Biometric Authentication in a Wireless Environment
Biometric Authentication in a
Wireless Environment
Dr. Mohammad Iqbal
Thanks to : Alex Kotlarchyk, Florida Atlantic University
7/16/2013
1
Goals
Biometric protocols suitable for a
wireless networked environment
Secure system/network access via
biometric authentication
Secure wireless transmission of
biometric data
7/16/2013
2
Why Wireless Biometrics?
Combination of two rapidly growing
technologies
1. Biometric systems for verification and
identification
• Homeland Security
2. Wireless systems for mobility
• Over 1 trillion wireless phone min. in US,
2004
Common advantage is convenience
7/16/2013
3
Current Examples of Biometric
Deployments
Eastern Financial’s Boca Mission Bay branch
– Handprint scan to unlock the door to safe deposit boxes
Statue of Liberty
– Fingerprint scan to access lockers
Nine Zero hotel in Boston
– Iris scan for entrance to $3,000-a-night suite
Piggly-Wiggly grocery stores
– Testing pay-by-fingerprint system
Bank of Tokyo-Mitsubishi
– Credit cards w/ embedded vein-pattern information
7/16/2013
4
Human authentication
Types of human authentication
– What you know (secret)
• Password, PIN, mother’s maiden name
– What you have (token)
• ATM card, smart card
– What you are (biometric)
• Stable: fingerprint, face, iris
• Alterable: voice, keystroke
– Where you are (authorization?)
• Wireless
7/16/2013
5
Suitability of Biometrics
Paradox of secure biometrics
– A biometric is stable and distinctive. This is
good for identification.
– However, something unique can never be
changed. This is not so good for verification if
the biometric is compromised.
– Furthermore, a biometric is not a secret, so it
can be found and copied. This is bad.
– So, are stability and uniqueness not good after
all?
7/16/2013
6
Keyspace
Number of possible codewords (CW)
– Token
• 12-digit: CW = 10^12 CWs
– Password
• Full 62 ASCII alphanumeric chars used randomly in an 8char password = over 10^14 CWs
• Most actual users selection ≈ 10^6 CWs, so in practice, the
12-digit token is more secure
– Biometrics (2001 technology, may change)
• ≈ inverse of FAR
–
–
–
–
7/16/2013
Iris ≈ 10^6 CWs
Fingerprint ≈ 10^4 CWs
Voice ≈ 10^3 CWs
Face ≈ 10 → 100 CWs
7
Increasing Keyspace
Combined authentication to increase
keyspace
– Multibiometric authentication
• More than one biometric
– Combine standard biometrics (e.g. face and fingerprint
(multimodal), or multiple fingerprints)
– Combine standard biometric with “soft” biometric
• Soft biometric = gender, height, race, eye color,
etc.
– Multifactor authentication
• More than one authentication type
– Combine biometric w/ password or token
7/16/2013
8
7/16/2013
9
Source: Technology Review, June 2004
Biometric Advantages
Convenience
– Can’t be lost (in general)
– Can’t be forgotten
Can’t be loaned
Mostly unique (matching may not be)
Perceived strong non-repudiation
Does not change significantly (in general)
(Ident.)
Both verification and identification
applications
7/16/2013
10
Biometric Disadvantages
Ability to authenticate dependent on
technology (FAR, FRR)
Personal data, but not secret/secured data
Easy to copy raw data
Cost of technology
Non-revocable
Cannot change if compromised (Ver.)
Inexact matching (variable presentation)
Social acceptance
7/16/2013
11
Biometric Authentication System
7/16/2013
12
Source: Podio, NIST
Template Size
7/16/2013
13
Wireless Biometric System Security
Security issues
– Biometric authentication to ensure secure
access to the system/network
• In other words, wireless system access security
– Wireless message authentication to ensure
secure transmission of biometric data
• In other words, personal information security and
privacy across the wireless network
– Physical security
• Devices, computers, transmitters/receivers, etc.
