1 / 36

Russ Ryan National Biometric Security Project

Presentation SM03: Biometrics & Access Control. Russ Ryan National Biometric Security Project. National Biometric Security Project. Biometrics for National Security (BiNS) National Signatures Project National Energy Technology Lab (NETL) NIST

wendy-rojas
Download Presentation

Russ Ryan National Biometric Security Project

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Presentation SM03: Biometrics & Access Control Russ Ryan National Biometric Security Project

  2. National Biometric Security Project • Biometrics for National Security (BiNS) • National Signatures Project • National Energy Technology Lab (NETL) • NIST • Int’l Organization for Migration (IOM) • Office of Presidential Affairs (UAE) • International Labour Organization • BioAPI Consortium • State of West Virginia

  3. Transportation Systems: Economic Systems Energy Systems: Communications System: Internet availability and function The Infrastructure Threat

  4. Easier to secure “front-end” – airline passengers, employees and baggage screeners Biggest threat is “back end” – transport of cargo, access to restricted areas, movements of outside suppliers Most active in protection of critical infrastructure US-Visit Program TWIC TSA RFID and Biometric technologies Transportation Sector

  5. Potential for monetary gains and economic disruptions increase banking and finance attractiveness as a target Market consolidation and globalization of financial services have reduced number of key players Strong dependency on Information Technology and Telecommunications, Energy (Electric Power), Transportation and Public Safety sectors for continuity of operations heightens vulnerabilities Economic Sector

  6. Commodity on which all productive economic activity is dependent Most vulnerable to outages Most likely to initiate cascading disruptions. Potential biometric applications: limited ingress/egress - control access by authorized personnel to sensitive locations. not as vulnerable to exploitation at the site of delivery, but rather at production sites and throughout the critical power distribution grids. cyber security scenario Energy Sector

  7. Includes voice, data, Internet and switching facilities Reliance on information mgt. systems and interconnected nets increase cascading potential Economic activity and crisis response impaired (9/11) Impairment of communications links can have cascading effect throughout all infrastructure sectors 9/11 impacted ability of Emergency Services to respond and Banking/Finance Sector to function Poor IT configuration leads to unnecessary services, with unidentified vulnerabilities Communications Sector

  8. Physical access control: border campus facility room container, etc Logical or virtual access control distributed information systems local area networks stand alone systems or computers Biometrics & Access Control

  9. …..the science of establishing the identity of an individual based on his/her physical or behavioral characteristics Biometrics

  10. FAR ►False Acceptance Rate FRR ►False Rejection Rate FTE ►Failure to Enroll FTA ►Failure to Acquire Match Threshold Throughput Biometric Definitions

  11. s Robust biometric passports Financial and medical services authorizations Border and travel services Drivers’ licenses Physical and Logical access Biometric Applications

  12. Biometric device typically replaces a non-biometric device controlling access to a room, building, campus, border, etc Architecturally, the primary security system design remains mostly unchanged Issues need to be resolved before design completion Biometrics & Physical Access

  13. Physical Access Control Technologies 1

  14. Logical access not as mature as physical access Most implementations are at the workstation level biometric control is integrated into the physical case and electronics of the workstation, whether a “desktop” system or a “laptop.” Other systems enable the use of a plug-in biometric device, typically a fingerprint system into a USB port. suspected that the plug-in devices would not be able to satisfy the higher levels of secure government computing protocols. Biometrics & Logical Access

  15. Biometric device evaluates the presented biometric and, if identity is verified, enables operation of the workstation. The computing system and anyone at a remote terminal communicating with the “secured” workstation assumes keystrokes are the actions of the authenticated person. Some systems include a keystroke recognition sub-routine to verify the user as he/she types Constant video assessment confirming one person at the keyboard and that the person’s face or eye is recognized by a facial or iris recognition biometric respectively. Biometrics & Logical Access

  16. Functional: Who will use the system, where it will be used, when and how often? Operational: What are the performance, reliability, facility and training requirements? Legal: what is needed to protect personal privacy during the acquisition, transmission and storage of biometric data? Social issues: What religious or cultural objections are there by users? Design Specifications

  17. Will the biometric device of choice operate in a stand-alone mode in which all users are enrolled at the device? Does device enable access or send a signal to a separate access control mechanism? Does device record each entry for subsequent downloading? What are power requirements /where are the power sources? What alarm reporting/response provisions does system offer? If enrollment is centralized and new enrollments are distributed through a network: Does data flow into the security system or directly to a proprietary access control? Design Issues

