Tuesday, April 6, 2010
ABSTRACT
Reference:
http://en.wikipedia.org/wiki/Biometric
Monday, April 5, 2010
INTRODUCTION
Authentication systems such as PIN, passwords utilize something you know. Physical entities such as key, token, card utilize what you have. Biometrics systems use what you are (your intrinsic physical features) - fingerprint, iris pattern or what you can do (your behavioral traits) - voice, gait etc. The biometric system eliminates the deficiencies of password system, such as use of easily compromised passwords, difficulty in remembering the password.
There are many different types of biometrics - handwriting, voice prints, face recognition and finger prints. There are also systems using hand geometry, typing patterns, iris scans, signature geometry (not just the look of the signature, but the pen pressure, signature speed) and so on. there are other biometric methods which may not particularly suit mobile applications: e.g. keystroke dynamics, gait, retinal, vascular pattern etc. The most widely used biometric authentications today are fingerprint, iris, signature, face and hand geometry.
As mobile phone use involves transfer of personal data through the Internet, financial transactions etc, the technology selected should be stringent on false accept rate, which means that chances of permitting access to an imposter will be the least, even at the cost of denying access to an authentic user. If biometric is part of a two-part authentication system. such as fingerprint verification and password, then a lower false accept rate with high false reject rate will be in order. However, biometric systems have improved over the years to be more accurate in terms of achieving low false accept rates as well as low false reject rates.
Biometric authentication requires two stage operations: Enrollment and authentication (one-to-one comparison of user's input and template) or identification (one-to-many comparison of user's input with a data base of templates). The former is important for mobile applications. Also the important feature to consider is Accuracy or threshold value. A block diagram showing the steps involved in biometric system is given above.
Privacy relate to the apprehension of the individuals that data obtained during biometric enrollments could be used in ways the enrolled individual does not consent to. Governmental and nongovernmental regulations and guidelines in some countries do attempt to provide some safeguards. For example the Irish Council of Bioethics (ICB) in its report has advised that biometric technology, though powerful must be used appropriately to avoid resentment and paranoia among users. The European Bio Sec consortium is working to develop a legal framework for the use of biometric technologies that ensures full compliance with European regulations in the area of data protection.
Reference:
http://pagesperso-orange.fr/fingerchip/biometrics/types.htm
http://en.wikipedia.org/wiki/Biometric
http://www.techcentral.ie/article.aspx?id=14260
http://www.it-director.com/technology/security/content.php?cid=7735
Sunday, April 4, 2010
SURVEY OF ISSUES
- What is the security level you need?
- Will the system be attended or unattended?
- Is it important that your system be resistant to spoofing? If so, how will you accomplish?
- Do you need the system to work 24 hours a day? Accordingly what is the protection and backup process? What are the cost implications of such a protection?
- How do you deal with persons who may be rejected or cannot adopt this system - persons without clear fingerprint or skin diseases, blind persons
- Is the enrolment assisted? Have you considered the ergonomics, convenient, accepted way of giving sample?
- The system requires a voluntary ("buying act") enrolment
- A sensor in a cellular phone has to be small in size.
- Do you envisage a "signature token" system? How do you store the signature securely and reliably? What are the cost implications?
- Privacy issues - a fingerprint system will be immediately trusted by people; Is there any enforcement from the government?
Reference:
http://pagesperso-orange.fr/fingerchip/biometrics/types.htm
http://www.strassmann.com/pubs/searchsecurity/2002-4.php
Book:
Secrets and lies - By Bruce Schneier Wiley (2004)
Saturday, April 3, 2010
TECHNOLOGY PERFORMANCE AND COST ASPECTS
Performance of a biometric system is defined by a number of parameters. The principal among them are defined below: For a detailed treatment of performance parameters, please refer to http://en.wikipedia.org/wiki/Biometrics.
• False Acceptance Rate (FAR) or False Match Rate (FMR) - The probability that the system incorrectly declares a successful match between the input pattern and a nonmatching pattern in the database. It measures the percent of invalid matches. These systems are critical since they are commonly used to forbid certain actions by disallowed people.
• False Rejection Rate (FRR) or False Non-match Rate (FNMR) - The probability that the system incorrectly declares failure of match between the input pattern and the matching template in the database. It measures the percent of valid inputs being rejected.
• Equal Error Rate (EER) - The rate at which both accept and reject errors are equal. ROC or DET plotting is used because it shows how FAR and FRR can be changed. When quick comparison of two systems is required, the EER is commonly used. Obtained from the ROC plot by taking the point where FAR and FRR have the same value. The lower the EER, the more accurate the system is considered to be.
• Failure To Enroll rate (FTE) - The percentage of data input is considered invalid and fails to input into the system. Failure to enroll happens when the data obtained by the sensor are considered invalid or of poor quality.
In mobile biometric systems, where the user’s authenticity is to be verified, false acceptance should be as low as possible, with a little higher margin on false rejection rate.
Overview of Mobile Banking Threats and payment security
Mobile banking can be divided into three types:
- Text systems
- Thin client model: mobile web
- Fat client model: client side applications
While each of these models has its quota of risk, fat client model seems to be the most dangerous because the code is downloaded on to a physical device. This introduces concerns about authentication, stolen devices, viruses, encryption and a host of other security issues. It is difficult for experts, let alone bankers to accurately determine the risks involved in these systems. Nevertheless Banks such as Community Bank are implementing these being driven by demand, security concerns mostly arising as an afterthought. It would be prudent to involve security professionals to drive the creation of solutions for mobile banking systems. Moreover, there is need for cooperation among various stakeholders – the device makers, telecom companies, product retailers, banks, microfinance institutions, standardization bodies, app stores etc.
