1 / 24

Biometrics and Your Identity

UBC – Computer Security October 4, 2007 Gordon Ross – President VIRTUAL PERCEPTIONSYSTEMS INC. gordon@my-spy.com www.my-spy.com. Biometrics and Your Identity. Biometrics:

ricoe
Download Presentation

Biometrics and Your Identity

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. UBC – Computer Security October 4, 2007 Gordon Ross – President VIRTUAL PERCEPTIONSYSTEMS INC. gordon@my-spy.com www.my-spy.com Biometrics and Your Identity

  2. Biometrics: A unique physical or behavioral characteristic which can practically be collected, stored, and compared against; for the purpose of positive identification. Biometrics and Your Identity

  3. Behavioral and physiological Static and dynamic One to one compare One to many searching False Acceptance Rate (FAR) False Rejection Rate (FRR) Failure to Enroll (FTE) Biometric Terms

  4. Fingerprint Facial recognition Iris Voice recognition Hand Geometry Various types of Biometrics

  5. Keystroke dynamics Retinal Scan Palm Print Signature Additional types of Biometrics

  6. Capture a Biometric-Enrollment • Process the Biometric-Algorithm • Store Result-Template • Compare-one to one • verification • Find-one to many • identification • Accept or Reject How does a biometric work?

  7. Some Uses of Biometrics • Controlling access • Monitoring • Authentication • Identification • ATM applications

  8. Open the door please. Is this the person on record? Who are you? Can this smart card log me in? Am I the rightful owner of this password? How could biometrics be used and For what purpose?

  9. How could Biometrics be used and For what purpose? • Open doors-physical access • City of Baltimore-Department of Public Works uses Voice Authentication for Access Control

  10. Or… • Is this the person on record? • Identification • State of Connecticut-Department of Social Services uses Finger Print Imaging to reduce welfare fraud-$23M savings

  11. Or… • Who are you? • Nation Bank - TX • ATM application

  12. Or… • Do we know you? • Facial recognition at Super Bowl in Florida. • Match against known image.

  13. Or… • Am I the rightful owner of this password? • Login by: • Typing user name and password AND • Your unique Biometric.

  14. Social Engineering Collusion Theft or Fraud How can a Biometric be Bypassed or Defeated?

  15. Make an Artificial Finger Print **Making A Mold Final Mold. Soften Plastic Material with Hot Water Press Live Finger into Plastic. **From Tsutomu Matsumoto’s research..

  16. Artificial Finger Print Make an Artificial Finger Print **From a Real Finger. Make the Liquid and Gelatin mix where the gelatin is at 50% wt. Add Boiling Water 30cc to 30g of gelatin and mix. Process takes approximately 20 minutes. **From Tsutomu Matsumoto’s research..

  17. Make an Artificial Finger Print **From a Real Finger. Pour Liquid Into Mold. Refrigerate To Cool. Final Gummy Print. This Process takes approximately 10 Minutes. **From Tsutomu Matsumoto’s research..

  18. Devices that were spoofed.. **From Tsutomu Matsumoto’s research..

  19. Tsutomu Matsumoto tsutomu@mlab.jks.ynu.ac.jp http://www.cyberpunks.org/display/630/article/ • c’t Magazine from Germany http://www.heise.de/ct/english/02/11/114/ • Just “Google” - “Defeating Biometrics” for more information. How can a Biometric be Bypassed or Defeated?

  20. Facial & Iris Recognition systems *FaceVACS-Logon can be outfoxed with a short video clip of a registered person. Once Live-Check has been activated all attempts at deception with stills are foiled. A short .AVI video clip with the webcam in which a registered user was seen to move his head slightly to left and right. The program did in fact detect in the video sequence played to it a moving 'genuine' head with a known facial metric, whereupon it granted access to the system. *c’t magazine – Germany

  21. ROI on biometric projects • Quantify likelihood of previous cases • Costs • Technology Acquisition (HW & SW) • User training-hard enrollment • FTR • Deployment-configuration check • Process change • Help desk calls • Hardware product lifecycle

  22. Summary • Biometrics field is old, industry is new • Entire industry was $65M in 1999 • Global Industry Analysts Inc. states biometric sales are to exceed $6.48 billion by 2010… (July 2007) • Not a technology issue but a people issue • Due diligence is key. • Privacy is also a concern. • Biometrics helps with authentication • Nothing is absolute!

  23. www.bioapi.org www.ibia.org www.biometricgroup.com www.biodigest.com Biometric resources

  24. QUESTIONS? Gordon Ross – BScEE – CET – HSG VIRTUAL PERCEPTION SYSTEMS INC. gordon@my-spy.com www.my-spy.com Thank you…

More Related