7/16/2013
14
Biometric Authentication Threats
7/16/2013
15
Defense of Biometric System
Capture device presented with ‘false’
biometric
– e.g. fake finger, short video, high-res
color iris image, latent image
– Use biometric ‘in addition’ not ‘instead
of’ (multi-verification)
– Vitality sensor, 3-D confirmation
7/16/2013
16
Defense of Biometric System
(continued)
Modification of capture device
– Only a problem if capture and template
generation (and maybe matching) are done on
the device (trusted biometric device)
– Tightly integrate capture mechanism with
processing hardware
– Ruggedize device
– Display physical sign of tampering
– Inactivate if tampered (TILT!)
– Encryption of template
7/16/2013
17
Defense of Biometric System
(continued)
Remainder are network security or
template database security issues
– Wireless network security will be
discussed
– Database security is beyond the scope
of this presentation
– Don’t forget OS security
7/16/2013
18
Biometric Cryptography
Use of biometric data for encryption
& decryption
“fuzzy” commitment, vault – Ari
Juels, RSA Labs
7/16/2013
19
Biometric Cryptography (example)
01010 10101
00000 11111
Enroll
Template
(Encrypt) (key)
Password
(hashed)
Within
Threshold?
E(h(Pwd)) “stored”
compare
10000 10111
Hamming
Distance = 2
7/16/2013
01010 01010
Template
“live”
(key)
11010 11101
Verify
(Decrypt)
20
Biometrics Standards
Common Biometric Exchange File Format (CBEFF)
ANSI-NIST-ITL-2000
American Association for Motor Vehicle Administration (AAMVA) DL/ID
2000
FBI
Intel Common Data Security Architecture (CDSA)
ANSI X9.84 – Biometric data security (life cycle)
APIs
XCBF
–
–
Data exchange & quality
Criminal identification
–
–
Wavelet Scalar Quantization (WSQ) – fingerprint image (de)compression
Electronic Fingerprint Transmission Standard (EFTS)
–
Originally developed for financial industry; uses CBEFF
–
–
Open: BioAPI, Java Card Biometric API; uses CBEFF
Proprietary: BAPI
…what is Microsoft planning?
–
–
XML Common Biometric Format from OASIS; uses CBEFF
Mechanisms for secure transmission, storage, integrity, & privacy of biometrics
7/16/2013
21
Biometric Standards
Recently from NIST…
– Biometric Data Specification for Personal
Identity Verification (PIV)
• January 24, 2005 (Draft)
• New standards governing interoperable use of
identity credentials to allow physical and logical
access to federal government locations and systems
– Technical and formatting requirements for biometric
credentials
– Restricts values and practices for fingerprints and
facial images
– Geared toward FBI background checks and formatting
data for a PIV card
– CBEFF and BioAPI compliant
7/16/2013
22
CBEFF - Overview
Framework for sharing raw or template
data
Supports encryption & digital signature
for security
File = SBH (header) + BSMB (data) + SB
(signature)
Patrons identify the data format
Approved interchange formats
– Finger Minutiae, Finger Pattern, Finger Image,
Face Recognition, Iris, Signature/Sign, Hand
Geometry
7/16/2013
23
CBEFF Patron Formats
Format A – The CBEFF Data Structure
Format B – The BioAPI Specification Biometric Identification
Record (BIR) Format
– Patron: CBEFF
– Small embedded or legacy systems, limited storage
– No data exchange between systems
– Patron: BioAPI Consortium
– BioAPI compliant systems
– Client / server data exchange
Format C – ANSI X9.84 Biometric Object
Format D – Biometric Information Data Objects for Use Within
Smart Cards or Other Tokens (recent)… e.g. Java Card
– Patron: ANSI Subcommittee X9, Working Group F4
– Large systems
– Data exchange in a secure manner with authentication
7/16/2013
24
Wireless Advantages
Mobility
Flexibility
Cost
Productivity
Aesthetics
Robustness
– Easier to relocate and configure
– More scalable
– No cost due to physical barriers, private property.
