WEP-WAP 10/7/20151. 2 Goals Biometric protocols suitable for a wireless networked environment Secure...
-
Upload
shauna-doyle -
Category
Documents
-
view
216 -
download
0
Transcript of WEP-WAP 10/7/20151. 2 Goals Biometric protocols suitable for a wireless networked environment Secure...
![Page 1: WEP-WAP 10/7/20151. 2 Goals Biometric protocols suitable for a wireless networked environment Secure system/network access via biometric authentication.](https://reader035.fdocuments.net/reader035/viewer/2022062423/56649e955503460f94b99c07/html5/thumbnails/1.jpg)
WEP-WAPWEP-WAP
04/21/23 1
![Page 2: WEP-WAP 10/7/20151. 2 Goals Biometric protocols suitable for a wireless networked environment Secure system/network access via biometric authentication.](https://reader035.fdocuments.net/reader035/viewer/2022062423/56649e955503460f94b99c07/html5/thumbnails/2.jpg)
04/21/23 2
GoalsGoals
Biometric protocols suitable for a wireless networked environment
Secure system/network access via biometric authentication
Secure wireless transmission of biometric data
![Page 3: WEP-WAP 10/7/20151. 2 Goals Biometric protocols suitable for a wireless networked environment Secure system/network access via biometric authentication.](https://reader035.fdocuments.net/reader035/viewer/2022062423/56649e955503460f94b99c07/html5/thumbnails/3.jpg)
04/21/23 3
Why Wireless Biometrics?Why Wireless Biometrics?
Combination of two rapidly growing technologies1. Biometric systems for verification and
identification• Homeland Security
2. Wireless systems for mobility• Over 1 trillion wireless phone min. in US,
2004
Common advantage is convenience
![Page 4: WEP-WAP 10/7/20151. 2 Goals Biometric protocols suitable for a wireless networked environment Secure system/network access via biometric authentication.](https://reader035.fdocuments.net/reader035/viewer/2022062423/56649e955503460f94b99c07/html5/thumbnails/4.jpg)
04/21/23 4
Human authenticationHuman authentication
Types of human authentication– What you know (secret)
• Password, PIN, mother’s maiden name
– What you have (token)• ATM card, smart card
– What you are (biometric)• Stable: fingerprint, face, iris• Alterable: voice, keystroke
– Where you are (authorization?)• Wireless
![Page 5: WEP-WAP 10/7/20151. 2 Goals Biometric protocols suitable for a wireless networked environment Secure system/network access via biometric authentication.](https://reader035.fdocuments.net/reader035/viewer/2022062423/56649e955503460f94b99c07/html5/thumbnails/5.jpg)
04/21/23 5
Biometric AdvantagesBiometric Advantages
Convenience– Can’t be lost (in general)– Can’t be forgotten
Can’t be loaned Mostly unique (matching may not be) Perceived strong non-repudiation Does not change significantly (in general)
(Ident.) Both verification and identification
applications
![Page 6: WEP-WAP 10/7/20151. 2 Goals Biometric protocols suitable for a wireless networked environment Secure system/network access via biometric authentication.](https://reader035.fdocuments.net/reader035/viewer/2022062423/56649e955503460f94b99c07/html5/thumbnails/6.jpg)
04/21/23 6
Biometric Authentication SystemBiometric Authentication System
Source: Podio, NIST
![Page 7: WEP-WAP 10/7/20151. 2 Goals Biometric protocols suitable for a wireless networked environment Secure system/network access via biometric authentication.](https://reader035.fdocuments.net/reader035/viewer/2022062423/56649e955503460f94b99c07/html5/thumbnails/7.jpg)
04/21/23 7
Wireless Biometric System SecurityWireless Biometric System Security
Security issues– Biometric authentication to ensure secure
access to the system/network• In other words, wireless system access security
– Wireless message authentication to ensure secure transmission of biometric data• In other words, personal information security and
privacy across the wireless network
– Physical security• Devices, computers, transmitters/receivers, etc.
![Page 8: WEP-WAP 10/7/20151. 2 Goals Biometric protocols suitable for a wireless networked environment Secure system/network access via biometric authentication.](https://reader035.fdocuments.net/reader035/viewer/2022062423/56649e955503460f94b99c07/html5/thumbnails/8.jpg)
04/21/23 8
Biometric Authentication ThreatsBiometric Authentication Threats
![Page 9: WEP-WAP 10/7/20151. 2 Goals Biometric protocols suitable for a wireless networked environment Secure system/network access via biometric authentication.](https://reader035.fdocuments.net/reader035/viewer/2022062423/56649e955503460f94b99c07/html5/thumbnails/9.jpg)
04/21/23 9
Biometric CryptographyBiometric Cryptography
Use of biometric data for encryption & decryption
“fuzzy” commitment, vault – Ari Juels, RSA Labs
![Page 10: WEP-WAP 10/7/20151. 2 Goals Biometric protocols suitable for a wireless networked environment Secure system/network access via biometric authentication.](https://reader035.fdocuments.net/reader035/viewer/2022062423/56649e955503460f94b99c07/html5/thumbnails/10.jpg)
04/21/23 10
Biometric Cryptography (example)Biometric Cryptography (example)
Template(key)
Password(hashed) E(h(Pwd))
Enroll(Encrypt)
Verify(Decrypt)
Template(key)
compare
00000 1111101010 10101 01010 01010
11010 11101
10000 10111
HammingDistance = 2
WithinThreshold?
