Biometrics and Cyber Security

Key Considerations in Protecting Critical Infrastructure – Now and In The Future
Conor White, Chief Technology Officer, Daon
© Copyright Daon, 2009 1

Why is Cyber Security Important in the Context of Biometric Systems?

© Copyright Daon, 2009

2

Cyber Security & Biometrics
 On the Internet, nobody knows you are a dog….

Or a terrorist …Or a student … Or a spy…
© Copyright Daon, 2009 3

Identity is More Valuable than Money!
“I can’t think of a single piece of information more critical to our ultimate security and prosperity, both as individuals and as a country, than our personal identity. The ability of an individual to establish identity, to verify “you are who you claim to be”, is critical to the many transactions that occur in a single day. As the world becomes more interdependent, as transactions become more global, and as the world embraces identity management and assurance as an element of conducting business, personal identities will become a form of global currency. Whether you are crossing a border, seeking employment, applying for a public benefit, opening a bank account, combating crime, making a purchase, enforcing immigration policy, granting access to public and private spaces, detecting terrorists ---- identity verification has limitless value.” Governor Tom Ridge Former Secretary, Department of Homeland Security

© Copyright Daon, 2009

4

Identity Management is Fundamental to Cyber Security
 Cyber Security is about establishing trust in entities accessing your networks and ensuring that they perform functions consistent with the role you define for them.  The fundamental capability necessary for any cyber security solution is Identity Management.
• Biometrics is a key enabling technology in the fight to strengthen the security of systems against cyber crime

 However…
© Copyright Daon, 2009 5

…Biometric Identity Systems Will Be Attacked!
 In this session we will discuss (briefly) the following cyber security topics as they relate to Biometric Systems: 1. System Level Perspective 2. Person Level Perspective 3. Independence, Flexibility, Ongoing Analysis and Adaptation

© Copyright Daon, 2009

6

Attacks on Biometric Systems
Biometrics provide a clear benefit to counteracting cyber security threats – but biometric systems can themselves be a source of weakness
Consider the following:  Don’t have to duplicate to spoof – you just need to alter to ensure no 1:1 or 1:N match (negative identification scenarios)  As our databases grow, we struggle to achieve universality  As we seek to automate, unattended acquisition and authentication creates risk  As more systems are deployed, frequency and sophistication of attacks will increase • Microsoft OS virus vs Apple OS virus  No Biometric modality is perfect – don’t believe anybody who tells you otherwise  No silver bullet - lots of papers & patents but few commercial offerings  Industry starting to look more seriously at liveness detection – e.g. LivDet 2009
© Copyright Daon, 2009 7

How Do We Compete?
 Countermeasures are required:
• • • • • • • Enhanced Capture Software Secured Systems New Capture Devices Multi-factor Multi-modal Supervision & Oversight – guiding standard and principles Ability to react through flexible technology and process

 Biometric matching has been a technology- and tool-centric field.  A Defense-in-Depth method of dealing with biometric & identity-related concerns takes a more holistic approach:

People

Technology
© Copyright Daon, 2009

Operations
8

Biometric System Threats & Countermeasures

© Copyright Daon, 2009

9

Biometric System Vulnerabilities
Person Perspective System Perspective
7
Storage Verifier

11

6

10

Data Collection

Signal Processing

Matching

Decision

1

2

3

4

5

8

9

Source: Study report on Biometrics and E-Authentication

Key Considerations: • There is no perfect identity authentication method – every form of authentication has vulnerabilities • The entire identity eco-system is vulnerable to attack • Don’t just secure the point of authentication • Consider systemic weaknesses as well • Must provide a defense-in-depth strategy
© Copyright Daon, 2009 10

First Principle of Cyber Security

Security by Design
  Security should be designed into a solution and not “bolted on” after the fact All solutions MUST be designed using industry-best security principles • Encryption of data – both in transit and at rest • Use of strong cryptographic techniques (e.g. HSMs) • Robust key management • Non-repudiation of events • Authorization of function • Integrity protection – data and system • Uses industry proven techniques – no “security by obscurity” Biometrics systems are vulnerable to attack at several points in the process: data collection, signal processing, data storage, and decision/action point
© Copyright Daon, 2009 11

Defense in Depth
So How do We Design in the Countermeasures? Location Threats
Device substitution

Person Perspective

System Perspective

7

Storage

Verifier
11

6

10

Data Collection
1 2

Signal Processing
3 4

Matching
8

Decision

5

9

Example Countermeasures
Liveness detection - Challenge/response Multi-modal, policy-based Mutually authenticate device Vendor agnostic architecture Sign data, timestamp, session tokens/nonces, HSM, FIPS Sign components Debugger hostile environment Coarse scoring, trusted sensor, secure channel, limit attempts DB access controls, sign/encrypt templates, store on secure token Audit, digital signature Protected function, data protection
12

1 – Data Collection Spoofing

2 – Raw Data Transmission 3 – Signal Processing 5 – Matching

Replay attack (Software) Component replacement Manipulation of match scores Hill climbing Database compromise (reading/replacing template, changing bindings) Threshold manipulation

7 - Storage

9 – Decision

© Copyright Daon, 2009

And Don’t Forget about Data Security
 Provide an authentication framework that
• Securely manages sensitive biometric data. • Ensures the privacy of users’ personal (e.g. biometric) data. • Resists attacks launched by insiders/outsiders. • Provides for non-repudiation of activities. • Integrates with 3rd party applications. • Scales to enterprise-wide deployments. • Is biometric-agnostic by design.