– More opportunity to connect
– No clutter from wires
– Less physical infrastructure to damage and repair
7/16/2013
25
Wireless Disadvantages
Lower channel capacity
– Limited spectrum available
– Power restrictions
– Noise levels
Noise and interference
Frequency allocation
– U.S. – FCC
Greater security concern
– Information traveling in free space
7/16/2013
26
Wireless Protocols
Network domains
– Broadband
• IEEE 802.16, Worldwide Interoperability for Microwave Access (WiMAX) –
framework, not single system or class of service
– Cellular networks
• Global System for Mobile communication (GSM)
• Universal Mobile Telecommunications System (UMTS =WCDMA)
– Cordless systems
• Time Division Multiple Access (TDMA)
• Time Division Duplex (TDD)
– Mobile Internet Protocol (Mobile IP)
– Wireless Local Area Network (WLAN)
• IEEE 802.11 (Wi-Fi) a,b,g
(n … not yet ratified)
– Wireless Personal Area Network (WPAN)
• IrDA, Bluetooth, ultra wideband, wireless USB
– Home Automation (narrow band)
• Infineon, ZigBee, Z-Wave
7/16/2013
27
Wireless Protocol Comparison
7/16/2013
28
Source: PC Magazine, March 22, 2004
Security and Protocols
Security domains
– Application security
• Wireless Application Protocol (WAP)
– Uses Wireless Transport Layer Security (WTLS)
• Current Class 2 devices based on IETF SSL/TLS
• Future Class 3 devices will use a WAP Identity Module (WIM)
• Web services
– Simple Object Access Protocol (SOAP) – toolkits available for Java & .NET
• Operating system security (Java run-time, Palm OS, Microsoft Windows CE)
– Device security (PINs, pass-phrases, biometrics)
– Security of wireless protocols
• IEEE 802.11 (Wi-Fi)
– Wireless Encryption Protocol (WEP)… weak and flawed
– Wi-Fi Protected Access (WPA). Uses Temporal Key Integrity Protocol (TKIP)
• IEEE 802.11i – Wireless Security spec. (WPA, AES, FIPS 140-2 compliant)
– Authentication security
• Remote Authentication Dial In User Service (RADIUS)
• Kerberos
• SSL
7/16/2013
29
Network Encryption
Secure Shell (SSH)
Secure Socket Layer (SSL)
Internet Protocol Security (IPSec)
– Application Layer
– Secure remote connection replacement for telnet, rlogin,
rsh
– Transport Layer Security (TLS)
– Uses TCP & has specific port numbers
– Main use is HTTPS (port 443)
– Network Layer
– Includes a key management protocol
– Included in IPv6
7/16/2013
30
Network System Architecture
Where does authentication happen?
– Device
• Data not externally transmitted
– Local Computer
• Data transmitted between device(s) and PC (WPAN)
– LAN-Connected Computer
• Data transmitted locally (WLAN)
– Remote Computer
• Data transmitted remotely (WWAN)
– Application dependent
• Data transmitted between capture device and database
• Database template storage requirement = template size *
number of templates
7/16/2013
31
Avenues of Attack
= wireless
LAN- connected Computer
Local Computer
LAN
Remote Computer
Capture
Device
7/16/2013
WAN
32
Wireless Security Issues
Denial of Service (DoS)
Eavesdropping
Theft or loss of device
Dependency on public-shared infrastructure
Masquerading
Malware
– Jamming…Use Spread Spectrum (DSSS, FHSS) technology
– As a device battery attack, i.e., more processing = more battery usage
– Signal is in the open air (war dialing)
– Due to size, portability, and utility
– What security is in place?
