Biometrics and Cyber Security

7/30/2019 Biometrics and Cyber Security

1/25

Copyright Daon, 2009 1

Biometrics and Cyber SecurityBiometrics and Cyber Security

Key Considerations in Protecting CriticalKey Considerations in Protecting Critical

InfrastructureInfrastructure Now and In The FutureNow and In The Future

Conor White, Chief Technology Officer, Daon


2/25


Why is Cyber Secur it y

I mport ant in the Context ofBiomet r ic Syst ems?


3/25


Cyber Security & Biometrics

On the Internet, nobody knows you are a dog.

Or a terrorist Or a student Or a spy


4/25


Identity is More Valuable than Money!

I cant think of a single piece of information more critical to our ultimate

security and prosperity, both as individuals and as a country, than our personal

identity. The ability of an individual to establish identity, to verify you are

who you claim to be, is critical to the many transactions that occur in a single

day. As the world becomes more interdependent, as transactions become more

global, and as the world embraces identity management and assurance as an

element of conducting business, personal identities will become a form of

global currency. Whether you are crossing a border, seeking employment,applying for a public benefit, opening a bank account, combating crime, making

a purchase, enforcing immigration policy, granting access to public and private

spaces, detecting terrorists ---- identity verification has limitless value.

Governor Tom Ridge

Former Secretary, Department of Homeland Security


5/25


Identity Management is Fundamental to CyberSecurity

Cyber Security is about establishing trust inentities accessing your networks andensuring that they perform functions

consistent with the role you define for them.

The fundamental capability necessary for

any cyber security solution is IdentityManagement.

Biometrics is a key enabling technology in the

fight to strengthen the security of systems againstcyber crime

However


6/25 Copyright Daon, 2009 6

Biometric Identity Systems Will Be Attacked!

In this session we will discuss (briefly)the following cyber security topics asthey relate to Biometric Systems:

1. System Level Perspective

2. Person Level Perspective

3. Independence, Flexibility, OngoingAnalysis and Adaptation



Attacks on Biometric Systems

Consider the following:

Dont have to duplicate to spoof you just need to alter to ensure no 1:1 or 1:N

match (negative identification scenarios)

As our databases grow, we struggle to achieve universality

As we seek to automate, unattended acquisition and authentication creates risk

As more systems are deployed, frequency and sophistication of attacks willincrease

Microsoft OS virus vs Apple OS virus

No Biometric modality is perfect dont believe anybody who tells you otherwise

No silver bullet - lots of papers & patents but few commercial offerings

Industry starting to look more seriously at liveness detection e.g. LivDet 2009

Biometrics provide a clear benefit tocounteracting cyber security threats butbiometric systems can themselves be a

source of weakness



How Do We Compete?

Countermeasures are required:

Enhanced Capture Software

Secured Systems

New Capture Devices

Multi-factor

Multi-modal

Supervision & Oversight guiding standard and principles

Ability to react through flexible technology and process

Biometric matching has been a technology- and tool-centric field.

A Defense-in-Depth method of dealing with biometric & identity-relatedconcerns takes a more holistic approach:

People

Technology Operations



Biomet r ic System Threat s &Countermeasures



Biometric System Vulnerabilities

Key Considerations:

There is no perfect identity authentication method every form of

authentication has vulnerabilities

The entire identity eco-system is vulnerable to attack

Dont just secure the point of authentication

Consider systemic weaknesses as well

Must provide a defense-in-depth strategy

SignalProcessing

DataCollection

Matching

Storage

Decision

Verifier

12

34

5

6

7

89

10

11

PersonPerspective

SystemPerspective

Source: Study report on Biometrics and E-Authentication



First Principle of Cyber Security

Security by Design

Security should be designed into a solution and not bolted on after the fact

All solutions MUST be designed using industry-best security principles

Encryption of data both in transit and at rest

Use of strong cryptographic techniques (e.g. HSMs) Robust key management

Non-repudiation of events

Authorization of function

Integrity protection data and system

Uses industry proven techniques no security by obscurity

Biometrics systems are vulnerable to attack at several

points in the process: data collection, signal processing,data storage, and decision/action point



Location Threats Example Countermeasures1 Data Collection Spoofing Liveness detection - Challenge/response

Multi-modal, policy-basedDevice substitution Mutually authenticate device

Vendor agnostic architecture

2 Raw Data

Transmission

Replay attack Sign data, timestamp, session tokens/nonces, HSM,

FIPS3 Signal

Processing

(Software) Componentreplacement

Sign components

5 Matching Manipulation of match

scores

Debugger hostile environment

Hill climbing Coarse scoring, trusted sensor, secure channel, limit

attempts

7 - Storage Database compromise(reading/replacingtemplate, changing

bindings)

DB access controls, sign/encrypt templates, store on

secure token

Audit, digital signature

9 Decision Threshold manipulation Protected function, data protection

SignalProcessing

DataCollection

Matching

Storage

Decision

Verifier

12

34

5

6

7

89

10

11

Person

Perspective

System

PerspectiveDefense in Depth

So How do We Design inthe Countermeasures?



