CSCE 548 Building Secure Software Biometrics (Something You Are) Professor Lisa Luo Spring 2018

Similar documents
CIS 4360 Secure Computer Systems Biometrics (Something You Are)

CSCE 548 Building Secure Software Entity Authentication. Professor Lisa Luo Spring 2018

Biometric Security Roles & Resources

Chapter 3: User Authentication

Lecture 9 User Authentication

An Overview of Biometric Image Processing

What is Authentication? All requests for resources have to be monitored. Every request must be authenticated and authorized to use the resource.

Stuart Hall ICTN /10/17 Advantages and Drawbacks to Using Biometric Authentication

BIOMETRIC MECHANISM FOR ONLINE TRANSACTION ON ANDROID SYSTEM ENHANCED SECURITY OF. Anshita Agrawal

Information Security Identification and authentication. Advanced User Authentication II

BIOMET: A Multimodal Biometric Authentication System for Person Identification and Verification using Fingerprint and Face Recognition

Lecture 14 Passwords and Authentication

Fingerprint Authentication for SIS-based Healthcare Systems

FINGERPRINT BIOMETRICS

Authentication: Beyond Passwords

Global Mobile Biometric Authentication Market: Size, Trends & Forecasts ( ) October 2017

Identification, authentication, authorisation. Identification and authentication. Authentication. Authentication. Three closely related concepts:

Biometrics: The Password You ll Never Forget

Passwords. EJ Jung. slide 1

Lecture 3 - Passwords and Authentication

Authentication Technologies

Authentication SPRING 2018: GANG WANG. Slides credit: Michelle Mazurek (U-Maryland) and Blase Ur (CMU)

Understanding Fingerprint Biometrics

Authentication Objectives People Authentication I

Gurmeet Kaur 1, Parikshit 2, Dr. Chander Kant 3 1 M.tech Scholar, Assistant Professor 2, 3

CHAPTER 6 EFFICIENT TECHNIQUE TOWARDS THE AVOIDANCE OF REPLAY ATTACK USING LOW DISTORTION TRANSFORM

Lecture 3 - Passwords and Authentication

FUZZY LOGIC IMPLEMENTATION OF FINGERPRINT MECHANISM FOR SECURE TRANSACTION AND IDENTITY AUTHENTICATION IN M-COMMERCE

FINGERPRINT RECOGNITION FOR HIGH SECURITY SYSTEMS AUTHENTICATION

Tutorial 1. Jun Xu, Teaching Asistant January 26, COMP4134 Biometrics Authentication

Verwelkoming. 20 September Fort Lent

Role of Biometrics in Cybersecurity. Sam Youness

Keystroke Dynamics: Low Impact Biometric Verification

COMPUTER NETWORK SECURITY

Biometrics problem or solution?

In this unit we are continuing our discussion of IT security measures.

Biometrics Our Past, Present, and Future Identity

Computer Security. 10. Biometric authentication. Paul Krzyzanowski. Rutgers University. Spring 2018

Computer Security 4/15/18

Biometric quality for error suppression

SECURE ENTRY SYSTEM USING MOVE ON APPS IN MOBILITY

Smart Card and Biometrics Used for Secured Personal Identification System Development

Touchless Fingerprint recognition using MATLAB

Access Control Biometrics User Guide

Thumb based Biometric Authentication Scheme in WLAN using Gauss Iterated Map and One Time Password

Advanced Biometric Access Control Training Course # :

Computer Security: Principles and Practice

CIS 6930/4930 Computer and Network Security. Topic 6. Authentication

ICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification

Minutiae vs. Correlation: Analysis of Fingerprint Recognition Methods in Biometric Security System

Chapter 2: Access Control and Site Security. Access Control. Access Control. ACIS 5584 E-Commerce Security Dr. France Belanger.

Computer Security 3e. Dieter Gollmann. Security.di.unimi.it/1516/ Chapter 4: 1

CSE 565 Computer Security Fall 2018

AUTHENTICATION IN THE AGE OF ELECTRONIC TRANSACTIONS

AIT 682: Network and Systems Security

Authentication. Identification. AIT 682: Network and Systems Security

DESIGNING A BIOMETRIC STRATEGY (FINGERPRINT) MEASURE FOR ENHANCING ATM SECURITY IN INDIAN E-BANKING SYSTEM

Secure and Private Identification through Biometric Systems

User Authentication. Tadayoshi Kohno

Lecture 8: User Authentication

A Review of Emerging Biometric Authentication Technologies

Authentication Technology for a Smart eid Infrastructure.

Authentication Methods

Encryption of Text Using Fingerprints

Pro s and con s Why pins # s, passwords, smart cards and tokens fail

Palm Vein Technology

INF3510 Information Security. Lecture 8: User Authentication. University of Oslo Spring 2018

Human Identification Using Biometry

IN2120 Information Security Autumn Lecture 9: User Authentication. Audun Jøsang University of Oslo

Password authentication How passwords are compromised How to protect and choose passwords Other types of authentication Biometrics

Protecting Information Assets - Week 10 - Identity Management and Access Control. MIS 5206 Protecting Information Assets

Lecture 11: Human Authentication CS /12/2018

CNT4406/5412 Network Security

Module: Authentication. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security

User Authentication and Human Factors

Abstract -Fingerprints are the most widely. Keywords:fingerprint; ridge pattern; biometric;

Unit-VI. User Authentication Mechanisms.