– Rogue clients pretend to be legitimate endpoint
– Rogue access points trick clients to logging in
– Worms (Cabir) and Viruses (Timfonica, Phage) on wireless devices
– Use Antivirus software
7/16/2013
33
Wireless Security Paradox
We use wireless devices for
convenience
Security measures often decrease
convenience and performance
Result: Security features are often
disabled or given lower priority
7/16/2013
34
System Design Considerations
Verification
–
–
–
–
–
Are you who you claim to be (or are supposed to be)?
1:1 matching
Usually consensual
Typically smaller template databases
Authorization (computer, network, building)
–
–
–
–
–
Who are you?
1:n matching
Often no explicit consent or awareness
Typically larger template databases
Surveillance (homeland and border security), forensics, criminal
investigation (AFIS)
Identification
Why not both?
– i.e. You are not who you say you are, so who are you?
7/16/2013
35
Scenario: Biometrics at the Airport
Workforce security
– Biometric authentication
• Identify all employees who require restricted area access
• ID card encoded to protect data
• Biometric scanning devices networked at access control points to
permit/deny access
Facility integrity
– Employees w/ vehicle access must be authenticated via biometrics
– Access control within aircraft
• Biometric devices for authorized personnel to access sensitive areas within
aircraft
Communications infrastructure
Passenger security
– Networked biometric scanning stations
– Authenticate passengers with passports or ID cards containing
encoded biometrics
– Identify suspicious or unknown people with biometric surveillance
7/16/2013
36
Putting it Together
How do we maximize advantages and
minimize disadvantages when a
biometric system is combined with a
wireless system for an optimal
wireless biometric system?
7/16/2013
37
Future Research
Pattern for “fuzzy” matching?
– Biometrics, digital watermarks, IDS, search
engines
Biometric cryptography
– Biometric key generation
• Fuzzy matching methodologies
• Embedding biometric keys within wireless protocols
– X.509 certificates
– Protocol payload area
– Protocol header (authentication) area
• Use coefficients? (polynomial, elliptic curve)
7/16/2013
38
Wireless Environment
Dr. Mohammad Iqbal
Thanks to : Alex Kotlarchyk, Florida Atlantic University
7/16/2013
1
Goals
Biometric protocols suitable for a
wireless networked environment
Secure system/network access via
biometric authentication
Secure wireless transmission of
biometric data
7/16/2013
2
Why Wireless Biometrics?
Combination of two rapidly growing
technologies
1. Biometric systems for verification and
identification
• Homeland Security
2. Wireless systems for mobility
• Over 1 trillion wireless phone min. in US,
2004
Common advantage is convenience
7/16/2013
3
Current Examples of Biometric
Deployments
Eastern Financial’s Boca Mission Bay branch
– Handprint scan to unlock the door to safe deposit boxes
Statue of Liberty
– Fingerprint scan to access lockers
Nine Zero hotel in Boston
– Iris scan for entrance to $3,000-a-night suite
Piggly-Wiggly grocery stores
– Testing pay-by-fingerprint system
Bank of Tokyo-Mitsubishi
– Credit cards w/ embedded vein-pattern information
7/16/2013
4
Human authentication
Types of human authentication
– What you know (secret)
• Password, PIN, mother’s maiden name
– What you have (token)
• ATM card, smart card
– What you are (biometric)
• Stable: fingerprint, face, iris
• Alterable: voice, keystroke
– Where you are (authorization?)
• Wireless
7/16/2013
5
Suitability of Biometrics
Paradox of secure biometrics
– A biometric is stable and distinctive. This is
good for identification.
– However, something unique can never be
changed. This is not so good for verification if
the biometric is compromised.
– Furthermore, a biometric is not a secret, so it
can be found and copied. This is bad.
– So, are stability and uniqueness not good after
all?
7/16/2013
6
Keyspace
Number of possible codewords (CW)
– Token
• 12-digit: CW = 10^12 CWs
– Password
• Full 62 ASCII alphanumeric chars used randomly in an 8char password = over 10^14 CWs
• Most actual users selection ≈ 10^6 CWs, so in practice, the
12-digit token is more secure
– Biometrics (2001 technology, may change)
• ≈ inverse of FAR
–
–
–
–
7/16/2013
Iris ≈ 10^6 CWs
Fingerprint ≈ 10^4 CWs
Voice ≈ 10^3 CWs
Face ≈ 10 → 100 CWs
7
Increasing Keyspace
Combined authentication to increase
keyspace
– Multibiometric authentication
• More than one biometric
– Combine standard biometrics (e.g. face and fingerprint
(multimodal), or multiple fingerprints)
– Combine standard biometric with “soft” biometric
• Soft biometric = gender, height, race, eye color,
etc.
– Multifactor authentication
• More than one authentication type
– Combine biometric w/ password or token
7/16/2013
8
7/16/2013
9
Source: Technology Review, June 2004
Biometric Advantages
Convenience
– Can’t be lost (in general)
– Can’t be forgotten
Can’t be loaned
Mostly unique (matching may not be)
Perceived strong non-repudiation
Does not change significantly (in general)
(Ident.)
Both verification and identification
applications
7/16/2013
10
Biometric Disadvantages
Ability to authenticate dependent on
technology (FAR, FRR)
Personal data, but not secret/secured data
Easy to copy raw data
Cost of technology
Non-revocable
Cannot change if compromised (Ver.)
Inexact matching (variable presentation)
Social acceptance
7/16/2013
11
Biometric Authentication System
7/16/2013
12
Source: Podio, NIST
Template Size
7/16/2013
13
Wireless Biometric System Security
Security issues
– Biometric authentication to ensure secure
access to the system/network
• In other words, wireless system access security
– Wireless message authentication to ensure
secure transmission of biometric data
• In other words, personal information security and
privacy across the wireless network
– Physical security
• Devices, computers, transmitters/receivers, etc.
7/16/2013
14
Biometric Authentication Threats
7/16/2013
15
Defense of Biometric System
Capture device presented with ‘false’
biometric
– e.g. fake finger, short video, high-res
color iris image, latent image
– Use biometric ‘in addition’ not ‘instead
of’ (multi-verification)
– Vitality sensor, 3-D confirmation
7/16/2013
16
Defense of Biometric System
(continued)
Modification of capture device
– Only a problem if capture and template
generation (and maybe matching) are done on
the device (trusted biometric device)
– Tightly integrate capture mechanism with
processing hardware
– Ruggedize device
– Display physical sign of tampering
– Inactivate if tampered (TILT!)
– Encryption of template
7/16/2013
17
Defense of Biometric System
(continued)
Remainder are network security or
template database security issues
– Wireless network security will be
discussed
– Database security is beyond the scope
of this presentation
– Don’t forget OS security
7/16/2013
18
Biometric Cryptography
Use of biometric data for encryption
& decryption
“fuzzy” commitment, vault – Ari
Juels, RSA Labs
7/16/2013
19
Biometric Cryptography (example)
01010 10101
00000 11111
Enroll
Template
(Encrypt) (key)
Password
(hashed)
Within
Threshold?
E(h(Pwd)) “stored”
compare
10000 10111
Hamming
Distance = 2
7/16/2013
01010 01010
Template
“live”
(key)
11010 11101
Verify
(Decrypt)
20
Biometrics Standards
Common Biometric Exchange File Format (CBEFF)
ANSI-NIST-ITL-2000
American Association for Motor Vehicle Administration (AAMVA) DL/ID
2000
FBI
Intel Common Data Security Architecture (CDSA)
ANSI X9.84 – Biometric data security (life cycle)
APIs
XCBF
–
–
Data exchange & quality
Criminal identification
–
–
Wavelet Scalar Quantization (WSQ) – fingerprint image (de)compression
Electronic Fingerprint Transmission Standard (EFTS)
–
Originally developed for financial industry; uses CBEFF
–
–
Open: BioAPI, Java Card Biometric API; uses CBEFF
Proprietary: BAPI
…what is Microsoft planning?
–
–
XML Common Biometric Format from OASIS; uses CBEFF
Mechanisms for secure transmission, storage, integrity, & privacy of biometrics
7/16/2013
21
Biometric Standards
Recently from NIST…
– Biometric Data Specification for Personal
Identity Verification (PIV)
• January 24, 2005 (Draft)
• New standards governing interoperable use of
identity credentials to allow physical and logical
access to federal government locations and systems
– Technical and formatting requirements for biometric
credentials
– Restricts values and practices for fingerprints and
facial images
– Geared toward FBI background checks and formatting
data for a PIV card
– CBEFF and BioAPI compliant
7/16/2013
22
CBEFF - Overview
Framework for sharing raw or template
data
Supports encryption & digital signature
for security
File = SBH (header) + BSMB (data) + SB
(signature)
Patrons identify the data format
Approved interchange formats
– Finger Minutiae, Finger Pattern, Finger Image,
Face Recognition, Iris, Signature/Sign, Hand
Geometry
7/16/2013
23
CBEFF Patron Formats
Format A – The CBEFF Data Structure
Format B – The BioAPI Specification Biometric Identification
Record (BIR) Format
– Patron: CBEFF
– Small embedded or legacy systems, limited storage
– No data exchange between systems
– Patron: BioAPI Consortium
– BioAPI compliant systems
– Client / server data exchange
Format C – ANSI X9.84 Biometric Object
Format D – Biometric Information Data Objects for Use Within
Smart Cards or Other Tokens (recent)… e.g. Java Card
– Patron: ANSI Subcommittee X9, Working Group F4
– Large systems
– Data exchange in a secure manner with authentication
7/16/2013
24
Wireless Advantages
Mobility
Flexibility
Cost
Productivity
Aesthetics
Robustness
– Easier to relocate and configure
– More scalable
– No cost due to physical barriers, private property.
– More opportunity to connect
– No clutter from wires
– Less physical infrastructure to damage and repair
7/16/2013
25
Wireless Disadvantages
Lower channel capacity
– Limited spectrum available
– Power restrictions
– Noise levels
Noise and interference
Frequency allocation
– U.S. – FCC
Greater security concern
– Information traveling in free space
7/16/2013
26
Wireless Protocols
Network domains
– Broadband
• IEEE 802.16, Worldwide Interoperability for Microwave Access (WiMAX) –
framework, not single system or class of service
– Cellular networks
• Global System for Mobile communication (GSM)
• Universal Mobile Telecommunications System (UMTS =WCDMA)
– Cordless systems
• Time Division Multiple Access (TDMA)
• Time Division Duplex (TDD)
– Mobile Internet Protocol (Mobile IP)
– Wireless Local Area Network (WLAN)
• IEEE 802.11 (Wi-Fi) a,b,g
(n … not yet ratified)
– Wireless Personal Area Network (WPAN)
• IrDA, Bluetooth, ultra wideband, wireless USB
– Home Automation (narrow band)
• Infineon, ZigBee, Z-Wave
7/16/2013
27
Wireless Protocol Comparison
7/16/2013
28
Source: PC Magazine, March 22, 2004
Security and Protocols
Security domains
– Application security
• Wireless Application Protocol (WAP)
– Uses Wireless Transport Layer Security (WTLS)
• Current Class 2 devices based on IETF SSL/TLS
• Future Class 3 devices will use a WAP Identity Module (WIM)
• Web services
– Simple Object Access Protocol (SOAP) – toolkits available for Java & .NET
• Operating system security (Java run-time, Palm OS, Microsoft Windows CE)
– Device security (PINs, pass-phrases, biometrics)
– Security of wireless protocols
• IEEE 802.11 (Wi-Fi)
– Wireless Encryption Protocol (WEP)… weak and flawed
– Wi-Fi Protected Access (WPA). Uses Temporal Key Integrity Protocol (TKIP)
• IEEE 802.11i – Wireless Security spec. (WPA, AES, FIPS 140-2 compliant)
– Authentication security
• Remote Authentication Dial In User Service (RADIUS)
• Kerberos
• SSL
7/16/2013
29
Network Encryption
Secure Shell (SSH)
Secure Socket Layer (SSL)
Internet Protocol Security (IPSec)
– Application Layer
– Secure remote connection replacement for telnet, rlogin,
rsh
– Transport Layer Security (TLS)
– Uses TCP & has specific port numbers
– Main use is HTTPS (port 443)
– Network Layer
– Includes a key management protocol
– Included in IPv6
7/16/2013
30
Network System Architecture
Where does authentication happen?
