Top Biometric Identifiers: Risks & Rewards

52
©Veridium All Rights Reserved Top Biometric Identifiers: Risks & Rewards

Transcript of Top Biometric Identifiers: Risks & Rewards

Page 1: Top Biometric Identifiers: Risks & Rewards

©Veridium All Rights Reserved

Top Biometric Identifiers: Risks & Rewards

Page 2: Top Biometric Identifiers: Risks & Rewards

B E F O R E W E B E G I N

Attendees have been muted

You may submit questions at any time, but we will respond at the conclusion of the presentation during the Q&A session

©Veridium All Rights Reserved

Page 3: Top Biometric Identifiers: Risks & Rewards

Asem Othman, PhDBiometric Scientist

• PhD in Electrical Engineering from West Virginia University. Post-Doc Fellow at Michigan State University

• Holds 3 patents/patents pending related to biometrics

• Lead scientist behind our 4 Fingers TouchlessID technology & Distributed Data Model using Visual Cryptography

B E F O R E W E B E G I N

©Veridium All Rights Reserved

Page 4: Top Biometric Identifiers: Risks & Rewards

• The Power of Mobile Biometrics

• Top Five Biometric Identifiers

• The Privacy Issue

• How We Address Privacy Concerns

AGENDA

©Veridium All Rights Reserved

Page 5: Top Biometric Identifiers: Risks & Rewards

P R O V I N G I D E N T I T Y

©Veridium All Rights Reserved

Passwords only authorize access, while

authentication is the process of verifying the

claim that identity makes.

Identity is the “claim” you make to access information, but making that claim with a password doesn’t prove who

you are.

Only biometrics – your face, your voice, your fingerprints – prove you are who you say

you are.

Page 6: Top Biometric Identifiers: Risks & Rewards

Universality (Does every user have it?)Distinctiveness (Is it unique across users?)Permanence (Does it change over time?)Collectability (Can it be measured quantitatively?)

H O W T O C H O O S E A B I O M E T R I C T R A I T

©Veridium All Rights Reserved

Page 7: Top Biometric Identifiers: Risks & Rewards

A biometric recognition system is a pattern recognition system that recognize individuals based on their biometric trait(s)

B I O M E T R I C S Y S T E M S

©Veridium All Rights Reserved

Page 8: Top Biometric Identifiers: Risks & Rewards

• Touch ID made it easy (and convenient) for the consumer to understand biometrics.

• Accessing your phone• Apple Pay

T O U C H I D

©Veridium All Rights Reserved

Page 9: Top Biometric Identifiers: Risks & Rewards

Finger

Face

Iris

Voice

Traditional Hardware Veridium Technologies

All major biometrics can be captured using different maneuvers with a smartphone

O U R A P P R O A C H T O B I O M E T R I C S

©Veridium All Rights Reserved

Page 10: Top Biometric Identifiers: Risks & Rewards

• Mobile devices have changed the fundamental way we interact with technology.

• Mobile devices allow for the elimination of proprietary hardware, moving beyond traditional biometric scanners.

M O B I L E B I O M E T R I C S

©Veridium All Rights Reserved

Page 11: Top Biometric Identifiers: Risks & Rewards

Performance (Does it meet error rate, throughput..?)Users Perception and Acceptability (Is it acceptable to users?)Vulnerability (Can it be easily spoofed?)App Integration (Can it be acquired by available devices?)Large-Scale Adoption ”Usability” (What is the post-usage

attitude?)

“A P R A C T I C A L M O B I L E B I O M E T R I C ”

H O W T O C H O O S E A B I O M E T R I C T R A I T

©Veridium All Rights Reserved

Page 12: Top Biometric Identifiers: Risks & Rewards

T O P B I O M E T R I C S

Page 13: Top Biometric Identifiers: Risks & Rewards

FACE

Page 14: Top Biometric Identifiers: Risks & Rewards

• People are used to taking selfies.

• It’s socially accepted.

