of Security

User Authentication. Modified By: Dr. Ramzi Saifan

Unit 2 Essentials of cyber security

State of Colorado Cyber Security Policies

CompTIA JK CompTIA Academic/E2C Security+ Certification. Download Full Version :

CSCI 667: Concepts of Computer Security

Biometric Device Assistant Tool: Intelligent Agent for Intrusion Detection at Biometric Device using JESS

itexamdump 최고이자최신인 IT 인증시험덤프 일년무료업데이트서비스제공

IT443 Network Security Administration Spring Gabriel Ghinita University of Massachusetts at Boston

HASTINGS HIGH SCHOOL

Overview. Computer Network Lab, SS Security. Type of attacks. Firewalls. Protocols. Packet filter

Study on Computer Network Technology of Digital Library

Online Services Security v2.1

INTERNET SAFETY IS IMPORTANT

Tiger Scheme QST/CTM Standard

Data Communication. Chapter # 5: Networking Threats. By: William Stalling

HIPAA Federal Security Rule H I P A A

CSE 3482 Introduction to Computer Security. Introduction to Information/Computer Security

From the Iriscode to the Iris: A New Vulnerability Of Iris Recognition Systems

Smart Card and Biometrics Used for Secured Personal Identification System Development

Smart Cards and Authentication. Jose Diaz Director, Technical and Strategic Business Development Thales Information Systems Security

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

Education Network Security

Overview of Information Security

2017 Annual Meeting of Members and Board of Directors Meeting

Wireless LAN Security (RM12/2002)

Operating Systems. Engr. Abdul-Rahman Mahmood MS, PMP, MCP, QMR(ISO9001:2000) alphapeeler.sf.net/pubkeys/pkey.htm

TPM v.s. Embedded Board. James Y

HY-457 Information Systems Security

Cybersecurity Survey Results

CSCE 548 Building Secure Software Biometrics (Something You Are) Professor Lisa Luo Spring 2018

What is Authentication? All requests for resources have to be monitored. Every request must be authenticated and authorized to use the resource.

ISACA CISA. ISACA CISA ( Certified Information Systems Auditor ) Download Full Version :

CompTIA Security+(2008 Edition) Exam

Lecture 14 Passwords and Authentication

12. Mobile Devices and the Internet of Things. Blase Ur, May 3 rd, 2017 CMSC / 33210

Transcription:

The Need for Biometric Authentication Presented previously at: InfoTec 2002 DefCon 10 in Las Vegas NebraskaCERT 2002 Mutual of Omaha ConAgra Foods Presented by: Nate Rotschafer Peter Kiewit Institute Revised: August 8, 2005

Multi-Stage Authentication Outline Background on Authentication General Network Security Need for High Grade Authentication Error Types Forms of Biometric Authentication Issues Surrounding Biometric Technology What s Hot? What s Not? Planning Points Discussion

Identification The method used by a system (not necessarily a computer) to uniquely identify an individual or group. Examples: User names, Driver s License, School ID, Security Badge, Passport

Authentication The method(s) used to verify the given identification. Examples: Passwords, Fingerprints, Iris Prints, Negotiation

Authorization Used by a system to determine if an authenticated user can have access to an object. Example: User belongs to a specific group, user has specific security clearance, etc.

Access A user is allowed access once they have authenticated and it is determined that the user is authorized to have access to an object.

Development of Authentication What you know What you have What you are Future Development: How you are...

Security IS NOT JUST: IS: Installing a firewall A product or service Running an audit and shutting things off A one time thing Working productively and without interruptions Only as good as the weakest link Risk management Physical security A process, methodology, policies and people Operational not just procedural 24x7x365 Access to only the information required to do your job

General Network Security No silver bullet to network security Threats: Replay attacks Denial of Service ([D]DoS) Spoofing Users Dictionary Attacks Biometrics will help but will not solve all problems Users are the weakest link Proactive security plan

Need for High Grade Authentication High Security Areas Multiple Factor Authentication Challenge and Response Authentication High Assurance of Proper Identification Data Retrieval Based on the Person Why would you be rolling them out?

Error Types (Common to all biometrics) Type I Error - Accept in Error (False Positive) Balance Between Type I and Type II Error Most Dangerous High Exposure Preventable Need for Additional Security Measures Type II Error - Deny in Error (False Negative) Balance Between Type I and Type II Error Only an Inconvenience Preventable Established by a High Security Policy What is the balance for you organization?

Forms of Biometric Authentication Fingerprint Scanners Iris Scanners Voice Print Scanners Retina Scanners Handwriting Recognition Face Recognition Personal Geometry DNA Simply a collection of data points.

Securing Biometric Signatures Tamper resistant storage Protection from corruption Secure signature changes Secure backups Stop signature interception Protect latent signatures Legal implications if not protected You organization needs an action plan for each bullet point.

Logon Security Trusted path to authentication device Tamper resistance Clear or encrypted transmission? Continuous monitoring What goes down the wire? Real biometric? Your organization needs an action plan for each bullet.

Both biometrics and passwords needed Driving force behind biometrics is multiple factor authentication If you replace passwords with biometrics you do not increase the factors, but you do inherit all the risk With both biometrics and passwords you are required to know 2 things (user id and password) and have one thing (your biometric)

Consistency Environmental effects Backup plan All network users adhere to the same policy Define policy All network machines configured identically Define configuration specification Breadth of implementation Trade-offs Support model (help desk, desktop support, etc) User portability

What s Hot?/What s Not? Hot: Technology Fingerprint Scanners Iris Scanners Issues Multi-Stage Authentication Interoperability Interchangeability Standards Server Signature Storage? Not: Technology Retina Scanners DNA Issues 1 or 2 Stage Authentication

Planning Points What are we fixing? What objectives are we trying to meet? What will be fixed or advanced? Have we mitigated as much of the risk as possible? Have we contingency planned?

Thanks To: Dr. Blaine Burnham, Director of NUCIA Defcon 10 Peter Kiewit Institute InfoTec 2002 NebraskaCERT 2002 Mutual of Omaha Companies ConAgra Foods --- Info. Safety and Security

Contact Info: E-Mail: nrotschafer@gmail.com Website: www.geniussystems.net Slides available on my website Discussion/Q&A

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback