Biometric For Authentication, Do we need it? Christophe Rosenberger GREYC Research Lab - France

Similar documents
NFC & Biometrics. Christophe Rosenberger

Framework for Biometric Enabled Unified Core Banking

CSC Network Security. User Authentication Basics. Authentication and Identity. What is identity? Authentication: verify a user s identity

Published International Standards Developed by ISO/IEC JTC 1/SC 37 - Biometrics

Towards the Security Evaluation of Biometric Authentication Systems

Biometric Authentication Platform for a Safe, Secure, and Convenient Society

Analysis of Multimodal Biometric Fusion Based Authentication Techniques for Network Security

French Justice Portal. Authentication methods and technologies. Page n 1

Application-Specific Biometric Templates

May For other information please contact:

Achieving Universal Secure Identity Verification with Convenience and Personal Privacy A PRIVARIS BUSINESS WHITE PAPER

Biometrics is the use of physiological and/or behavioral characteristics to recognize or verify the identity of individuals through automated means.

MOBILE VOICE BIOMETRICS MEETING THE NEEDS FOR CONVENIENT USER AUTHENTICATION. A Goode Intelligence white paper sponsored by AGNITiO

Multimodal Biometric Recognition Security System

Mathematical Model Based Total Security System with Qualitative and Quantitative Data of Human

Smart Card in Biometric Authentication

Multi-factor authentication

Review Article Biometric Template Security

Software Evaluation of smart cards : Detection of abnormal behavior of a smart card application

Best Practices for the Use of RF-Enabled Technology in Identity Management. January Developed by: Smart Card Alliance Identity Council

ADVANCE AUTHENTICATION TECHNIQUES

Biometrics for Payment Applications. The SPA Vision on Financial Match-on-Card

How Secure is Authentication?

Digital Identity & Authentication Directions Biometric Applications Who is doing what? Academia, Industry, Government

Assignment 1 Biometric authentication

KEYSTROKE DYNAMIC BIOMETRIC AUTHENTICATION FOR WEB PORTALS

Security Levels for Web Authentication using Mobile Phones

IDENTITY-AS-A-SERVICE IN A MOBILE WORLD. Cloud Management of Multi-Modal Biometrics

IDRBT Working Paper No. 11 Authentication factors for Internet banking

User Authentication Methods for Mobile Systems Dr Steven Furnell

This method looks at the patterns found on a fingertip. Patterns are made by the lines on the tip of the finger.

Digital identity: Toward more convenient, more secure online authentication

A Various Biometric application for authentication and identification

3D PASSWORD. Snehal Kognule Dept. of Comp. Sc., Padmabhushan Vasantdada Patil Pratishthan s College of Engineering, Mumbai University, India

Multi Factor Authentication

Biometrics: Advantages for Employee Attendance Verification. InfoTronics, Inc. Farmington Hills, MI

SECUDROID - A Secured Authentication in Android Phones Using 3D Password

Multi-Factor Authentication of Online Transactions

ARM7 Based Smart ATM Access & Security System Using Fingerprint Recognition & GSM Technology

ENHANCING ATM SECURITY USING FINGERPRINT AND GSM TECHNOLOGY

EMV-TT. Now available on Android. White Paper by

True Identity solution

An Algorithm for Electronic Money Transaction Security (Three Layer Security): A New Approach

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 10 Authentication and Account Management

Method of Combining the Degrees of Similarity in Handwritten Signature Authentication Using Neural Networks

Authentication. Computer Security. Authentication of People. High Quality Key. process of reliably verifying identity verification techniques

Biometrics in Secure e-transaction

N Stage Authentication with Biometric Devices. Presented by: Nate Rotschafer Sophomore Peter Kiewit Institute

Device-Centric Authentication and WebCrypto

Performance Evaluation of Biometric Template Update

Biometrics and Cyber Security

Two Factor Authentication for VPN Access

Accuracy and Security Evaluation of Multi-Factor Biometric Authentication

Entrust IdentityGuard

SECURITY IMPLICATIONS OF NFC IN AUTHENTICATION AND IDENTITY MANAGEMENT

Introduction to Computer Security

A Generic Framework to Enhance Two- Factor Authentication in Cryptographic Smart-card Applications

Security protocols for biometrics-based cardholder authentication in smartcards

Security Model in E-government with Biometric based on PKI

Opinion and recommendations on challenges raised by biometric developments

Biometrics & Authentication Technologies: security issues. Andy Adler Systems and Computer Engineering Carleton University, Ottawa

A Mobile Contactless Point of Sale Enhanced by the NFC and Biometric Technologies

Authentication Scheme for ATM Based On Biometric K. Kavitha, II-MCA IFET COLLEGE OF ENGINEERING DEPARTMENT OF COMPUTER APPLICATIONS

White paper Fujitsu Identity Management and PalmSecure

SOLUTIONS FOR HEALTHCARE PROFESSIONALS AND GOVERNMENTS

Extending EMV payment smart cards with biometric on-card verification

How Secure is Authentication?