  18. New System vs Existing System New systems allow a well-considered design using current and cost-effective components …but…New system has no baseline of performance for comparison. Can require considerable troubleshooting Minimize the level of innovation throughout the system, avoiding reliance on new and unproven equipment and technologies without a sound and rational reason to embrace the new. Facilities & Systems- New System

  19. Essential to have a comprehensive understanding of: the system into which the biometric will be introduced operational attributes of the biometric Most often, compromises will be demanded and it will be the new, biometric addition that is expected to bend the most. Facilities & Systems- Legacy System

  20. Three main alternatives for decision access venues: at the portal at a central control point or intermediate location. Portal - authorized personnel are enrolled at the portal In some technologies, there is a nominal database that records who activated the device and at what time and date These data are downloaded periodically by a wire or wireless link between the device and a portable data collection platform Distributed vs. Centralized

  21. Central control process enrollment information is collected and stored at a central location massive databases can be maintained at the central location. biometric templates collected at portals are transmitted to this location for processing, image comparison, and decision-making. Improved degree of security / significant system oversight and overall awareness of activity Efficiency dependant upon sustained network communications Distributed vs. Centralized

  22. Intermediate Remote door control units (DCU) Similar to central control but not affected by loss of power at the central control. When enrolled in the enterprise system, necessary template and administrative information is transmitted to each door in the enterprise through which that person is authorized to pass Main design consideration is the location of the DCU so that it is protected from outside attack and tampering. Distributed vs. Centralized

  23. Security System choice of technology influenced by population of authorized persons it has to monitor and accommodate While the current population value must be known at the start of the design process, it is even more important to know what the projection is for future population expansion Resulting system design must account for this expansion to avoid costly retrofitting Expansion Requirements

  24. As the security system secures the enterprise, security planning must be applied to the security system itself As in the physical world, biometrics can play a significant role in safeguarding IT systems, providing protection of both the physical space (entry control to rooms containing vital IT technology) and the information system itself. Biometrics can also be incorporated with and contribute to effective encryption techniques System IT Security Design physical, electronic, encryption

  25. Universal Unique Permanence Collectable Performance Acceptance Spoof Resistance Attributes of an Ideal Biometric

  26. Understanding Biometric Performance • Increasing reliance on biometrics to secure access, transactions & Id • Equally increasing demand for accurate, unbiased evaluations • Testing can provide accurate metrics on how the technology will perform in the real world

  27. Performance of biometric systems is a function of: strength of the underlying biometric. quality and information content of the input configuration and architecture of the system the relationship of accuracy and throughput error rates, the nature of failures and their cost, and system vulnerabilities which contribute to an overall assessment of system performance Increasingly, biometric devices are components of larger systems imposing external variables that impact biometric system performance in the field Biometric Testing Today

  28. Technology Testing Goal: Produce a repeatable and scalable assessment of an algorithm/sensor using offline data processing Scenario Testing Goal: Determine overall system performance (both algorithmic & human factors performance measures) Operational Testing Goal: Determine biometric system performance in a specific environment with a specific target population Types of Biometric Tests

  29. The performance of electromechanical devices begins to deteriorate significantly in extreme cold or heat When cold, moving parts can slow down and critical timings are often affected In extreme heat, electrical circuits begin to fail In desert environments, blowing sand will prematurely age devices left exposed, as well as impair reader performance. Prolonged exposure to sunshine will result in the degradation and ultimate disintegration of plastic cases and keypads Exposure to any sort of moisture accelerates the corrosion External Performance Factors

  30. Requirements Definition Planning Considerations Life-cycle cost analysis Deployment Considerations

  31. Operational requirements surveys Vulnerability assessments Application impact studies Frame commercial/operational issues Statements of work/source selection Requirements – not technology – focused Systems design parameters Gap analyses, architecture evaluations Performance analyses Requirements Definition

  32. Education/awareness prior to roll out Privacy policy in place prior to roll out Need whole solution Early testing Manage expectations Know target environment Agreement from customer on requirements/design Enrollment plan Planning Requirements

  33. Life Cycle Cost Analysis

  34. Privacy Will the personal information collected for purposes of biometric identification will be used for reasons other than the original intent What if the biometric data is compromised? Potential unauthorized third party use? What happens to biometric data after use is complete? Is the security assured during transmission and storage Religious, Personal, Cultural Resistance Privacy & Social Issues

  35. Vulnerability assessment Technology evaluation Operational/application impact studies Cost Analysis Planning requirements Education/awareness prior to roll out Privacy policy in place prior to roll out Checklist

  36. Presentation SM03: Biometrics &Access Control Russ Ryan rryan@nationalbiometric.org 703-201-8179 www.nationalbiometric.org

More Related