– Device
• Data not externally transmitted
– Local Computer
• Data transmitted between device(s) and PC (WPAN)
– LAN-Connected Computer
• Data transmitted locally (WLAN)
– Remote Computer
• Data transmitted remotely (WWAN)
– Application dependent
• Data transmitted between capture device and database
• Database template storage requirement = template size *
number of templates
7/16/2013
31
Avenues of Attack
= wireless
LAN- connected Computer
Local Computer
LAN
Remote Computer
Capture
Device
7/16/2013
WAN
32
Wireless Security Issues
Denial of Service (DoS)
Eavesdropping
Theft or loss of device
Dependency on public-shared infrastructure
Masquerading
Malware
– Jamming…Use Spread Spectrum (DSSS, FHSS) technology
– As a device battery attack, i.e., more processing = more battery usage
– Signal is in the open air (war dialing)
– Due to size, portability, and utility
– What security is in place?
– Rogue clients pretend to be legitimate endpoint
– Rogue access points trick clients to logging in
– Worms (Cabir) and Viruses (Timfonica, Phage) on wireless devices
– Use Antivirus software
7/16/2013
33
Wireless Security Paradox
We use wireless devices for
convenience
Security measures often decrease
convenience and performance
Result: Security features are often
disabled or given lower priority
7/16/2013
34
System Design Considerations
Verification
–
–
–
–
–
Are you who you claim to be (or are supposed to be)?
1:1 matching
Usually consensual
Typically smaller template databases
Authorization (computer, network, building)
–
–
–
–
–
Who are you?
1:n matching
Often no explicit consent or awareness
Typically larger template databases
Surveillance (homeland and border security), forensics, criminal
investigation (AFIS)
Identification
Why not both?
– i.e. You are not who you say you are, so who are you?
7/16/2013
35
Scenario: Biometrics at the Airport
Workforce security
– Biometric authentication
• Identify all employees who require restricted area access
• ID card encoded to protect data
• Biometric scanning devices networked at access control points to
permit/deny access
Facility integrity
– Employees w/ vehicle access must be authenticated via biometrics
– Access control within aircraft
• Biometric devices for authorized personnel to access sensitive areas within
aircraft
Communications infrastructure
Passenger security
– Networked biometric scanning stations
– Authenticate passengers with passports or ID cards containing
encoded biometrics
– Identify suspicious or unknown people with biometric surveillance
7/16/2013
36
Putting it Together
How do we maximize advantages and
minimize disadvantages when a
biometric system is combined with a
wireless system for an optimal
wireless biometric system?
7/16/2013
37
Future Research
Pattern for “fuzzy” matching?
– Biometrics, digital watermarks, IDS, search
engines
Biometric cryptography
– Biometric key generation
• Fuzzy matching methodologies
• Embedding biometric keys within wireless protocols
– X.509 certificates
– Protocol payload area
– Protocol header (authentication) area
• Use coefficients? (polynomial, elliptic curve)
7/16/2013
38