“stored”
“live”
![Page 11: WEP-WAP 10/7/20151. 2 Goals Biometric protocols suitable for a wireless networked environment Secure system/network access via biometric authentication.](https://reader035.fdocuments.net/reader035/viewer/2022062423/56649e955503460f94b99c07/html5/thumbnails/11.jpg)
04/21/23 11
Biometrics StandardsBiometrics Standards Common Biometric Exchange File Format (CBEFF) ANSI-NIST-ITL-2000
– Data exchange & quality– Criminal identification
American Association for Motor Vehicle Administration (AAMVA) DL/ID 2000
FBI – Wavelet Scalar Quantization (WSQ) – fingerprint image (de)compression– Electronic Fingerprint Transmission Standard (EFTS)
Intel Common Data Security Architecture (CDSA) ANSI X9.84 – Biometric data security (life cycle)
– Originally developed for financial industry; uses CBEFF APIs
– Open: BioAPI, Java Card Biometric API; uses CBEFF– Proprietary: BAPI …what is Microsoft planning?
XCBF– XML Common Biometric Format from OASIS; uses CBEFF– Mechanisms for secure transmission, storage, integrity, & privacy of biometrics
![Page 12: WEP-WAP 10/7/20151. 2 Goals Biometric protocols suitable for a wireless networked environment Secure system/network access via biometric authentication.](https://reader035.fdocuments.net/reader035/viewer/2022062423/56649e955503460f94b99c07/html5/thumbnails/12.jpg)
04/21/23 12
Biometric StandardsBiometric Standards
Recently from NIST…– Biometric Data Specification for Personal
Identity Verification (PIV)• January 24, 2005 (Draft)• New standards governing interoperable use of
identity credentials to allow physical and logical access to federal government locations and systems– Technical and formatting requirements for biometric
credentials– Restricts values and practices for fingerprints and
facial images– Geared toward FBI background checks and formatting
data for a PIV card– CBEFF and BioAPI compliant
![Page 13: WEP-WAP 10/7/20151. 2 Goals Biometric protocols suitable for a wireless networked environment Secure system/network access via biometric authentication.](https://reader035.fdocuments.net/reader035/viewer/2022062423/56649e955503460f94b99c07/html5/thumbnails/13.jpg)
04/21/23 13
Wireless AdvantagesWireless Advantages
Mobility Flexibility
– Easier to relocate and configure– More scalable
Cost– No cost due to physical barriers, private property.
Productivity– More opportunity to connect
Aesthetics– No clutter from wires
Robustness– Less physical infrastructure to damage and repair
![Page 14: WEP-WAP 10/7/20151. 2 Goals Biometric protocols suitable for a wireless networked environment Secure system/network access via biometric authentication.](https://reader035.fdocuments.net/reader035/viewer/2022062423/56649e955503460f94b99c07/html5/thumbnails/14.jpg)
04/21/23 14
Wireless DisadvantagesWireless Disadvantages
Lower channel capacity– Limited spectrum available– Power restrictions– Noise levels
Noise and interference Frequency allocation– U.S. – FCC
Greater security concern– Information traveling in free space
![Page 15: WEP-WAP 10/7/20151. 2 Goals Biometric protocols suitable for a wireless networked environment Secure system/network access via biometric authentication.](https://reader035.fdocuments.net/reader035/viewer/2022062423/56649e955503460f94b99c07/html5/thumbnails/15.jpg)
04/21/23 15
Wireless ProtocolsWireless Protocols Network domains
– Broadband• IEEE 802.16, Worldwide Interoperability for Microwave Access (WiMAX) –
framework, not single system or class of service– Cellular networks
• Global System for Mobile communication (GSM)• Universal Mobile Telecommunications System (UMTS =WCDMA)
– Cordless systems• Time Division Multiple Access (TDMA)• Time Division Duplex (TDD)
– Mobile Internet Protocol (Mobile IP) – Wireless Local Area Network (WLAN)
• IEEE 802.11 (Wi-Fi) a,b,g (n … not yet ratified)– Wireless Personal Area Network (WPAN)
• IrDA, Bluetooth, ultra wideband, wireless USB– Home Automation (narrow band)
• Infineon, ZigBee, Z-Wave
![Page 16: WEP-WAP 10/7/20151. 2 Goals Biometric protocols suitable for a wireless networked environment Secure system/network access via biometric authentication.](https://reader035.fdocuments.net/reader035/viewer/2022062423/56649e955503460f94b99c07/html5/thumbnails/16.jpg)
04/21/23 16
Wireless Protocol ComparisonWireless Protocol Comparison
Source: PC Magazine, March 22, 2004
![Page 17: WEP-WAP 10/7/20151. 2 Goals Biometric protocols suitable for a wireless networked environment Secure system/network access via biometric authentication.](https://reader035.fdocuments.net/reader035/viewer/2022062423/56649e955503460f94b99c07/html5/thumbnails/17.jpg)
04/21/23 17
Security and ProtocolsSecurity and Protocols Security domains