And Dont Forget about Data Security

Provide an authenticationframework that Securely manages sensitive

biometric data.

Ensures the privacy of userspersonal (e.g. biometric) data.

Resists attacks launched byinsiders/outsiders.

Provides for non-repudiationof activities.

Integrates with 3rd partyapplications.

Scales to enterprise-widedeployments.

Is biometric-agnostic bydesign.

Biometric data must be storedsecurely Privacy concerns (legislation)

Risk of legal challenges to

signatures if stolen

Assume a hostile network

Eavesdropping on sensitivetraffic.

Injection/deletion of messages

Assume a hostile environment

Database may becompromised.

Machines may be physicallyattacked.

Attacks launched against OSor Daon software.



In Summary

Biometrics enable stronger defense against cyber securityattacks but biometric systems need to ensure that theydont become a platform for launching an attack

themselves

Design Security In Dont just bolt it on

Protect biometric systems using a holistic approach

Ensure all data is encrypted (in motion and at rest)

Ensure robust key management and distribution

Signing of all parties in a transaction

Tamper evidence and integrity checks throughout system Audit trails and non-repudiation

Consider all points in a solution and look for vulnerabilities

Its NOT just about the matching algorithm!



Person-Orient ed At t acks &Countermeasures



Person Oriented Attacks

Historically the focus has been finger, face, and iris however, there areseveral modes being refined: vein, voice, iris on the move,.

To defeat a biometric system, sometimes it is sufficient to cause

distortion (i.e. to not match). Example, distortion of fingerprints to avoid watchlist hits

Universality/Inclusivity becomes a major issue for large populations

Multi-Modal solutions work best

Systems need an adaptive architecture that can incorporate these newmodes and leverage technology improvements over time

The most progressive, modern systems begin as a multi-biometric platform with

built in systemic security & privacy safeguards and

add different biometric capabilities as needed over time!


17/25 Copyright Daon, 200917

Multi-biometric Fusion

Use fusion to improve accuracy and robustness

Increase accuracy beyond single biometric matching

Reduce FTE (broaden population)

Spoof/denial resistance

Cope with poor quality data

Sensor/user fault tolerance

Fusion performance depends on:

Input data available

Comparison algorithm accuracy Correlations between different matcher scores

Fusion technique

Training data


18/25



In Summary

There is NO perfect biometric type

There is NO perfect biometric device or algorithm

Biometric performance will continue to increase over time, costs will

decrease

Spoofing attacks will continue and gain in frequency and complexity

A flexible framework is needed to counteract these attacks

Multi-biometric systems provide best defense with ability tocontinually add new technology components

Policy based normalization and fusion should be kept independent of

biometric matching algorithms

Adopt a platform that enables you to take advantage of technologicalimprovements over time



Technology Flexibil it y,Ongoing Analysis and

Adaptation



Analysis and Adaptation

Question: How do you react to:

Biometric technologies continuously changing

Weaknesses identified in specific algorithms or devices

Spoofing techniques continuously improving

New normalization and fusion techniques emerging

Throughput and performance models emerging

Answer: Deploy an analysis and adaptation engine that enables youto do what-if analysis and understand consequences of changesahead of implementation

Identify and correct weak points ahead of cyber attackers

Automate performance analysis of what-if scenarios: Algorithms: Matching, Quality, Fusion

Devices/sensors

Interoperability: Cross-device analysis, multi-algorithm scenarios

Protocols e.g. 1:1, 1:N, #attempts, preferred sample types



Which Fusion? DETs

1.0E-03

1.0E-02

1.0E-01

1.0E+00

1.0E-06 1.0E-05 1.0E-04 1.0E-03 1.0E-02 1.0E-01 1.0E+00

False Match Rate (FMR)

FalseNon-Match

Rate(FNMR)

517_Face_C

517_Finger_LI

SUM: MinMax

SUM: ZscoreSUM: MAD

SUM: TanH

PROD: FNMR

PROD: Liklihood

Self Optimizing Framework for Analysis and


23/25


Self Optimizing Framework for Analysis andAdaptation

Biometric

PerformanceAnalysis

Engine

ResultsAnalysis

Policy BasedBiometricPlatform

BiometricPerformance

AnalysisEngine


24/25


In Summary

Vendor independence provides both a monetary ROI and a cyber-threat risk mitigation

Leverage concept of master broker to orchestrate operations of

biometric components

Ensure a vendor independent framework is put in place

Ensure (i.e. prove positively) that your solution is independent of anysingle biometric technology provider

Maintain strict data independence from underlying device or matchertechnology

Large scale programs can clearly benefit for performance analysistools to ensure optimum use of biometrics

Deploying a system that leverages synergies between an identificationbroker and analysis tools enables systems to be self optimizing overtime yielding better performance and mitigating against cyber security

threats


25/25

25

Thank You Questions?

Conor White

Email: [email protected]: 703 984 4010

Biometrics and Cyber Security

Documents

Transcript of Biometrics and Cyber Security