Protection Strategies
We will now review some of the measures used for protecting the user data and dealing with situations when the biometric identity is compromised.
Match-on-card
Match-on-card technology can be used with virtually any biometric and usually takes the form of a smart card. The card has a biometric template (for example, a digitized and encoded fingerprint) stored in a computer chip. A live version of the fingerprint is then compared with the stored template for verification purposes. The technology’s advantage is that it can be used as part of a network where the presented biometric is compared to a centralized database (e.g., the US-VISIT program), for comparison with local databases, or for an offline comparison between the presented biometric and the stored template on the card itself. Smart cards essentially act as the “issuer’s security agent in the hands of the user.” In addition, the security levels available are scalable. One could use the card and biometric, cards combined with PINs, cards with biometric templates used in conjunction with PINs. The proposed E-passport system now under development worldwide is a form of match-on-card technology.
Cancelable biometrics
Apart from user acceptance, Biometrics should have permanence in usage. If biometric data is obtained, for example compromised from a database, by unauthorized users, the genuine owner will lose control over them forever and lose his/her identity. All data, including biometrics is vulnerable whether in storage or in processing state.
Cancelable biometrics is a way in which to inherit the protection and the replacement features into biometrics. It was first proposed by Ratha et al. [2] Besides reliable accuracy performance and the replacement policy cancelable biometric has to be non-revisable in order to fulfill the aim. Several methods for generating cancellable biometrics have been proposed. Essentially, cancelable biometrics perform a distortion of the biometric image or features before matching. The variability in the distortion parameters provides the cancelable nature of the scheme. Some of the proposed techniques operate using their own recognition engines, such as Teoh et al. [3] and Savvides et al. [4] whereas other methods, such as Dabbah et al.[5] take the advantage of the advancement of the well-established biometric research for their recognition front-end to conduct recognition. Although this increases the restrictions on the protection system, it makes the cancelable templates more accessible for available biometric technologies.
2 N. K. Ratha, J. H. Connell, and R. M. Bolle, "Enhancing security and privacy in biometrics-based authentication systems," IBM systems Journal, vol. 40, pp. 614-634, 2001.
3 A. B. J. Teoh, A. Goh, and D. C. L. Ngo, "Random Multispace Quantization as an Analytic Mechanism for BioHashing of Biometric and Random Identity Inputs," Pattern Analysis and Machine Intelligence, IEEE Transactions on, vol. 28, pp. 1892-1901, 2006.
4 M. Savvides, B. V. K. V. Kumar, and P. K. Khosla, ""Corefaces"- Robust Shift Invariant PCA based Correlation Filter for Illumination Tolerant Face Recognition," presented at IEEE Computer Society Conference on Computer Vision and Pattern Recognition (CVPR'04), 2004.
5 M. A. Dabbah, W. L. Woo, and S. S. Dlay, "Secure Authentication for Face Recognition," presented at Computational Intelligence in Image and Signal Processing, 2007.
Biometric Security for Mobile Banking
As per the Markets+Enterprise White Paper produced by World Resources Institute in March 2008, use of mobile banking backed by cost effective Wi-Fi or Wi-Max networks is seen in many countries. There are Bank-centric networks in South Africa (Wizzit), Philippines (Smart money) and Kenya (m-Pesa). G-cash deployed by Global Telecom is a telecom-centric model. Countries like Mexico, Nigeria and Pakistan will soon follow.
Use of Biometrics for mobile banking works as follows:
When a customer initiates a mobile banking transaction, the handset would request that the user register his or her fingerprint on the sensor, and the handset would compare the fingerprint to the one already stored in the phone (and, as a backup, also stored on the bank mobile transaction server). The handset would then send the transaction request and the result of the fingerprint comparison—in effect, a biometric ID authentication—to the bank server for approval and execution of the transaction. That would replace the device-based security safeguard (the SIM card) with something much more robust and harder to defeat.
In keeping with the latest financial security standards, banks may want to employ two-factor identification, whereby two criteria are used to verify the customer’s identity, but this is entirely feasible with the mobile phone. One solution is to register the handset, usually via the user’s cell phone number, and link it with a particular individual account holder, and then send this information along with the biometric confirmation to the financial institution’s processing systems.
Based on the enrolment and the matching procedure (described elsewhere) there is a 1: 1 comparison to see if the match falls within the specified threshold say 95%. This threshold or accuracy level is determined by the administrator of the security system. Parameters determining the performance are False Accept Rate (FAR), False Reject Rate (FRR), Equal Error Rate (ERR – where FAR = FRR) and Failure To Enroll (FTE) rate. Failure to enroll may occur due to various reasons including illness and physical injury.
Local matching seems to be the preferred method for this application. Storing and verification of reference template locally is better for preserving the privacy of personal data. Further technological developments enable many biometric systems use each successive live scan to enhance and improve the reference template on the local device is another reason for preferring local matching systems. Central matching systems on the other hand require large storage spaces and multiple reference templates used for identification for different purposes.
The biometrics that lend themselves most to the small form-factor inherent with a cell phone are facial recognition, voice recognition, iris recognition and fingerprints. (Signatures and sign recognition are proving to be reliable authentication tools, but they require larger and more sophisticated screens than would be found on most cell phones nowadays, so they are excluded from this analysis.) The issues to consider in evaluating these measures include accuracy, reliability, acceptability, susceptibility to fraud, ease of enrollment, usability, environmental effects, hardware and software size, and cost.
Facial recognition
Facial recognition is not the ideal choice for verification. It requires ideal illumination conditions, angular position, dependence on sensitiveness of the cameras used etc. It often returns a number of matches rather than a single match. It cannot distinguish between identical siblings, can be defeated by a high-resolution video monitor playing a video of an authorized user, and can also be defeated by the use of a severed head. Religious and cultural prohibitions against facial photographs in some regions of the world may limit voluntary uptake by target users.