Integration of Biometric authentication procedure in customer oriented payment system in trusted mobile devices.

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

22 nd NISS Conference

Two-Factor Authentication Making Sense of all the Options

Role of Multi-biometrics in Usable Multi- Factor Authentication

Online teaching: Do you know who is taking the final exam?

Scalable Authentication

BehavioSec participation in the DARPA AA Phase 2

Oracle Identity Governance - Complete Identity Lifecycle Management

Advanced Authentication

Microcontroller Based Smart ATM Access & Security System Using Fingerprint Recognition & GSM Technology

An Enhanced Countermeasure Technique for Deceptive Phishing Attack

solutions Biometrics integration

CASQUE SNR Presentation 16 th April 2015

Security for Computer Networks

3M Cogent, Inc. White Paper. Beyond. Wiegand: Access Control. in the 21st Century. a 3M Company

Security Issues in Smart Infrastructures for MMBS of Wireless Images for ATM banking

Automatic Biometric Student Attendance System: A Case Study Christian Service University College

Authentication Protocols Using Hoover-Kausik s Software Token *

INTEGRATED STAFF ATTENDANCE SYSTEM (ISAS) WEE PEK LING

A Comparative Study on ATM Security with Multimodal Biometric System

W.A.R.N. Passive Biometric ID Card Solution

IDENTITY SOLUTIONS FOR A BETTER WORLD

Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access

WHITE PAPER Usher Mobile Identity Platform

Voice Authentication for ATM Security

Security Levels for Web Authentication Using Mobile Phones

Template and Database Security in Biometrics Systems: A Challenging Task

Secure communications via IdentaDefense

BIOMETRICS STANDARDS AND FACE IMAGE FORMAT FOR DATA INTERCHANGE - A REVIEW

Progressive Authentication on Mobile Devices. They are typically restricted to a single security signal in the form of a PIN, password, or unlock

A puzzle based authentication method with server monitoring

AN EMBEDDED REAL TIME FINGER VEIN RECOGNITION SYSTEM FOR ATM SECURITY

Transcription:

Biometric For Authentication, Do we need it? Christophe Rosenberger GREYC Research Lab - France

OUTLINE Le pôle TES et le sans-contact Introduction User authentication GREYC - E-payment & Biometrics Introduction to biometrics Usable biometric solutions Perspectives 2

Introduction E-Secure transactions E-transactions ( E-secure Transactions Cluster) 3

Introduction Digital identity management One individual has many identities. 4

Introduction Le pôle TES et le sans-contact User authentication: Authentication methods are based on: We know [Secret] We own [Token, smartcard, RFID tag] We Are [Biometrics] The way we do things [Behavioral biometrics] The use of a reliable third party [Relationship] They are called authentication factors. 5

Introduction Digital identity management One individual can have different authentication factors. 6

Introduction Trends Trust in the identity of a user or a client Guarantee security (difficult to compromise) Respect the privacy Facilitate the usability 7

Le pôle TES et le sans-contact USER AUTHENTICATION 8

User authentication Solutions in the market 9

User authentication Le pôle TES et le sans-contact Biometrics The only one user authentication method It is more easy to use It is much more difficult to attack or falsify 10

Le pôle TES et le sans-contact GREYC RESEARCH LAB E-payment & Biometrics 11

ENSICAEN Le pôle TES et le sans-contact School of engineering of Caen ~ 780 students Department of Computer science : E-payment & Computer security: only one in France Strong partnerships with companies: Gemalto, Morpho, Fime... 12

GREYC Research Lab Le pôle TES et le sans-contact Research Group in Computer science, Automatics, Image processing and Electronics of Caen Laboratory staff: 7 CNRS researchers 25 Full professors 18 Associate professors 48 Assistant professors 79 PhD students 17 permanent staff 30 Engineers and post-doc Research topics: Electronics Image processing Algorithmic Document analysis Multi-agents Robotics navigation Automatics Computer security Natural language processing Biometrics Cryptography 13

E-payment & Biometrics Members (29): 3 full professors, 2 associate professors, 4 assistant professors, 4 permanent engineers, 8 PhD students, 2 Post-docs, 6 engineers. Research topics (2): Biometrics and Trust Application: E-payment Research projects: ASAP(ANR), LYRICS(ANR), PAY2YOU(FUI), CAPI(FUI), ADS+(FUI), INOSSEM(GE), LUCIDMAN(EUREKA) 14

