24-03-2011, 12:38 PM
Presented by:
SAJAL SARKAR
DIPIKA MAJI
[attachment=10908]
Distributed Systems
Smart Cards, Biometrics, & CAPTCHA
Carrying certificates around
How do you use your [digital] identity?
Install your certificate in browser
On-computer keychain file
Need there be more?
Smart cards
Smart card
Portable device
○ credit card, , key fob, button with IC on it
Communication
Contact-based
Contactless
○ Near Field Communication (NFC)
○ Communication within a few inches of reader
○ May draw power from reader’s EMF signal
○ 106-424 kbps
Hybrid: contact and contactless
Smart cards
Capabilities
Memory cards
○ Magnetic stripe: stores 125 bytes
○ Smart cards typically store 32-64 KB
○ Optional security for data access
Microcontroller cards
○ OS + programs + cryptographic hardware + memory
Smart card advantages
Security
on-board encryption, hashing, signing
data can be securely transferred
Store biometric data & verify against user
key store
○ store public keys (your certificates)
○ do not divulge private keys
○ perform digital signatures on card
Convenience
more data can be carried on the card
Personalization
e.g. GSM phone card
Smart card applications
Stored-value cards (electronic purses)
Developed for small-value transactions
Mid 1990s in Europe and Asia
GSM phone SIM card
Credit/Debit
Stored account numbers, one-time numbers
EMV System (Europay, MasterCard, VISA)
Passports
Encoded biometric information, account numbers
Toll collection & telephone cards
Account number (EZ-Pass) or stored value (mass transit)
Cryptographic smart cards
Authentication: pin-protected signing with private key
Example: Passport
Contactless communication
Stores:
Descriptive data
Digitized facial image
Fingerprints, iris scan, etc. optional
Certificate of document signer & personal
public key
Basic Access Control (BAC)
Negotiate session key using:
passport #, date of birth, expiration date
This data is read optically – so you need physical access
Generates 3DESS “document basic access keys”
○ Fixed for life
German proposal to use Diffie-Hellman key negotiation
Example: Octopus
Stored value card - contactless
Provision for automatic replenishment
Asynchronous transaction recording to banks
Two-way authentication based on public keys
○ All communications is encrypted
Widely used in Hong Kong & Shenzen
Buses, stores, supermarkets, fast food, parking
Logs $10.8 million per day on more than 50,000 readers
Available in:
Cards, fobs, watches, toys
Biometric authentication
Biometrics
Statistical pattern recognition
Thresholds
Each biometric system has a characteristic ROC plot
(receiver operator curve, a legacy from radio electronics)
Biometrics: forms
Fingerprints
identify minutia
Biometrics: forms
Iris
Analyze pattern of spokes: excellent uniqueness,
signal can be normalized for fast matching
Retina scan
Excellent uniqueness but not popular for non-criminals
Fingerprint
Reasonable uniqueness
Hand geometry
Low guarantee of uniqueness: generally need 1:1 match
Signature, Voice
Behavioral vs. physical system
Can change with demeanor, tend to have low recognition rates
Facial geometry
Biometrics: desirable characteristics
Robustness
Repeatable, not subject to large changes
Distinctive
Wide differences in the pattern among population
Fingerprints: highly distinctive, not very robust
Fingerprints: typically 40-50 distinct features
Irises: typically >250 distinct features
Hand geometry: highly robust, not very distinctive
(~1 in 100 people might have a hand with measurements close to yours)
Irises vs. Fingerprints
Number of features measured:
High-end fingerprint systems: ~40-60 features
Iris systems: ~240 features
Ease of data capture
More difficult to damage an iris
Feature capture more difficult for fingerprints:
○ Smudges, gloves, dryness, …
Irises vs. Fingerprints
False accept rates
Fingerprints: ~ 1:100,000 (varies by vendor)
Irises: ~ 1:1.2 million
Ease of searching
Fingerprints cannot be normalized
1:many searches are difficult
Irises can be normalized to generate a unique IrisCode
1:many searches much faster
Biometrics: desirable characteristics
Cooperative systems (multi-factor)
User provides identity, such as name and/or PIN
Non-cooperative
Users cannot be relied on to identify themselves
Need to search large portion of database
Overt vs. covert identification
Habituated vs. non-habituated
Do users regularly use (train) the system
Biometric: authentication process
1. Sensing
User’s characteristic must be presented to a sensor
Output is a function of:
○ Biometric measure
○ The way it is presented
○ Technical characteristics of sensor
2. Signal Processing
Feature extraction
Extract the desired biometric pattern
○ remove noise and signal losses
○ discard qualities that are not distinctive/repeatable
○ Determine if feature is of “good quality”