• It’s well established.

• Reliable face recognition systems are already in use.

F A C E A S A M O B I L E B I O M E T R I C

©Veridium All Rights Reserved

Page 15: Top Biometric Identifiers: Risks & Rewards

• Face – We Naturally Use It

• The location and shape of facial attributes.

• The overall analysis of the face.

• In practice, a facial recognition system should automatically …

• Detect the face.

• Locate the facial attribute.

• Recognize the face.

Shape

Color

Texture

Requiring a simple background and illumination

F A C E A S A M O B I L E B I O M E T R I C

©Veridium All Rights Reserved

Page 16: Top Biometric Identifiers: Risks & Rewards

The database is designed to test difficult real world situations that a face system must cope with.

The leading matcher algorithms performed very similarly on our test databases.

~3% FRR at 1% FAR for controlled illumination and office environments.30-50% FRR at 1% FAR for whole database.

V E R I D I U M F A C E D ATA B A S E

©Veridium All Rights Reserved

Page 17: Top Biometric Identifiers: Risks & Rewards

• Post-usage attitude:• Pose variation• Taking selfie in the middle of a

meeting, indoor, or outdoor• Older generation• Culture• Womens‘ appearance concerns

• Twins and look-alikes• Easily spoofed

I S S U E S

©Veridium All Rights Reserved

Page 18: Top Biometric Identifiers: Risks & Rewards

VOICE

Page 19: Top Biometric Identifiers: Risks & Rewards

• Voice is a combination of physiological and behavioral biometrics.

• An individual’s voice is based on the shape and size of the appendages (e.g., vocal tracts, mouth, nasal cavities, and lips) that are used in the synthesis of the sound.

• Natural signal to produce.• No visual contact is required.• No special equipment is required.• Can be done while doing other things.

V O I C E A S A B I O M E T R I C

©Veridium All Rights Reserved

Page 20: Top Biometric Identifiers: Risks & Rewards

• Text-dependent recognition

– Recognition system knows text was spoken by a person

– Examples: Fixed phrase, prompted phrase

– Used for applications with strong control over user input

– Knowledge of spoken text can improve system performance

• Text-independent recognition

– Recognition system does not know text was spoken by a person

– Examples: User selected phrase, conversational speech

– Used for applications with less control over user input

– More flexible system but also more difficult problem

– Speech recognition can provide knowledge of spoken text

S P E E C H M O D A L I T I E S

©Veridium All Rights Reserved

Page 21: Top Biometric Identifiers: Risks & Rewards

• The physiological characteristics of human speech are unvaried for an individual, but the behavioral part of the speech of a person changes over time due to age, medical conditions (such as common cold), emotional state, etc.

• Voice is also not very distinctive and may not be appropriate for large-scale identification.

• Acoustic environment and background noise

• Presentation attacks• Tape recordings• Identical twins / sound-alikes

• A disruption to working memory*

*Trewin, Shari, et al. "Biometric authentication on a mobile device: a study of user effort, error and task disruption." Proceedings of the 28th Annual Computer Security Applications Conference. ACM, 2012.

I S S U E S

©Veridium All Rights Reserved

Page 22: Top Biometric Identifiers: Risks & Rewards

FINGERPRINT

Page 23: Top Biometric Identifiers: Risks & Rewards

• Is the most well recognized biometric.

• A fingerprint is the pattern of ridges and valleys on the surface of a fingertip.

• The formation of the fingerprint is determined during the first seven months of fetal development.

• Fingerprints of identical twins are different, as are the prints on each finger of the same person.

• Fingerprints don’t change over time.

• It’s widely believed fingerprints are unique.

F I N G E R P R I N T A S A B I O M E T R I C

©Veridium All Rights Reserved

Page 24: Top Biometric Identifiers: Risks & Rewards

S M A R T P H O N E S W I T H F I N G E R P R I N T S E N S O R S

©Veridium All Rights Reserved

Page 25: Top Biometric Identifiers: Risks & Rewards

Ridge ending Bifurcation Short ridge

MinutiaType x y θ

Ridge 35 24 12’

... ... ... ...

... ... ... ...

H O W F I N G E R P R I N T M AT C H I N G W O R K S

©Veridium All Rights Reserved

Page 26: Top Biometric Identifiers: Risks & Rewards

• Proprietary acquisition sensors• Scars and wet fingers• Presentation attack

• Spoofing

I S S U E S

©Veridium All Rights Reserved

Page 27: Top Biometric Identifiers: Risks & Rewards

IRIS

Page 28: Top Biometric Identifiers: Risks & Rewards

• The only internal “protected” organ readily visible from the outside of a person.

• Unlike fingerprints, capturing the iris biometric is similar to taking a picture.

• The iris pattern has a high degree of randomness.

• Different even for identical twins.

• The pattern is stable through lifetime .

• Extremely difficult to surgically tamper the texture of the iris.

I R I S A S A M O B I L E B I O M E T R I C

©Veridium All Rights Reserved

Page 29: Top Biometric Identifiers: Risks & Rewards

Light Irises

“ L I K E TA K I N G A P I C T U R E ”

©Veridium All Rights Reserved

Page 30: Top Biometric Identifiers: Risks & Rewards

S M A R T P H O N E S W I T H I R I S S E N S O R S

©Veridium All Rights Reserved

Page 31: Top Biometric Identifiers: Risks & Rewards

©Veridium All Rights Reserved

Page 32: Top Biometric Identifiers: Risks & Rewards

• Proprietary acquisition sensor.• Small target to acquire from a distance.• Located behind a curved, wet, reflecting surface.• Obscured by eyelashes, lenses.• Partially occluded by eyelids, often drooping.• Deforms non-elastically as pupil changes size.• Uncomfortable for some.

Deviated gaze

Accessories

Illumination

Deformations

Motion blur

Occlusions

I S S U E S

©Veridium All Rights Reserved

Page 33: Top Biometric Identifiers: Risks & Rewards

4 FINGERSTouchlessID

Page 34: Top Biometric Identifiers: Risks & Rewards

• Multimodal Biometric system

• Consolidate the evidence presented by multiple biometric sources.

• Typically provides better recognition performance compared to systems based on a single biometric modality.

• Provides anti-spoofing measures by making it difficult for an intruder to spoof multiple biometric instance simultaneously.

Patent US 9,361,507

©Veridium All Rights Reserved

Page 35: Top Biometric Identifiers: Risks & Rewards

©Veridium All Rights Reserved

Page 36: Top Biometric Identifiers: Risks & Rewards

• False rejection rate (FRR) is as low as 1% at false acceptance rate (FAR) of 0.01%.

• 4 Fingers has its own light source (your phone’s flash) so it works in any lighting condition

• 4 Fingers requires no external hardware.

• We just require a 5MP camera and LED flash.

• 4 Fingers is one of the most secure biometrics available.

©Veridium All Rights Reserved

4 Fingers is reliable in almost any environment

Page 37: Top Biometric Identifiers: Risks & Rewards

4 Fingers captured print 4 Fingers processed print Standard Fingerprint Sensor

Minutiae

The contactless and contact prints are of comparable quality.The minutia match.

©Veridium All Rights Reserved

Print Quality

Page 38: Top Biometric Identifiers: Risks & Rewards

• The Cooperative Research and Development Agreement (CRADA) allows NIST to work with U.S. industry, academia and other organizations on cooperative R&D projects

• Build upon NIST's research in developing methodologies for measuring the image fidelity of contactless fingerprint capture devices

• Produce open testing methods, metrics, and artifacts that will support future certification of contactless fingerprint devices for inclusion on Government Certified Products Lists

©Veridium All Rights Reserved

Contactless Fingerprint Capture DeviceMeasurement Research Program

Page 39: Top Biometric Identifiers: Risks & Rewards

• Missing finger• Gloves• Requires both hands

I S S U E S

©Veridium All Rights Reserved

Page 40: Top Biometric Identifiers: Risks & Rewards

COMPARISON

Page 41: Top Biometric Identifiers: Risks & Rewards

CO M PA R I S O N O F T O P “ M O B I L E ” B I O M E T R I C T E C H N O LO G I E S

©Veridium All Rights Reserved

(H=High, M=Medium, L=Low)

Biometrics Universality Uniqueness Permanence Collectability Performance Acceptability

Face H L M H L H

Fingerprint M H H M* H M

Iris H H H M* H L*

Voice M L L M* L H

4 Fingers TouchlessID* H H H H H H

(H=High, M=Medium, L=Low)

Circumventions(Presentation

Attack)

H

M

L

H

L

Anil K. Jain, Arun Ross, and Salil Prabhakar. "An introduction to biometric recognition." Appeared in IEEE Transactions on Circuits and Systems for Video Technology, Special Issue on Image- and Video-Based Biometrics, Vol. 14, No. 1, January 2004.

Page 42: Top Biometric Identifiers: Risks & Rewards

• Familiarity with technology• Experience with device• Environment of use (e.g., indoor/outdoor, home/work, car/bus,…)• Transaction value (e.g., small, medium, or large transactions)• Time consuming tasks (e.g., enrollment, etc.)

U S A B I L I T Y I S S U E S A N D L A R G E - S C A L E A D O P T I O N I N B I O M E T R I C S

©Veridium All Rights Reserved

Page 43: Top Biometric Identifiers: Risks & Rewards

• Each biometric has its strengths and weaknesses.

• Liveness, Presentation Attack, Spoofing.

• No biometric is “optimal,” but many are “admissible.”

F I N A L W O R D S

©Veridium All Rights Reserved

Page 44: Top Biometric Identifiers: Risks & Rewards

PRIVACYAND

SECURITY RISKS

Page 45: Top Biometric Identifiers: Risks & Rewards

• Biometric data of an individual is often stored in a central database

• Raises issues related to security and privacy of biometric data

• Unlike compromised passwords, it is difficult to re-issue biometric data

• Cross-database matching may be done to track individuals

P R E S E R V I N G D ATA P R I VA C Y

©Veridium All Rights Reserved

Page 46: Top Biometric Identifiers: Risks & Rewards

O U R S T R AT E G Y – D I S T R I B U T E D D ATA

©Veridium All Rights Reserved

Page 47: Top Biometric Identifiers: Risks & Rewards

M AT C H I N G – M O B I L E / S E R V E R

©Veridium All Rights Reserved

Page 48: Top Biometric Identifiers: Risks & Rewards

Cryptography is simply the art of sending and receiving coded messages.

C R Y P T O G R A P H Y

©Veridium All Rights Reserved

Page 49: Top Biometric Identifiers: Risks & Rewards

• Visual Cryptography Scheme (VCS) is a simple and secure way to allow the secret sharing of secrets without any cryptographic computations.

• It is the encryption of visual information such that decryption can be performed using the human visual system.

• Someone who has no previous knowledge of Cryptography.

• The mathematical proof of this scheme and its perfect encryption are shown in the original paper by Naor & Shamir.

* M. Naor and A. Shamir, “Visual cryptography,” in EUROCRYPT, pp. 1–12, 1994.

V I S U A L C R Y P T O G R A P H Y

©Veridium All Rights Reserved

Page 50: Top Biometric Identifiers: Risks & Rewards
Page 51: Top Biometric Identifiers: Risks & Rewards

V I S U A L C R Y P T O G R A P H Y

©Veridium All Rights Reserved

Page 52: Top Biometric Identifiers: Risks & Rewards

For more information contact: [email protected]

Phone: +1 212.231.0011 • www.VeridiumID.com • Twitter: @VeridiumID • LinkedIn: Veridium

QUESTIONS?

©Veridium All Rights Reserved