E-payment & Biometrics Biometrics: Operational authentication that respects the privacy of users Le pôle TES Biometric le sans-contact authentication (palm veins, keystroke dynamics ) Evaluation of biometric systems (usability, security ) Protection of biometrics (cancelable biometrics, smartcards ) GREYC Keystroke Keystroke dynamics authentication 15

Le pôle TES et le sans-contact Introduction to biometrics 17

Biometrics Biometric modalities: Biological analysis: EEG signal, DNA Behavioural analysis: Keystroke dynamics, voice, gait, signature dynamics... Morphological analysis: Fingerprint, iris, palmprint, finger veins, face, ear 18

Biometrics Le pôle TES et le sans-contact Biometric system: general architecture 19 Source ISO/IEC19794-1 Information technology Biometric data interchange formats Part 1: Framework

Le pôle TES et le sans-contact Usable biometric solutions 20

Keystroke dynamics Le pôle TES et le sans-contact Authentication based on passwords Passwords can be shared between users Passwords are difficult to memorize Passwords can be stolen Passwords are vulnerable to guessing attacks 21

Keystroke dynamics Le pôle TES et le sans-contact Advantages A two authentication factor method knowledge of the password password typing Good acceptance invisible for a user (passphrase or password) no privacy issues (easy to change the password) avoid complex passwords difficult to remind low cost solution none additional sensor software based authentication method 22 R. Giot, M. El-Abed, B. Hemery, C. Rosenberger, "Unconstrained Keystroke Dynamics Authentication with Shared Secret", Elsevier Journal on Computers & Security (IF 0.868), Volume 30, Issues 6-7, Pages 427-445, September-October 2011

Keystroke dynamics Le pôle TES et le sans-contact How does it work? Record different times: PP (latency between two pressures), RR (latency between two releases), RP (latency between one release and one pressure) and PR (duration of a key press), Use this feature vector to measure the similarity of keystroke dynamics. 23

Keystroke dynamics Some recent articles in the media 24

25 Demo

Signature dynamics A signature Usual method to authenticate a person (contract...) Manual or automated verification Existing sensors: tablet, scanner... Can be copied 26

Signature dynamics Principle Taking into account user s behavior, Much more difficult to falsify, Based on a method (signature) widely used and recognized in a legal point of view. 27

Signature dynamics Software 28 V. Alimi, C. Rosenberger, S. Vernois, "A mobile contactless point of sale enhanced by the NFC technology and a match-on-card signature verification algorithm", Smart Mobility Conference, 2011 V. Alimi, C. Rosenberger, S. Vernois, A Mobile Contactless Point of Sale Enhanced by the NFC and Biometric Technologies, International Journal of Internet Technology and Secured Transactions, To appear 2012

Voice recognition Principle Voice is a natural choice to authenticate a user (for a mobile phone or even a computer) Dynamic authentication (to avoid the replay attack) Free text speaker recognition is needed 29

Voice recognition Verification process: 1. The user launches the android application 2. The application (offline) or server (online) generates a challenge (random sentence) 3. The user says the specific sentence in the microphone 4. The application (offline) or server (online) matches the biometric capture 5. The application (offline) or server (online) verifies that the challenge has been said by the user 6. If everything is OK, the user s identity is verified 30

Voice recognition Software 31 M. Baloul, E. Cherrier, C. Rosenberger, "Challenge-based Speaker Recognition For Mobile Authentication", IEEE Conference BIOSIG, 2012.

Cancelable biometrics Motivations : It is not always possible to revoke a biometric data Usable Principle Avoid to store the fingerprint image or minutiae Better performance Usable solution 32

Cancelable biometrics Verification process: Feature extraction Original Image Fingercode seed BioHashing Salting with the seed The original image is not stored The biocode is stored It is not possible to compute the pattern or retrieve the original image given the biocode A biocode can regenerated (other seed) The biohashing process improves performance BioCode 33

Cancelable biometrics Demo 34 R. Belguechi, E. Cherrier, C. Rosenberger, "Texture based Fingerprint BioHashing : Attacks and Robustness", IEEE/IAPR International Conference on Biometrics (ICB), p.7, 2012

Le pôle TES et le sans-contact Perspectives 35

Conclusion Le pôle TES et le sans-contact Biometrics The ONLY ONE solution for user authentication Many usable solutions exist Speaker recognition (especially for mobile phone or offpad) Signature dynamics (authentication, dematerialized documents) Keystroke dynamics (authentication, monitoring, access control...) Cancelable biometrics (allowing online verification) 36

37 http://www.epaymentbiometrics.ensicaen.fr/

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information