Scribd
Upload
24 views19 pages

Introduction to Biometrics and Security

Uploaded by

Alain Fruchet
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
24 views19 pages

Introduction to Biometrics and Security

Uploaded by

Alain Fruchet
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd

Introduction to Biometrics

Dr. Bhavani Thuraisingham


The University of Texas at Dallas

Lecture #1
Biometrics and Other Emerging Technologies in
Applications Security

August 22, 2005


Outline
 Biometrics
 Digital Identity Management
 Identity Theft Management
 Digital Forensics
 Digital Watermarking
 Risk Analysis
 Economic Analysis
 Secure Electronic Voting Machines
 Other Applications
 Areas in Information Security
Biometrics
 Early Identication and Authentication (I&A) systems, were
based on passwords
 Recently physical characteristics of a person are being used
for identification
- Fingerprinting
- Facial features
- Iris scans
- Blood circulation
- Facial expressions
 Biometrics techniques will provide access not only to
computers but also to buildings and homes
 USVISIT is an important application being developed by the
Department of Homeland Security
Biometric Technologies
 Pattern recognition
 Machine learning
 Statistical reasoning
 Multimedia/Image processing and management
 Managing biometric databases
 Information retrieval
 Pattern matching
 Searching
 Ontology management
 Data mining
Data Mining for Biometrics
 Determine the data to be analyzed

- Data may be stored in biometric databases


- Data may be text, images, video, etc.
 Data may be grouped using classification techniques
 As new data arrives determine the group this data belongs to

- Pattern matching, Classification


 Determine what the new data is depending on the prior
examples and experiments
 Determine whether the new data is abnormal or normal
behavior
 Challenge: False positives, False negatives
Secure Biometrics
 Biometrics systems have to be secure
 Need to study the attacks for biometrics systems
 Facial features may be modified:

- E.g., One can access by inserting another person’s


features
- Attacks on biometric databases is a major concern
 Challenge is to develop a secure biometric systems
Secure Biometrics - II
 Security policy for as biometric system

- Application specific and application independent policies


- Security constraints
 E.g.,Classify the biometric properties of the President
 Security model for a biometrics systems

- Determine the operations to be performed


- Need to include both text, images and video/animation
 Architecure for a biometric system

- Need to identify securiy critical components


- Reference monitor; the trusted components
 Detecting intrusions in a biometric system
Digital Identity Management
 Digital identity is the identity that a user has to access an
electronic resource
 A person could have multiple identities

- A physician could have an identity to access medical


resources and another to access his bank accounts
 Digital identity management is about managing the multiple
identities
- Manage databases that store and retrieve identities
- Resolve conflicts and heterogeneity
- Make associations
- Provide security
 Ontology management for identity management is an
emerging research area
Digital Identity Management - II
 Federated Identity Management

- Corporations work with each other across organizational


boundaries with the concept of federated identity
- Each corporation has its own identity and may belong to
multiple federations
- Individual identity management within an organization
and federated identity management across organizations
 Technologies for identity management

- Database management, data mining, ontology


management, federated computing
Identity Theft Management

 Need for secure identity management

- Ease the burden of managing numerous identities


- Prevent misuse of identity: preventing identity theft
 Identity theft is stealing another person’s digital identity
 Techniques for preventing identity thefts include

- Access control, Encryption, Digital Signatures


- A merchant encrypts the data and signs with the public
key of the recipient
- Recipient decrypts with his private key
Digital Forensics
 Digital forensics is about the investigation of Cyber crime
 Follows the procedures established for Forensic medicine
 The steps include the following:

- When a computer crime occurs, law enforcement officials


who are cyber crime experts gather every piece of
evidence including information from the crime scene (i.e.
from the computer)
- Gather profiles of terrorists
- Use history information
- Carry out analysis
Digital Forensics - II

 Digital Forensics Techniques

- Intrusion detection
- Data Mining
- Analyzing log files
- Use criminal profiling and develop a psychological profile
- Analyze email messages
 Lawyers, Psychologists, Sociologists, Crime investigators
and Technologists have to worm together
 International Journal of Digital Evidence is a useful source
Steganography and Digital Watermarking
 Steganography is about hiding information within other
information
- E.g., hidden information is the message that terrorists
may be sending to their peers in different parts of the
world
- Information may be hidden in valid texts, images, films
etc.
- Difficult to be detected by the unsuspecting human
 Steganalysis is about developing techniques that can analyze
text, images, video and detect hidden messages
- May use data mining techniques to detect hidden patterns
 Steganograophy makes the task of the Cyber crime expert
difficult as he/she has to analyze for hidden information
- Communication protocols are being developed
Steganography and Digital Watermarking - II
 Digital water marking is about inserting information without
being detected for valid purposes
- It has applications in copyright protection
- A manufacturer may use digital watermarking to copyright
a particular music or video without being noticed
- When music is copied and copyright is violated, one can
detect who the real owner is by examining the copyright
embedded in the music or video
Risk Analysis
 Analyzing risks

- Before installing a secure system or a network one needs


to conduct a risk analysis study
- What are the threats? What are the risks?
 Various types of risk analysis methods

- Quantitative approach: Events are ranked in the order of


risks and decisions are made based on the risks
Qualitative approach: estimates are used for risks
Economics Analysis
 Security vs Cost

- If risks are high and damage is significant then it may be


worth the cost of incorporating security
- If risks and damage are not high, then security may be an
additional cost burden
 Economists and technologists need to work together

- Develop cost models


- Cost vs. Risk/Threat study
Secure Electronic Voting Machines
 We are slowly migrating to electronic voting machines
 Current electronic machines have many security
vulnerabilities
 A person can log into the system multiple times from different
parts of the country and cast his/her vote
 Insufficient techniques for ensuring that a person can vote
only once
 The systems may be attacked and compromised
 Solutions are being developed
 Johns Hopkins University is one of the leaders in the field of
secure electronic voting machines
Other Applications
 Email security

- Encryption
- Filtering
- Data mining
 Benchmarking

- Benchmarks for secure queries and transactions


 Simulation and performance studies
 Security for machine translation and text summarization
 Covert channel analysis
 Robotics security

- Need to ensure policies are enforced correctly when


operating robots
Areas in Information Security
 Core Areas
- Operating System Security
- Network Security
- Middleware Security
- Database Security
- Applications Security
- Intrusion Detection
- Web Security
 Some Special Areas
- Biometrics
- Secure Semantic Webs
- Secure Geospatial Systems

You might also like