For these reasons facial recognition is largely deployed in 1: N environments for large-scale identification opportunities, surveillance and law enforcement.
Voice Recognition
Although technology is well developed is easy to implement and has wide user acceptance, voice recognition has its drawbacks:
It suffers from a high reject rate in noisy environments, which is a problem for outside usage. Performance can also vary according to audio signal quality as well as variations between enrollment and verification devices, and with variations in environments (inside versus outside, variations in background noise, etc.). Voice changes that occur as a result of time, injury, cold or illness can also be an issue. Voice recognition can be defeated by playing back a high fidelity recording, which would obviously be of great concern to financial institutions. The impact of environmental issues upon performance renders it of low to medium accuracy, which is not likely to meet the security needs of most financial institutions.
Iris Recognition
Iris scans require hardware that is not usually found on today’s average cell phones. Typical cell phone cameras are still too low in resolution for accurate iris scanning applications, and a proper iris scan requires a near-infrared illumination filter instead of the more common visible light filter found in cell phone cameras. Additionally, to prevent a picture from being able to fool the system, advanced devices may vary the light shone into the eye and watch for pupil dilation, a feature that is not currently viable on small devices like cell phone.
Fingerprints
Three of the traditional means of fingerprint recognition employ Optical, Captive Resistance/Pressure, and Thermal scanning technologies. While all three have been in use for years, with good reliability and accuracy, they do have weaknesses. All three types of scanning can be defeated using dead fingers or copying the last print and used with adhesive film and re-presenting to the scanner. Instances such as elderly, manual laborers and some Asian populations may pose enrolment problems.
A newer fingerprint technology, employing RF Imaging, uses ultrasonic holography of the outer layer of dead skin as well as the inner layer of live skin to create the template, rendering it nearly 100% accurate, not to mention resistant to the use of fake or dead fingers, or dirt and oil. In addition, the newer fingerprint systems use each new scan of the finger to enhance the existing template, thus making it more accurate with use over time.
While fingerprints have proven to be highly reliable and accurate over the years, particularly now using RF imaging, they are not completely infallible. They can be affected over time by such things as years of manual labor or physical injury, so there would probably be a desire to update the reference templates as and when necessary for commercial and financial applications. Other factors that can cause failure in a fingerprint scan are cold and humidity (particularly in the older types of fingerprinting), and location, angle and pressure of placement on the sensor (known as a platen). Other issues to consider are that the use of fingerprints requires physical contact, which can be a problem in some cultures, and the fact that finger printing’s long association with criminal justice lends itself to some privacy resistance, although this will probably ameliorate over time with increased use of biometrics and updated privacy laws.
Fingerprint capture technology is easily accommodated on a cell phone, with sensor sizes ranging from 12 mm x 5 mm to about 1.5 cm x 1.5 cm, and low power and processing requirements. The fingerprint template itself ranges in size from about 256 bytes to 500 bytes.
Biometric data protection
Issues to consider
Since biometric technologies attempt to address security relevant challenges, security requirements need to be defined in detail and at an international level where possible. For instance, the following security practices may be implemented:
(a) When using biometrics for a secure identification process, the complete security cycle should be considered (i.e. enrolment, storage, acquisition, matching and the entire back-end system); (b) enrolment and matching should be performed using ‘live and wellness’ detection, especially in unattended environments and/or the process should be appropriately supervised wherever possible; (c) multimodality (meaning more than one biometric identifier - e.g. facial recognition and fingerprint) is recommended to help prevent spoofing and encrypted templates should be used, rather than original samples, for storing and matching; (d) matching against tokens yields the highest security level and is therefore preferable; (e) implementing an effective key management process is necessary to protect personal data, as is for example the use of the Extended Access Control (EAC) protocol to the e-passport.
Research
A research project undertaken at the University of Geneva attempts to use digital data hiding in order to cross-store the biometric data inside the personal data and vice versa. Robust visual hashing techniques are used in the authentication systems to match the information rates of current image and text data hiding technologies. Experimental results have shown the system to be practically viable.
Speed of Authentication / Enrollment
The following observation made in respect of fixed sensor systems may well be indicative of user tolerance to biometric speeds or lack of it.
In terms of user acceptance of a biometric system the speed at which a sensor and its controlling software accept or reject authentication attempts is the most important factor. The effective throughput, or how many users a biometric sensor can process in a given period, is a function of the entire authentication process.
Speed of authentication will have a good bearing on user acceptance. Acceptable throughput is typically five seconds per person or six to ten people per minute. User frustration begins to set in at lower throughput rates. Figure below depicts the several stages involved.
The additional cost for including biometric system in mobile would depend on a number of factors such as whether data is centrally stored or not, data encryption is done or not, whether it is a single or multi-mode authentication as well as encryption features, cost of Operating System and application software used etc. However the redeeming features which will make the additional cost burden bearable are:
• As the mobile phones in the market today are already having several features, incremental cost for adding biometric applications may not be significant.
• The user base for mobiles is high and demand for applications such as mobile banking will grow significantly. Hence the cost can be spread over millions of users and may not affect the viability.
• There could be cost sharing between the telecom company and the device manufacturer who would both benefit from increased demand.
• As described in the section on mobile banking, biometrics applied to mobile phones in several countries has proved to be a viable proposition and will generate new growth areas for business.
Reference:
http://www.a-sit.at/pdfs/biometrics_report.pdf
Authentication of biometric identification documents via mobile devices
J. Electron. Imaging, Vol. 17, 011014 (2008); doi:10.1117/1.2896293
Published 26 March 2008
Sviatoslav Voloshynovskiy, Oleksiy Koval, Renato Villán, Fokko Beekhof, and Thierry Pun
University of Geneva, Stochastic Information Processing Group, Department of Computer Science, 24 rue du General-Dufour, 1211 Geneva 4, Switzerland
http://www.brighthub.com/computing/smb-security/articles/2390.aspx?p=5
http://en.wikipedia.org/wiki/Biometrics
http://jackfruity.com/2010/04/mobile-money-is-the-mobile-secure/
http://www.dodcommunitybank.com/
http://jisar.org/2/6/JISAR.2(6).Streff.pdf
http://www.docstoc.com/docs/22684506/BIOMETRIC-TECHNOLOGIES-SECURITY--LEGAL-/
http://en.wikipedia.org/wiki/Biometrics
http://www.scribd.com/doc/14332398/Biometric-Security-For-Mobile-Banking-2008
http://www.docstoc.com/docs/22684506/BIOMETRIC-TECHNOLOGIES-SECURITY--LEGAL-/
MOBILE BIOMETRICS IN BANKING SECTOR – Market Activities & Key Issues
In China, handset vendors are starting to introduce handsets with fingerprint technology, including Yulong and Qiao Xing Mobile (CECT). And in Korea, KTF has introduced several phones using AuthenTec’s fingerprint solution, including those from Pantech, Motorola and LG.
While Europe has not been as active in this area, there was an EU collaborative research program started in 2004 called SecurePhone that produced a high-end PDA prototype using face, voice and signature-based biometric authentication systems on a SIM card. More recently, Swisscom Mobile has embarked upon a trial using Atrua’s fingerprint sensors on a Toshiba phone.
In India and parts of Africa, governments and financial institutions have started using biometrics to enroll rural populations for social benefits and banking applications. In these cases, the reasons for the use of the biometrics are to provide identity verification and prevent fraud. While these applications are generally being provided via mobile ATMs, smart-cards and “roving” service agents, rather than via cell phone, the concepts are similar and proving usable in these markets and, critically, acceptable to financial regulators.
In India, use of smart cards to effect payment to the poor through government sponsored schemes as well as ATM’s operated through biometric identifications are already under implementation. Providing mobile phones to the rural poor with similar technologies is likely in the near future.
Bolivia in South America has biometric ATM’s by Prodem FFP Bank in operation in 1999. To overcome barriers such as illiteracy, they created a solution employing smart cards, fingerprint recognition technology and smart ATMS, as well as stand-alone, voice-driven ATMs in local languages with color-coded touch screens.
Capitec Bank in South Africa is using biometrics for providing low-cost banking services to unserved populations, largely via kiosks and smart-cards, while the government is using fingerprint recognition for the delivery of pension benefits to its citizens. Net 1 Technologies designs smartcard and banking systems aimed specifically at unbanked populations. Their system uses secure smartcards that operate in real-time but offline, unlike traditional payment systems offered by major banking institutions that require immediate access through a communications network to a centralized computer. This offline capability means that users of Net1’s system can enter into transactions at any time with other card holders in even the most remote areas so long as a portable offline smart card reader is avail-able. Net1 was recently chosen by the Central Bank of Ghana to develop biometric smart-cards for use in that country’s ATMs and POS.
Key Issues to Consider in Designing a Biometric Security System in Mobile Banking
- Who does customer belong to - mobile operator or bank?
- Who builds, operates and owns the mobile banking platform?
- Who pays cost of new and/or upgraded cell phone hardware? How are cell phone batteries kept charged (solar?)
- How will customers enroll in system? Physical presence required, plus processes for verifying initial identity claims
- How will customers be trained in use of system?
- Should debit cards be issued in conjunction with service for use in urban ATMs?
- Need exception handling for both enrollment and verification; 1-800 # for problems, with secret questions for instances when customer cannot verify biometrically?
- To what degree will biometric match decisions be incorporated into existing interfaces for banking, payment and clearance systems?
- How many identifiers - handset ID, bank account #, biometric ID?
- What are the threshold (accuracy) requirements?
- Location of biometric data storage and processing for maximum availability
- Administrative and auditing functionality to manage biometric accounts and transactions
- How much personal data resides on handset?
- Cash handling network and use of field agents, retail agents, mobile ATMs
- Software requirements for cell phones not prohibitive; software and backup requirements for mobile banking systems and linkages to bank network to be determined
- Processing requirements - need basic data network (should not need 3G as long as there is a secure tunnel to the bank)
Summary
The financial sector is increasingly interested in the use of biometrics to help in the ongoing fight against money laundering and terrorist financing, fraud and consumer protection. Biometrics would be a useful solution to the issue of security for mobile banking in developing countries, particularly to address the unique needs of the unbanked in rural areas. Technically, the use of biometrics is entirely feasible in mobile applications. The accuracy of biometric identification systems is as good if not better than most traditional banking security systems, and the software and transmission requirements of several biometrics technologies are certainly within the realm of possibility for most of today’s cellular networks. The main issue to address with any biometric system is that the performance will only be as good as the quality of the data captured, so that environmental controls and user training are of paramount importance.
For purposes of mobile phone banking, fingerprint recognition appears to be the best technology to use today. Fingerprints are already being used for several rural banking applications around the world, with acceptable performance and security results. And while there is a requirement for incremental hardware and software to accommodate fingerprint sensors on the handset, the use of fingerprint recognition technology is being used in several mobile phones today by a wide range of handset vendors. As for use in cellular networks, the size of fingerprint templates, which can range from 250 to 500 bytes, can easily be transmitted via today’s GSM and CDMA data networks, allowing for systems that can provide matching both locally and centrally, depending on the application requirements.
In terms of how it would work, fingerprint recognition security could either interface directly with a bank’s online banking system, an approach that will often require costly systems integration (and result in an undesirable one-off solution), or it could interface with a separate mobile banking platform. The mobile banking platform would act as a “black box” intermediary between the cell phone and the bank, receiving the identity and biometric authorization data from the user’s handset and, once verifying the information, sending a pre-authorized signal to the banking system, using standard ISO banking protocols, telling the bank to go ahead with the transaction at hand. In fact this is how many mobile banking systems work today, taking information from the handset and translating it in one form or another for use by banks and payment processors.
As is often the case with new technology applications, the biggest issue facing mobile operators and banks when trying to evaluate biometrics for mobile banking will not be the technology, per se, but rather the business case around building the technology into the application. Questions such as who owns the customer, who builds and operates the mobile banking platform, who pays for the cell phone, and who handles all the implementation, training and customer-service related issues all need to be addressed to understand the overall attractiveness of a biometric mobile banking application.
Reference:
http://www.scribd.com/doc/14332398/Biometric-Security-For-Mobile-Banking-2008
http://bcta-initiative.org/wp-content/uploads/2010/02/1930-UNDP-BCtA-Case_Map_LR3.pdf
http://jackfruity.com/2010/04/mobile-money-is-the-mobile-secure/
Friday, April 2, 2010
LEGAL AND POLICY IMPLICATIONS
Privacy and Personal issues
Only a small percentage of people cannot be enrolled using fingerprint technology because their finger ridges have become dry, worn with age, or worn from using corrosive chemicals. Some sections of people have reservations to enroll associating fingerprinting with criminal investigations or considering touching a scanner as unhygienic. There is also concern that fingerprints collected for one purpose could be used to track an individual’s activities elsewhere.
Use of biometric methods does involve intrusion into one’s privacy in varying degrees. On the other hand it has been established beyond doubt that biometrics do offer another layer of security, though it may not be 100 % efficient, as is the case with any other authentication or identification system .Therefore a pragmatic approach to this issue would be to draw up a spectrum of authentication and identification depending on the purpose.
The General Services Administration (GSA) recently recognized this fact when establishing “Levels of Trust” for EAuthentication. Importantly, the GSA levels include the ability for government to allow individuals to be authenticated pseudonymously. (See OMB Memo 04-04 to Federal Agencies - http://www.whitehouse.gov/omb/memoranda/fy04/m04-04.pdf).
Most interactions with the government fall somewhere in between expectations of complete anonymity and a detailed investigation. If there is no true spectrum of authentication choices (from anonymity to pseudonymity to full identity) for use, all expectations of privacy will erode simply because government will be forced to treat every interaction as investigative. In properly determining how best to enhance both liberty and security, it is useful, therefore, to have some basic principles for assessing a particular biometric technology. Such a code of principles ought to include the following:
• Enrollment in biometric systems should be overt instead of covert
• Biometric systems are better used for verification rather than identification..
• Biometric systems should be designed to operate with local storage of the data (e.g., on card templates) rather than with central storage. Centralized storage of biometric data raises privacy concerns and also tends to permit more ready mission creep. Clearly for some technologies and applications local storage will not be feasible—but to the extent it is practicable, local storage should be preferred.
• Similarly, we should prefer biometric systems that are “opt in” and require a person to consent, rather than those that are mandatory. Mandatory applications should be exceptions to this rule.
• For privacy and security reasons, one should prefer biometric systems that reduce the biometric to a template, rather than maintaining a stored image. Generically, templates are harder to falsify. Images, however, may be somewhat easier to encrypt. In the end, the choice will very much depend on the application.
• Similarly, where feasible, biometric systems should consider the use of forms of verified pseudonymity, where the authorization for use by the identified individual is conveyed while the identity is concealed unless and until suitable authorization for piercing the veil of anonymity is received.
• Any biometric system should have strong audit and oversight programs to prevent misuse.
• One must take care to monitor, audit, and periodically test the enrollment process. Enrolled data should also be subject to routine secondary review to identify those mistakenly enrolled in the first instance.
• Have in place a suitable secondary identification system for use when the primary biometric system fails or provides an inconclusive result. It will not do, for example, for the backup to a biometric system to be a simple, insecure, signature-verification.
In the end, biometric technologies can be privacy-neutral. They can and should be designed with appropriate protocols to ensure privacy before they are implemented. Those protocols can both be part of the hardware (and thus designed into the system) and enhanced through operational guidelines and systems oversight that address privacy concerns.
US Government guidelines on privacy related to Biometrics
Two documents of interest to serve as guidelines in understanding and implementing privacy aspects in biometrics are discussed below. Detailed documents are available in the link http://www.biometrics.gov/docs/privacy.pdf
1. Privacy & Biometrics – Building a Conceptual Foundation issued by National Science and Technology Council (NSTC), last updated on September 15, 2006.
This document seeks to connect privacy and biometrics at a structural level so that both fields can be understood within a common framework.
2. “Privacy Technology Implementation Guide” issued on August 16, 2007 by Homeland Security offers assistance to technology managers and developers in understanding privacy protections as they design, build, and deploy operational systems.
Reference:
http://www.docstoc.com/docs/22684506/BIOMETRIC-TECHNOLOGIES-SECURITY--LEGAL-/
http://www.whitehouse.gov/omb/memoranda/fy04/m04-04.pdf
http://www.biometrics.gov/docs/privacy_guide_ptig.pdf
CURRENT RESEARCH PROJECTS
Biometric Authentication of Mobile Financial Transactions (Patent applied)
United States Patent Application 200903071
The user's credentials are stored in a second SE of the phone, which is operable to verify the user's identity from a biometric trait of the user input to the phone and to generate data authenticating the financial transaction in response to the verification of the user's identity.
