Presented by:
SAJAL SARKAR
DIPIKA MAJI

---

[attachment=10908]
Distributed Systems
Smart Cards, Biometrics, & CAPTCHA
Carrying certificates around
How do you use your [digital] identity?
 Install your certificate in browser
 On-computer keychain file
Need there be more?
Smart cards
 Smart card
 Portable device
○ credit card, , key fob, button with IC on it
 Communication
 Contact-based
 Contactless
○ Near Field Communication (NFC)
○ Communication within a few inches of reader
○ May draw power from reader’s EMF signal
○ 106-424 kbps
 Hybrid: contact and contactless
 Smart cards
Capabilities
 Memory cards
○ Magnetic stripe: stores 125 bytes
○ Smart cards typically store 32-64 KB
○ Optional security for data access
 Microcontroller cards
○ OS + programs + cryptographic hardware + memory
Smart card advantages
 Security
 on-board encryption, hashing, signing
 data can be securely transferred
 Store biometric data & verify against user
 key store
○ store public keys (your certificates)
○ do not divulge private keys
○ perform digital signatures on card
 Convenience
 more data can be carried on the card
 Personalization
 e.g. GSM phone card
Smart card applications
 Stored-value cards (electronic purses)
 Developed for small-value transactions
 Mid 1990s in Europe and Asia
 GSM phone SIM card
 Credit/Debit
 Stored account numbers, one-time numbers
 EMV System (Europay, MasterCard, VISA)
 Passports
 Encoded biometric information, account numbers
 Toll collection & telephone cards
 Account number (EZ-Pass) or stored value (mass transit)
 Cryptographic smart cards
 Authentication: pin-protected signing with private key
 Example: Passport
Contactless communication
 Stores:
 Descriptive data
 Digitized facial image
 Fingerprints, iris scan, etc. optional
 Certificate of document signer & personal
public key
 Basic Access Control (BAC)
 Negotiate session key using:
passport #, date of birth, expiration date
 This data is read optically – so you need physical access
 Generates 3DESS “document basic access keys”
○ Fixed for life
 German proposal to use Diffie-Hellman key negotiation
 Example: Octopus
Stored value card - contactless
 Provision for automatic replenishment
 Asynchronous transaction recording to banks
 Two-way authentication based on public keys
○ All communications is encrypted
 Widely used in Hong Kong & Shenzen
 Buses, stores, supermarkets, fast food, parking
 Logs $10.8 million per day on more than 50,000 readers
 Available in:
 Cards, fobs, watches, toys
Biometric authentication
 Biometrics
 Statistical pattern recognition
 Thresholds
 Each biometric system has a characteristic ROC plot
 (receiver operator curve, a legacy from radio electronics)
 Biometrics: forms
Fingerprints
 identify minutia
Biometrics: forms
 Iris
 Analyze pattern of spokes: excellent uniqueness,
signal can be normalized for fast matching
 Retina scan
 Excellent uniqueness but not popular for non-criminals
 Fingerprint
 Reasonable uniqueness
 Hand geometry
 Low guarantee of uniqueness: generally need 1:1 match
 Signature, Voice
 Behavioral vs. physical system
 Can change with demeanor, tend to have low recognition rates
 Facial geometry
Biometrics: desirable characteristics
 Robustness
 Repeatable, not subject to large changes
 Distinctive
 Wide differences in the pattern among population
Fingerprints: highly distinctive, not very robust
Fingerprints: typically 40-50 distinct features
Irises: typically >250 distinct features
Hand geometry: highly robust, not very distinctive
(~1 in 100 people might have a hand with measurements close to yours)
 Irises vs. Fingerprints
 Number of features measured:
 High-end fingerprint systems: ~40-60 features
 Iris systems: ~240 features
 Ease of data capture
 More difficult to damage an iris
 Feature capture more difficult for fingerprints:
○ Smudges, gloves, dryness, …
Irises vs. Fingerprints
 False accept rates
 Fingerprints: ~ 1:100,000 (varies by vendor)
 Irises: ~ 1:1.2 million
 Ease of searching
 Fingerprints cannot be normalized
1:many searches are difficult
 Irises can be normalized to generate a unique IrisCode
1:many searches much faster
Biometrics: desirable characteristics
 Cooperative systems (multi-factor)
 User provides identity, such as name and/or PIN
 Non-cooperative
 Users cannot be relied on to identify themselves
 Need to search large portion of database
 Overt vs. covert identification
 Habituated vs. non-habituated
 Do users regularly use (train) the system
Biometric: authentication process
1. Sensing
 User’s characteristic must be presented to a sensor
 Output is a function of:
○ Biometric measure
○ The way it is presented
○ Technical characteristics of sensor
2. Signal Processing
 Feature extraction
 Extract the desired biometric pattern
○ remove noise and signal losses
○ discard qualities that are not distinctive/repeatable
○ Determine if feature is of “good quality”