– Application security• Wireless Application Protocol (WAP)
– Uses Wireless Transport Layer Security (WTLS)• Current Class 2 devices based on IETF SSL/TLS• Future Class 3 devices will use a WAP Identity Module (WIM)
• Web services– Simple Object Access Protocol (SOAP) – toolkits available for Java & .NET
• Operating system security (Java run-time, Palm OS, Microsoft Windows CE)– Device security (PINs, pass-phrases, biometrics)– Security of wireless protocols
• IEEE 802.11 (Wi-Fi)– Wireless Encryption Protocol (WEP)… weak and flawed– Wi-Fi Protected Access (WPA). Uses Temporal Key Integrity Protocol (TKIP)
• IEEE 802.11i – Wireless Security spec. (WPA, AES, FIPS 140-2 compliant)– Authentication security
• Remote Authentication Dial In User Service (RADIUS)• Kerberos• SSL
![Page 18: WEP-WAP 10/7/20151. 2 Goals Biometric protocols suitable for a wireless networked environment Secure system/network access via biometric authentication.](https://reader035.fdocuments.net/reader035/viewer/2022062423/56649e955503460f94b99c07/html5/thumbnails/18.jpg)
04/21/23 18
Network EncryptionNetwork Encryption
Secure Shell (SSH)– Application Layer– Secure remote connection replacement for telnet, rlogin,
rsh Secure Socket Layer (SSL)
– Transport Layer Security (TLS)– Uses TCP & has specific port numbers– Main use is HTTPS (port 443)
Internet Protocol Security (IPSec)– Network Layer– Includes a key management protocol– Included in IPv6
![Page 19: WEP-WAP 10/7/20151. 2 Goals Biometric protocols suitable for a wireless networked environment Secure system/network access via biometric authentication.](https://reader035.fdocuments.net/reader035/viewer/2022062423/56649e955503460f94b99c07/html5/thumbnails/19.jpg)
04/21/23 19
Avenues of AttackAvenues of Attack
Capture Device
Local ComputerLAN- connected Computer
LAN
WAN
Remote Computer
= wireless
![Page 20: WEP-WAP 10/7/20151. 2 Goals Biometric protocols suitable for a wireless networked environment Secure system/network access via biometric authentication.](https://reader035.fdocuments.net/reader035/viewer/2022062423/56649e955503460f94b99c07/html5/thumbnails/20.jpg)
04/21/23 20
Wireless Security IssuesWireless Security Issues Denial of Service (DoS)
– Jamming…Use Spread Spectrum (DSSS, FHSS) technology– As a device battery attack, i.e., more processing = more battery usage
Eavesdropping– Signal is in the open air (war dialing)
Theft or loss of device– Due to size, portability, and utility
Dependency on public-shared infrastructure– What security is in place?
Masquerading– Rogue clients pretend to be legitimate endpoint– Rogue access points trick clients to logging in
Malware– Worms (Cabir) and Viruses (Timfonica, Phage) on wireless devices– Use Antivirus software
![Page 21: WEP-WAP 10/7/20151. 2 Goals Biometric protocols suitable for a wireless networked environment Secure system/network access via biometric authentication.](https://reader035.fdocuments.net/reader035/viewer/2022062423/56649e955503460f94b99c07/html5/thumbnails/21.jpg)
04/21/23 21
Wireless Security ParadoxWireless Security Paradox
We use wireless devices for convenience
Security measures often decrease convenience and performance
Result: Security features are often disabled or given lower priority
![Page 22: WEP-WAP 10/7/20151. 2 Goals Biometric protocols suitable for a wireless networked environment Secure system/network access via biometric authentication.](https://reader035.fdocuments.net/reader035/viewer/2022062423/56649e955503460f94b99c07/html5/thumbnails/22.jpg)
04/21/23 22
System Design ConsiderationsSystem Design Considerations Verification
– Are you who you claim to be (or are supposed to be)?– 1:1 matching– Usually consensual– Typically smaller template databases– Authorization (computer, network, building)
Identification– Who are you?– 1:n matching– Often no explicit consent or awareness– Typically larger template databases– Surveillance (homeland and border security), forensics, criminal
investigation (AFIS) Why not both?
– i.e. You are not who you say you are, so who are you?
![Page 23: WEP-WAP 10/7/20151. 2 Goals Biometric protocols suitable for a wireless networked environment Secure system/network access via biometric authentication.](https://reader035.fdocuments.net/reader035/viewer/2022062423/56649e955503460f94b99c07/html5/thumbnails/23.jpg)
04/21/23 23
Future ResearchFuture Research
Pattern for “fuzzy” matching?– Biometrics, digital watermarks, IDS, search
engines Biometric cryptography– Biometric key generation
• Fuzzy matching methodologies• Embedding biometric keys within wireless protocols
– X.509 certificates– Protocol payload area– Protocol header (authentication) area
• Use coefficients? (polynomial, elliptic curve)