At the POS, the user invokes the application and then inputs a biometric trait to the phone. The second SE verifies the user's identity, and upon verification, generates data authenticating the transaction. The financial transaction data, including the instruction codes and the authenticating data, are then transmitted from the phone to the POS.
A Research project on Biometric Encryption
The TURBINE Project
TURBINE (TrUsted Revocable Biometric IdeNtitiEs) is a research project awarded 6.3 Million Euro funding by the European Union under the Seventh Framework Programme (FP7) for Research and Technology Development.
Lasting three years, TURBINE aims to develop innovative digital identity solutions, combining:
• Secure, automatic user identification thanks to electronic fingerprint authentication
• Reliable protection of the biometrics data through advanced cryptography technology.
Research efforts will focus on transformation of a description of fingerprints, so that the result can only be re-generated by the person with the fingerprints. TURBINE will hence provide the assurance that:
1.the data used for the authentication, generated from the fingerprint, cannot be used to restore the original fingerprint sample
2.the individual will be able to create different "pseudo-identities" for different applications with the same fingerprint, while ensuring that these different identities (and hence the related personal data) cannot be linked to each other, and
3.The individual is enabled to revoke an identity for a given application in case it should not be used anymore.
Mobile Biometry (MOBIO) Project
MOBIO is a research project funded by European institutions and undertaken by a consortium of Idiap Research Institute, Switzerland, European universities and firms in IT industry. Set up in January 2008 with a target to complete in 36 months, the mission of this project is to achieve ‘Secured and Trusted Access to Mobile Services’.
MOBIO (Mobile Biometry) will focus on multiple aspects of biometric authentication based on face and voice authentication for use in mobile phones on a large scale.
This project will investigate the following technologies: robust face localization and speech segmentation in noisy environments, video-based face authentication (in order to avoid replay attacks using pictures of the face, face authentication over the video will be studied), speaker authentication, bi-modal authentication (both expert fusion and joint face/speaker authentication to take full advantage of the correlation between modalities) and unsupervised model adaptation.
The project will also address the development of a demonstration system which will investigate two main scenarios:
• Embedded biometry where the Bi-modal Biometric Authentication (BMBA) system is running entirely on a mobile phone.
• Remote biometry if the BMBA system needs too many resources to reach the required performance, it will be hosted on a server while a minimum of essential functionalities would stay on the mobile phone such as capture, segmentation, preprocessing and feature extraction.
Reference:
http://www.freepatentsonline.com/y2009/0307139.html
http://www.turbine-project.eu/
http://www.mobioproject.org/
GLOBAL EXPERIENCE IN MOBILE BIOMETRICS
New York-based MAP International, through its Business Call to Action initiative, seeks to remove barriers – such as physical infrastructure – that prevent 95 % Ugandans from entering the formal financial sector.
To pave the way for a secure, mobile banking system, MAP International developed an identity card that doubles as a debit or credit card. The biometric information is entered into MAP’s system and people are issued ID cards with a magnetic strip that contains this information.. By incorporating biometric information, these cards make it easier for those in underserved and rural areas to access a host of financial products and services while also cutting back on fraud, corruption and crime. Once connected to the mobile banking network, customers manage their money through access points such as automated teller machines (ATM) and electronic Point of Sale (POS) devices. The battery-powered POS interact with SIM cards to bring in a full suite of banking services — deposits, withdrawals, transfers, account statements — to rural areas and function as “human ATMs.” As a spin off effect of this successful venture, a new application is being developed that would connect users with micro lenders.
Summary
The recent experience with mobile banking in Uganda highlights the potential of such an application. Coupled with ingenious ways of using contemporary technologies in networking and security and combining business propositions and offerings and partnerships, such ventures can be made viable. A vast uncovered population in developing countries at the bottom of pyramid once considered a problem to be tackled can prove to be opportunities and challenges in exciting and hitherto unexplored areas.
Easy Banking for Everyone – the Indian Experience
Encouraged by the widespread use of mobile phones (as of November 2009, there are 504 million subscribers in India), the Reserve Bank of India has issued guidelines permitting Mobile commerce known as M-commerce. Through this platform, even nonbanking population can obtain a biometric card and use POS overseen by Banking Correspondent (BC). Banks will subsidize the cost of issue of biometric cards / smart cards. While e-commerce has skipped majority of the population due to the high cost of setting up such channels including computers, m-commerce has the capability to be inclusive due to the widespread use of mobile phones.
Similar solutions based on high-end mobile phones have also been implemented. In this arrangement, all transaction data are held on the mobile phone. Customers are only given receipts of their transactions/account statements. Using this facility users living in remote areas far away from banks can receive their pension or make all bank transactions on their mobile phone. They can also collect payments due to them from government sponsored rural employment scheme. This avoids the legendary intermediaries and the concomitant malpractices.
While there is immense potential for such ventures, experts caution that a well considered approach should be followed keeping in view the concerns of money laundering, financial terrorism and stability of payment systems.
Reference:
http://bcta-initiative.org/wp-content/uploads/2010/02/1930-UNDP-BCtA-Case_Map_LR3.pdf
http://jackfruity.com/2010/04/mobile-money-is-the-mobile-secure/
http://www.mymobile.co.in/feature_detail.php?id=173
EFFORTS AT STANDARDIZATION
There are two principal documents issued by the US Government pertaining to Biometric standards.
1. NSTC Policy for Enabling the Development, Adoption and Use of Biometric Standards
The goal of this Policy is to establish a framework to reach interagency consensus on biometric standards adoption for the Federal government. Federal agency adoption of these recommended standards, and associated conformity assessment programs, will enable necessary next generation Federal biometric systems, facilitate biometric system interoperability, and enhance the effectiveness of biometrics products and processes.
2. Registry of USG Recommended Biometric Standards Version 2.0 August 10, 2009 issued by the Subcommittee on Biometrics and Identity Management
This document supplements the NSTC Policy for Enabling the Development, Adoption and Use of Biometric Standards, This Registry is based upon interagency consensus on biometric standards required to enable the interoperability of various Federal biometric applications, and to guide Federal agencies as they develop and implement related biometric programs. The Registry will be constantly reviewed and updated. The latest version of this document is available on the Federal government's web site for biometric activities at www.biometrics.gov/standard
Standardization Efforts by European Commission
With cooperation from UK, Germany, France, Netherlands, Italy, Austria and Belgium, this research project entitled “"Biometrics Deployment Study: Identifying challenges and threats facing large-scale biometrics deployment in Europe” was undertaken by the Institute for Prospective Technological Studies (IPTS) at the Joint Research Centre under the aegis of the European Commission. The results of the research and surveys, presented and discussed in the 3rd European Biometrics Forum’s Research Conference held in October 2007, have been included in the Final Report published in October 2008.
Some of the most relevant points identified by the experts and presentations in the conference were:
• Biometrics may not prevent frauds entirely. Threats to security in terms of false fingerprints, multiple names in biometric databases and biometrics skimming cannot be totally eliminated.
• In terms of acceptance by the public it is important to maintain proportionality of data collection with respect to ‘clearly-defined’ purpose.
• The security problems should be approached with a total perspective of technological and organizational issues – e.g. preventing unauthorized reading from RFID chips could be one of them.
• Rationalization of standards is essential in order to bring inter-operability. For example, 2 different test suites for ISO/IEC 19794-2 (Information technology – Biometric data interchange formats - Part 2: Finger minutiae data), one provided by ILO and one by Fraunhofer that yield different results for the same set of data. Therefore, a common standard framework must be created.
• Testing and Certification standards and capabilities must be built. The BioTesting Europe project is a first step in the right direction.
• Error Rates – Firstly there should be agreed norms for error rates for specific applications. Secondly, Testing, Certification and Training Standards must be evolved so as to minimize the impact of environmental issues on performance.
• The EU Joint Research Centre will take a lead role in providing inputs for achieving a pan-European Biometric system.
Future Areas of application
Banking and e-commerce: Biometrics would replace or complement authentication now based on PIN or password. This would be a verification process which could improve secure authentication provided that the link of personal data with biometrics is secure. However, currently reported error rates would be not acceptable at automatic teller machines.
Recommendations
Following recommendations made in respect of biometrics applied to law enforcement and border control apply largely to mobile phone biometrics with banking and e-commerce applications as well. The situations described in the context of individual EU countries vis–a-vis a centralized authority in Europe / centralized data base can also be applied to other private applications such as banking or e-commerce with oversight by the national government in question.
Recommendation I
The enrolment process must be standardized and certified on a European level.
This must include data quality control (biometric and non-biometric), usability for the enrolment application and user training for operating personnel. An unenrollment process must also be implemented to account for wrong or expired data
A review of the findings concerning central and decentralized databases, and tokens resulted in the pros and cons given below:
Central databases:
• Difficult (in terms of decision making) to have wrong or poor data corrected.
• Technical issues with very-large scale statistical searches (performance and error rates can increase exponentially).
• Possibility that data already stored would be used for other purposes than originally intended, even against the will of a particular EU Member State.
• Many users are authorized to have access most likely under different legal frameworks.
• Lack of experience, unresolved issues with backup and outsourcing procedures.
Decentralized databases (central databases linked together):
• Increases the risk potentials for wrong decisions by having the same person’s data in different qualities giving unpredictable matching results.
• Risk exists of having the same data being kept safely in one country, but undisclosed in another.
• On the other hand, correcting or deleting incorrect data is easier in decentralized environments. However this implies a decision whose data is the correct one and procedures to correct it in the other databases.
Tokens:
• Since tokens can be lost or stolen, they must provide high data security to prevent misuse.
• If data on the token is wrong, it usually cannot be corrected on the token.
• User responsibility for the token may cause problems in case of children, handicapped, etc.
Recommendation II
Based on the advantages and disadvantages of the storage options, central databases should be avoided where possible. In the case that it is decided to use central databases, high data quality must be guaranteed.
There should be a legal obligation and practical procedures in place for enrolled persons to have their stored data revoked or corrected when there is a possibility that they are not correct or of poor quality.
Biometric data should also not be stored raw, but rather in encrypted templates which achieves the same matching result but reduces the risk of ID theft and some function creep.
The biometrics identifier should not automatically lead to the connected personal data as this should only happen in correspondence to a clearly explained purpose by as few authorized users as possible.
Recommendation III
Multi-modal biometrics is recommended as the most secure option to prevent spoofing. Future deployments of large-scale biometrics systems should opt for multimodality and all stakeholders in secure identification scenarios should give the complete security cycle its proper attention: enrolment, storage, acquisition, matching and the entire back-end system.
Enrolment and matching should be performed using ‘Live and wellness’ detection especially in unattended environments and/or the process should be supervised wherever possible.
Encrypted templates should be applied rather than original samples for storing and matching.
It is concluded that matching against tokens yields the highest security level and therefore is preferable. Regarding specific applications, the new ePassports should contain personal data that is protected by Extended Access Control (EAC) which implies implementing an effective key management.
Few results are available on test data and common European standards are still lacking and need to be formulated
Recommendation IV
An accreditation and certification structure must be established on a European level as there is currently an urgent need for a common framework
As the BioTesting Europe project is aiming to improve the current situation of test data, there must be a provision of much more data to appropriately cope with the large system dimensions. Therefore, the results of that project could be the step in the right direction for improving future large scale deployment.
Recommendation V
More detailed guidelines on system and process design are needed to perform targeted threat analysis and quality assessments. This includes the human factor in the interaction with / operating of biometric devices.
In order to assess the risks involved in implementing large scale biometric systems it is needed to define in more detail what these system are in terms of functionality. Once that has been made clear, targeted assessments can be carried out on security, privacy, proportionality and overall quality of the system.
Recommendation VI
A European approach is needed to overcome differences between member states in the handling of privacy and data protection issues.
Recommendation VII
Public awareness should be created amongst all the EU citizens about the purpose and use of biometric technologies in large schemes such as passports and public administrations.
Recommendation VIII
European testing and certification capabilities based on European requirements in the area of biometric enabled id-systems are urgently needed in order to improve interoperability, conformance, security and overall trust.
Recommendations VI, VII and VIII may particularly apply to inter-governmental applications such as border control, visa issuance etc. However, any biometric application on a large scale in the private sector pre-supposes such a wide-area infrastructure, standardized, tested, audited and controlled. For countries like the USA with federal government and state government structures, these principles can be suitably extended so as to achieve uniformity throughout the country surpassing the borders of the federal states. This will ensure least confusion and inconvenience to the users and will help in earning the user’s trust and confidence in the biometric system thus resulting in voluntary compliance.
A few initiatives have been undertaken to develop capabilities in testing and certification e.g. by Bio Testing Europe and Minutiae Template Interoperability Testing Project (MTIT). Much remains to be done in coordination and endorsement of these activities.
Recommendation IX
Biometrics is not yet wide spread as a technology and is still an area for specialists; it is therefore necessary to bring independent expert opinions together on a European level.
Political Dimensions:
Questions such as proportionality of data collection and privacy cannot be left to experts alone but involves political judgment as well. Political acumen and threat perceptions should guide in drawing up the dividing line between personal freedom and achieving the targeted security protection. Furthermore, while formulating rules and regulations, it would be well to remember no implementation can guarantee 100% security. Difficult as all political decisions are, unless a consensus is reached on these crucial issues, widespread application of biometrics, especially in the private sector, cannot make headway.
India working on Standards for Biometrics
As noted earlier, India has made small beginnings in use of smart cards using biometrics. The government and the industry and the academia realize the need to develop standards for biometrics to provide “level playing field”. There is a consensus on some of the major aspects that the standards should imbibe:
1. Standards should be open avoiding dependence on any one vendor technology.
2. Security of data, purpose- related data collection and use, due consideration of privacy issues.
3. Separation of biometric data from personal data
4. Taking the national ID card as an example, standards should take cognizance of different stakeholders deployed in enrolment, creation of database, generating algorithms, verifying and distributing the cards.
5. Data to be highly protected with several cyber-controls and encryptions in place, in both online and offline mode."
Some of the key national level organizations to be associated in evolving these standards are:
• Data Security Council of India, a self-regulatory organization led by Nasscom. This organization handles Data Security issues.
• The National Association of Software and Services Companies (NASSCOM) is the premier trade body and the chamber of commerce of the IT-BPO industries in India.
• Centre for Development of Advanced Computing (C-DAC) develops applications for e-government projects.
Reference:
http://www.biometrics.gov/Standards/default.aspx
http://www.biometrics.gov/Standards/Biometric_Standards_Registry_v2.pdf
http://www.a-sit.at/pdfs/biometrics_report.pdf
http://www.zdnetasia.com/india-working-on-standard-for-biometrics-62058101.htm
VENDOR AND PRODUCT PROFILES
PerSay Tel Aviv, Israel – multi-factor authentication for phone based high-risk transactions at banks in Israel.
Sagem Securite Paris 75512 France – combined fingerprint and finger-vein matching useful to people with arthritic hands.
Sagem Wireless - fingerprint verification phones with Android Operating system to facilitate multiple applications and will provide an open, standards-based platform for application development.
Precise Biometrics Lund Sweden – Phones with match on cards which will have local verification software –user friendly, cost-effective and preserves integrity. This is a flexible solution that can be used together with various applications and solutions, most fingerprint readers as well as the majority of smart cards in the market
AuthenTec, Melbourne, Florida 32901 USA - fingerprint based phone. Apart from secure mobile banking, features enable access to a variety of applications using recognition of different fingers.
UPEK, Inc. Emeryville, California – touch control solutions for mobile phones offering secure mobile transactions and protection of portable data.
Reference:
http://www.tmcnet.com/usubmit/2010/04/15/4730594.htm
http://www.smartcard.co.uk/members/newsletters/2009/SCN%20November%202009.pdf
http://www.nearfieldcommunicationsworld.com/2010/02/03/32608/sagem-wireless-to-add-fingerprint-verification-to-new-range-of-mobile-phones/
http://report.precisebiometrics.com/home/forvaltningsberattelse-1
http://report.precisebiometrics.com/teknik-_-losningar;jsessionid=169AF51FF23A1E954DC25B115B08AC59
http://www.authentec.com/technology-fingerprint-biometrics.cfm
http://investing.businessweek.com/research/stocks/private/snapshot.asp?privcapId=9339794
http://www.findbiometrics.com/mobile-biometrics/
CONCLUSION
Biometric phones offer additional layer of security in increasingly user-friendly ways. As the user base of mobile phones grows multifold in the coming years, large scale deployment of biometric mobile phones is a distinct possibility.