Biometric Cryptosystems: for User Authentication

Lecture 8: User Authentication

BIOMETRIC TECHNOLOGY: A REVIEW

Performance Analysis of Fingerprint Identification Using Different Levels of DTCWT

Minutiae Based Fingerprint Authentication System

From the Iriscode to the Iris: A New Vulnerability Of Iris Recognition Systems

Computer Security. 09. Biometric authentication. Paul Krzyzanowski. Rutgers University. Spring 2017

CS Authentication of Humans. Prof. Clarkson Spring 2017

Technical White Paper. Behaviometrics. Measuring FAR/FRR/EER in Continuous Authentication

CSC 474 Network Security. Authentication. Identification

Multimodal Biometric System in Secure e- Transaction in Smart Phone

Ujma A. Mulla 1 1 PG Student of Electronics Department of, B.I.G.C.E., Solapur, Maharashtra, India. IJRASET: All Rights are Reserved

Keywords Wavelet decomposition, SIFT, Unibiometrics, Multibiometrics, Histogram Equalization.

Authentication. Tadayoshi Kohno

Evaluating Alternatives to Passwords

A Novel Approach to Improve the Biometric Security using Liveness Detection

CAS Sign On for Windows

An Efficient on-line Signature Verification System Using Histogram Features

Authentication. Chapter 2

BIOMETRIC BANKING TECHNOLOGY TO SECURE ONLINE TRANSACTIONS WITH FEASIBLE BIOMETRIC DEVICES

FSN-PalmSecureID-for ATM Machines

BIDMC Multi-Factor Authentication Enrollment Guide Table of Contents

The Design of Fingerprint Biometric Authentication on Smart Card for

Transcription:

CSCE 548 Building Secure Software Biometrics (Something You Are) Professor Lisa Luo Spring 2018

Previous Class Credentials Something you know (Knowledge factors) Something you have (Possession factors) Something you are (Inherence factors) How to store passwords securely? Multi-factor authentication Time-based One Time Password (OTP) RSA s SecureID Google Authenticator 2

Previous class When you go to an ATM machine to withdraw money, is it two-factor authentication? Yes. Something you know: PIN Something you have: Debit Card 3

How to store user passwords? Adding salts when hashing Prevent rainbow table attack Store salt1, hash(salt1, password1); salt2, hash(salt2, password2); Now the pre-computed rainbow table is useless Using a slow hash algorithm Slow down Brute Force or Dictionary Attack 4

Outline What are Biometrics? What are Biometrics used for? Advantages and Disadvantages How to evaluate its effectiveness? Framework of a Biometric System Case studies Fingerprint Iris 5

Biometrics Biometrics: the measurement and application of human characteristics Bio-: life -Metrics: to measure Applications: Authentication: Something you are Identification: To identify individuals CIS 4360 Secure Computer Systems 6

Identification vs. Authentication Identification (also known as One to Many) A sample is effectively matched against all templates in the database The user only provide her biometric as input Authentication (also known as Verification or One to One) The sample is matched against one pre-selected template. The pre-selected template is determined by the claimed identity in the form of, e.g., username 7

Biometrics Authentication Biometrics authentication is the process of extracting measurable biological or behavioral characteristics for the purpose of uniquely identifying or authenticating an individual. 8

Types of Biometrics Biological Biometrics Fingerprint Hand Geometry Iris Face DNA Behavioral Biometrics Signature Typing Rhythm Gait 9

10

Market share 11

Biometrics are widely used Smartphones (Apple s TouchID) FBI US Immigration department Airport 12

Advantages and Disadvantages Advantages You do not need to remember sth. (as with passwords) You do not need to carry sth. (as with security tokens) More convenient and quicker (e.g., compared to typing) Recognition can be automated (critical for police and FBI) Disadvantages Some biometrics may be easily stolen, e.g., signature Accuracy Users may not feel comfortable (e.g., scanning eyes) Costly 13

Framework of Applying Biometrics for Authentication 14

Framework of Applying Biometrics for Identification Identification 15

Five important components Sensor Scans the biometric trait of the user Feature extractor Processes the scanned biometric data to extract the template Template database For storage Matcher Compares two templates and outputs a similarity score Decision module Determines Yes (matched) or No (not-matched) 16

How to measure accuracy False Rejection Rate (FRR) as known as False Non-Match Rate (FNMR) The percentage that the system fails to detect a match between a user s input template and the user s stored template False Acceptance Rate (FAR) also know as False Match Rate (FMR) The percentage that the system incorrectly matches the input pattern to a non-matching template in the database. Apple s TouchID: FAR is 1 in 50,000 17

FRR and FAR 18

Biometric Template A biometric template is a digital representation of an individual s distinct characteristics 19

Fingerprint Characteristics 20

An example technology that extracts features from fingerprints A fingerprint is made of a series of ridges and valleys. Once a fingerprint is captured the system locates the minutia points where the lines of the ridges begin, end, branch off and merge. The number of minutia points required to uniquely identify a person varies from 12 to 17 These points are mapped and lines are drawn between points. This creates a map of how each point relates to the other points. The map is then stored as a data stream called a minutia template 21

Fingerprint System Shortcomings 1.Complexity is added to take into account cuts, dirt, wear, and tear that may be present on a finger 2.It is difficult to distinguish between a real finger and a picture of a finger 3.A small percentage of the population either does not have any minutiae or has less minutiae than average Even though, fingerprint systems remain widely used around the world 22

Iris Recognition The iris pattern is unique for a person, and is stable throughout a person s life The processing power needs to be10x faster than a fingerprint system, in order to produce results in the same timeframe The extra processing power increases the cost of iris systems 23

Iris Recognition 24

25

Unwrapping Iris 26

Some systems do not work well (yet) Voice recognition is hard because there are filters which can make a female voice seem male and makes you sound like another, etc. Face recognition currently has error rates that are too high. Typing patterns, walking patterns ("gait"), etc. 27

Comparison 28

Summary Biometrics Measurement and applications of human characteristics Applications Identification Authentication False rejection rate; false accept rate Fingerprint Iris 29

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback