Authentication Identification
- Identification = presenting an Identity
- Authentication = Proving the claimed identity
How do servers know their client?
- Username/Password
- PKI Certificates
- Challenge Response Authentication
- Synchronous Authentication
Basis of Authentication
What you know PINs
Passwords …
What you have Cards
- *Tokens**
- *Certificates**
What you are
- Physical features
- Personal habits
Where you are
- Location (physical or virtual)
Basis of Authentication
What you know
- PINs
- Passwords …
What you have
- Cards
- Tokens
- Certificates
What you are
- Physical features
- Personal habits
Where you are
- Location (physical or virtual)
Standard Human Authentication Options
Password Problems
Weak Password
- Can be compromised in seconds (Password Policies)
Need to store the passwords
- Dangerous to rely on database being secure (Hashing)
Need to transmit password from user to host
- Dangerous to rely on Internet being unsniffed (Security Protocols)
But: Weak passwords are weak passwords…
Dictionary Attacks on Passwords
Attack 1:
- Create dictionary of common words and names and their simple transformations
- Use these to guess password
Attack 2:
- Usually the hash function h is public and so is the password file
- Compute h(word) for each word in dictionary
- Find match
Attack 3:
- Pre-compute dictionary
- Look up matches
Cure: Check user passwd’s comply to policies, use “salt”
Unix Password Salt
“Salt” is a 12 bit number between 0 and 4095
- It is usually derived from the system clock and the process identifier
- Compute h(password+salt); both salt and h(password+salt) are stored in the password table
- User: gives password, system finds salt, computes h(password+salt), and checks for match
Using salt, the same password is computed in 4096 ways
- Makes dictionary attack more difficult
Biometric Authentication
- Fingerprint
- Face
less common:
- Hand
- Eye (Iris/Retina) Voice
- Keyboarding
Categories of Biometric Application
Authentication
- 1-to-1 / ref. measure from somewhere / verifies identity
Identification
- 1-to-many / ref. measures from a database that also contains data about population-members / verifies identity
Vetting against a Blacklist
- 1-to-many / ref. measures and data of a small population of wanted or unwanted people / can verify identity
Duplicate Detection
- 1-to-many / ref. measures of a large population / may create an assertion ‘person already enrolled’
FAR vs FRR
Performance
- Greater than 99% accuracy with 0.1% false accept rate, using two flat fingerprints.
Advantages
- Relatively mature technology
- Multiple samples (10 fingers) increase accuracy
- Existing law enforcement databases
- Suitable for large-database identification
R&D Focus
- Assessment of scan quality
- Liveness testing to counteract spoofing Fast fingerprint reader
Iris
Performance
- Over 95% accuracy, small (<0.1% ) false accept rate.
Comment: 95 % accuracy still means: does not scale…
Advantages
- Highly stable biometric over time
- Probably suitable for large-database identification
- Very low false accept rate
R&D Focus
- Large-scale testing
- Reliable and easy iris capture Enrollment capability
Facial Recognition
Performance
- About 90% accuracy with 1%
- *false accept rate, given high-quality images**
(90 % accuracy means: does not scale…)
Advantages
- Easy enrollment from photos
- Public acceptance
- Existing databases
R&D Focus
- Variable environment, pose, aging, ethnicity
- Watchlist matching, large database ID
- FR performance
Machine Readable Travel Documents (MRTD)
Backoffice
- Databases
- Datamining
Reader:
- LF/UHF
- Communication range
- Coupling
Transponder tag
- active/passive
- 1bit/64kb
- Controller/ cpu
- read-only/ read write
Machine readable travel documents
- *Existing documents are often already machine readable**
- *(MRZ = „machine readable zone“)**
- Name, Number of passport,Birthday, Validity date, parity number
+ Optional biometric information
+ electronic device (RF-chip) storing these and other information
Electronic Passport
Physical document:
- Datapage
- Machine Readable Zone (MRZ)
- Image of the owner
- Physical security features
Digital document (RFID)
- MRZ
- Biometric Data (e.g. iris or fingerprints) Digital security features
Information Stored on the Chip
(m = mandatory, o = optional)
Data groups (DG)
- Machine readable zone, MRZ (m)
- Image of the owner (jpeg) (m)
- Fingerprint (o)
- Iris (o)
Securing Electronic Data (Summary)
Passive authentication (m)
- Proves that the contents of SOD and DGs are authentic and not changed
Passive Authentication: Comparison of MRZs (o)
- Proves that chip content and physical passport belong together
Active Authentication (o)
- Prevents copying SOD, authenticates chip and proves that chip and physical passport belong together
Basic Access Control (o)
- Prevents skimming, eavesdropping, and misuse
Extended Access Control (o)
- Prevent unauthorized access to or skimming of biometric data
Access Control – Biometric Data
Face and MRZ (less-sensitive)
- Can be obtained from other sources
- Required for general crossing borders
- Basic Access Control
Fingerprints, Iris (sensitive)
- Difficult to obtain from other sources
- Required for individual countries
- Extended Access Control (unspecified)
Basic Access Control
After successful authentication:
- Secure communication between IS and MRTD
- Chip grants access to less-sensitive data (e.g. MRZ, image of the owner)
- Basic Access Control is optional
- EU-passports require Basic Access Control
- US-passports do not
- information can be read without knowledge or permission of the owner
Extended Access Control
Secure sensitive biometric data
- Fingerprints, Iris
PKI based approach (EU)
IS has its individual public key pair
IS requires certificate of passport-issueing country specifying access rights
- Preconditions to get certificates
- E.g. Germany requires „promise“ not to store data
Inspection System - Revocation
Problem of lost or stolen inspection systems
- Unauhorized access to sensitive data
- Basic access control diminishes problem
Proposed solution: certificate revocation
- Non-trivial! Chip has no on-line connection
- Certificate expiration date
Threats to Biometric Systems
- Live Biometric capture, theft
- Device tampering
- Environmental tampering
- Live Biometric simulation
- (e.g. lighting, jamming)
- Reference Biometric substitution
- Infrastructure manipulation (e.g. power-outage)
- Reference Biometric forgery
- Message interception,
- Device or System override/backdoor/trojan utilisation
- modification, insertion
- Stored Biometric capture, theft, change, substitution
- Exception-Handling Procedures manipulation
- Threshhold manipulation