 Biometric data must be stored securely
• Privacy concerns (legislation) • Risk of legal challenges to signatures if stolen

 Assume a hostile network
• Eavesdropping on sensitive traffic. • Injection/deletion of messages

 Assume a hostile environment
• Database may be compromised. • Machines may be physically attacked. • Attacks launched against OS or Daon software.

© Copyright Daon, 2009

13

In Summary
 Biometrics enable stronger defense against cyber security attacks but biometric systems need to ensure that they don’t become a platform for launching an attack themselves  Design Security In – Don’t just bolt it on
• • • • • • • Protect biometric systems using a holistic approach Ensure all data is encrypted (in motion and at rest) Ensure robust key management and distribution Signing of all parties in a transaction Tamper evidence and integrity checks throughout system Audit trails and non-repudiation Consider all points in a solution and look for vulnerabilities

 Its NOT just about the matching algorithm!
© Copyright Daon, 2009 14

Person-Oriented Attacks & Countermeasures

© Copyright Daon, 2009

15

Person Oriented Attacks
 Historically the focus has been finger, face, and iris however, there are several modes being refined: vein, voice, iris on the move,….  To defeat a biometric system, sometimes it is sufficient to cause distortion (i.e. to not match).
• Example, distortion of fingerprints to avoid watchlist hits

 Universality/Inclusivity becomes a major issue for large populations  Multi-Modal solutions work best  Systems need an adaptive architecture that can incorporate these new modes and leverage technology improvements over time

The most progressive, modern systems begin as a multi-biometric platform with built in systemic security & privacy safeguards and add different biometric capabilities as needed over time!

© Copyright Daon, 2009

16

Multi-biometric Fusion
 Use fusion to improve accuracy and robustness
• • • • • Increase accuracy beyond single biometric matching Reduce FTE (broaden population) Spoof/denial resistance Cope with poor quality data Sensor/user fault tolerance

 Fusion performance depends on:
• • • • • Input data available Comparison algorithm accuracy Correlations between different matcher scores Fusion technique Training data
17

© Copyright Daon, 2009

Multi-Biometric Fusion in Action
0.0001% 0.0010% 0.0100% 0.1000% 1.0000% 10.0000%

100.0000% 100.0000%

False Non-Match Rate (FNMR)

Choose a platform that enables multiple biometrics to ensure optimized performance Multi-biometric systems provide key advantages:
• • • • • Increased accuracy (noise reduction) Enhanced Usability Greater Universality Improved Security Improved performance (FMR, FNMR)

10.0000%

Face Finger Sum fusion Product fusion

1.0000%

0.1000% False Match Rate (FMR)

As enrollment populations grow dramatically, multimodal solutions are inevitable.

Performance of large scale identity programs can be significantly improved through the use of multiple biometrics. Large scale systems should establish a core multi-biometric platform first and then choose the most applicable algorithms to suit their population, commercial and performance needs
© Copyright Daon, 2009 18

In Summary
 There is NO perfect biometric type  There is NO perfect biometric device or algorithm  Biometric performance will continue to increase over time, costs will decrease  Spoofing attacks will continue and gain in frequency and complexity  A flexible framework is needed to counteract these attacks  Multi-biometric systems provide best defense – with ability to continually add new technology components  Policy based normalization and fusion should be kept independent of biometric matching algorithms  Adopt a platform that enables you to take advantage of technological improvements over time

© Copyright Daon, 2009

19

Technology Flexibility, Ongoing Analysis and Adaptation

© Copyright Daon, 2009

20

Analysis and Adaptation
 Question: How do you react to:
• • • • • • Biometric technologies continuously changing Weaknesses identified in specific algorithms or devices Spoofing techniques continuously improving New normalization and fusion techniques emerging Throughput and performance models emerging …

 Answer: Deploy an analysis and adaptation engine that enables you to do “what-if analysis” and understand consequences of changes ahead of implementation  Identify and correct weak points ahead of cyber attackers  Automate performance analysis of what-if scenarios:
• • • • Algorithms: Matching, Quality, Fusion Devices/sensors Interoperability: Cross-device analysis, multi-algorithm scenarios Protocols e.g. 1:1, 1:N, #attempts, preferred sample types
© Copyright Daon, 2009 21

Which Fusion? DETs
1.0E-06 1.0E-05 1.0E-04 1.0E-03 1.0E-02 1.0E-01 1.0E+00 1.0E+00

False Non-Match Rate (FNMR)

1.0E-01 517_Face_C 517_Finger_LI SUM: MinMax SUM: Zscore SUM: MAD SUM: TanH PROD: FNMR PROD: Liklihood 1.0E-02

1.0E-03 False Match Rate (FMR)

© Copyright Daon, 2009

22

Self Optimizing Framework for Analysis and Adaptation

Policy Based Biometric Platform

Biometric Performance Analysis Engine

Biometric Performance Results Analysis Analysis Engine

© Copyright Daon, 2009

23

In Summary
 Vendor independence provides both a monetary ROI and a cyberthreat risk mitigation  Leverage concept of master broker to orchestrate operations of biometric components  Ensure a vendor independent framework is put in place  Ensure (i.e. prove positively) that your solution is independent of any single biometric technology provider  Maintain strict data independence from underlying device or matcher technology  Large scale programs can clearly benefit for performance analysis tools to ensure optimum use of biometrics  Deploying a system that leverages synergies between an identification broker and analysis tools enables systems to be self optimizing over time yielding better performance and mitigating against cyber security threats
© Copyright Daon, 2009 24

Thank You – Questions?

Conor White Email: Direct: conor.white@daon.com 703 984 4010

© Copyright Daon, 2009

25

Sign up to vote on this title
UsefulNot useful