1 / 8

IDTrust 2011: Privacy and Security Research Challenges for Biometric Authentication

IDTrust 2011: Privacy and Security Research Challenges for Biometric Authentication. Moderator: Elaine Newton, PhD NIST elaine.newton@nist.gov. A Generic Biometric System.

russob
Download Presentation

IDTrust 2011: Privacy and Security Research Challenges for Biometric Authentication

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IDTrust 2011:Privacy and Security Research Challenges for Biometric Authentication Moderator: Elaine Newton, PhD NIST elaine.newton@nist.gov

  2. A Generic Biometric System Image from: Newton, Elaine. Biometrics and Surveillance: Identification, De-Identification, and Strategies for Protection of Personal Data. PhD Dissertation, Carnegie Mellon University, Dept of Engineering and Public Policy, ProQuest UMI, May 2009.

  3. Notional Histogram of Genuines (Blue) and Imposters (Red) Frequency False Matches False Non-Matches Similarity Scores

  4. NIST Biometric Testing • Fingerprint • Ongoing Proprietary Fingerprint Test (PFTII) and MINEX (MINutiae EXchange) testing using various databases of 120K+ subjects • Software development kit (SDKs) –based testing • Face • Data from grand challenges and vendor tests • DOS Database of 37K subjects • Algorithm-based testing • Iris • Data from grand challenges and vendor tests • Algorithm-based testing

  5. Authentication Use Case Comparison For law enforcement, immigration, etc. For online transactions, e.g. banking, health, etc. Enrollment Less controlled Probably not in person Subsequent recognition attempts Unattended Successful recognition Answers the question, “How confident am I that this is the actual claimant?” Is a tamper-proof rendering of a distinctive pattern • Enrollment and subsequent recognition attempts • highly controlled • Supervised / Attended • Successful recognition • Answers the question, “Has this person been previously encountered?” • Is a unique pattern

  6. Passwords v. Biometric Data • P: Known only to the end-user • B: Potentially known by anyone who can encounter the individual in-person or virtually • P: Can be (easily) changed if compromised and periodically renewed to mitigate risk • Can be lengthened to increase security • B: A pattern with some degree of robustness over time that can be used to distinguish individuals • P: Many possibilities for users to choose different credentials for different domains, which could be randomly generated or otherwise have no personally identifying information • B: A presentation of the same biometrics for any application, and many can be used for identification • P: Deterministic • B: Probabilistic

  7. Biometric Security Issues Figure by Nalini Ratha, IBM

  8. Thank youAnd now for our panel: Ross Micheals, PhD Terry Boult, PhD Stephanie Schuckers, PhD

More Related