Lecture Notes in Computer Science 5185

More documents

Recommendations

Info

2 A. Pfitzmann 1.2 Biometrics for What Purpose? Physiological or behavioral characteristics are measured and compared with reference values to Authenticate (Is this the person (s)he claims to be?), or even to Identify (Who is this person?). Both decision problems are the more difficult the larger the set of persons of which individual persons have to be authenticated or even identified. Particularly in the case of identification, the precision of the decision degrades with the number of possible persons drastically. 2 Security Problems of Biometrics As with all decision problems, biometric authentication/identification may produce two kinds of errors [1]: False nonmatch rate: Persons are wrongly not authenticated or wrongly not identified. False match rate: Persons are wrongly authenticated or wrongly identified. False nonmatch rate and false match rate can be traded off by adjusting the decision threshold. Practical experience has shown that only one error rate can be kept reasonably small – at the price of a unreasonably high error rate for the other type. A biometric technique is more secure for a certain application area than another biometric technique if both error types occur more rarely. It is possible to adapt the threshold of similarity tests used in biometrics to various application areas. But if only one of the two error rates should be minimized to a level that can be provided by well managed authentication and identification systems that are based on people’s knowledge (e.g., passphrase) or possession (e.g., chip card), today’s biometric techniques can only provide an unacceptably high error rate for the other error rate. Since more than two decades we hear announcements that biometric research will change this within two years or within four years at the latest. In the meantime, I doubt whether such a biometric technique exists, if the additional features promised by advocates of biometrics shall be provided as well: – user-friendliness, which limits the quality of data available to pattern recognition, and – acceptable cost despite possible attackers who profit from technical progress as well (see below). In addition to this decision problem being an inherent security problem of biometrics, the implementation of biometric authentication/identification has to ensure that the biometric data come from the person at the time of verification and are neither replayed in time nor relayed in space [2]. This may be more difficult than it sounds, but it is a common problem of all authentication/identification mechanisms.
Biometrics–HowtoPuttoUseandHowNotatAll? 3 3 Security Problems Caused by Biometrics Biometrics does not only have the security problems sketched above, but the use of biometrics also creates new security problems. Examples are given in the following. 3.1 Devaluation of Classic Forensic Techniques Compromises Overall Security Widespread use of biometrics can devaluate classic forensic techniques – as sketched for the example of fingerprints – as a means to trace people and provide evidence: Databases of fingerprints or common issuing of one’s fingerprint essentially ease the fabrication of finger replicas [3] and thus leaving someone else’s fingerprints at the site of crime. And the more fingerprints a forger has at his discretion and the more he knows about the holder of the fingerprints, the higher the plausibility of somebody else’s fingerprints he will leave. Plausible fingerprints at the site of crime will cause police or secret service at least to waste time and money in their investigations – if not to accuse the wrong suspects in the end. If biometrics based on fingerprints is used to secure huge values, quite probably, an “industry” fabricating replicas of fingers will arise. And if fingerprint biometrics is rolled out to the mass market, huge values to be secured arise by accumulation automatically. It is unclear whether society would be well advised to try to ban that new “industry” completely, because police and secret services will need its services to gain access to, e.g., laptops secured by fingerprint readers (assuming both the biometrics within the laptops and the overall security of the laptops get essentially better than today). Accused people may not be forced to co-operate to overcome the barrier of biometrics at their devices at least under some jurisdictions. E.g., according to the German constitution, nobody can be forced to co-operate in producing evidence against himself or against close relatives. As infrastructures, e.g., for border control, cannot be upgraded as fast as single machines (in the hands of the attackers) to fabricate replicas of fingers, a loss of security is to be expected overall. 3.2 Stealing Body Parts (Safety Problem of Biometrics) In the press you could read that one finger of the driver of a Mercedes S-class has been cut off to steal his car [4]. Whether this story is true or not, it does exemplify a problem I call the safety problem of biometrics: – Even a temporary (or only assumed) improvement of “security” by biometrics is not necessarily an advance, but endangers physical integrity of persons. – If checking that the body part measured biometrically is still alive really works, kidnapping and blackmailing will replace the stealing of body parts.
Page 1 and 2: Lecture Notes in Computer Science 5
Page 3 and 4: Volume Editors Steven Furnell Unive
Page 5 and 6: Program Committee General Chairpers
Page 7 and 8: Invited Lecture Table of Contents B
Page 9: Biometrics - How to Put to Use and
Page 13 and 14: Biometrics-HowtoPuttoUseandHowNotat
Page 15 and 16: 7 Outlook Biometrics-HowtoPuttoUsea
Page 17 and 18: A Map of Trust between Trading Part
Page 27 and 28: Implementation of a TCG-Based Trust
Page 37 and 38: A Model for Trust Metrics Analysis
Page 47 and 48: Patterns and Pattern Diagrams for A
Page 51 and 52: Policy Model AC model Patterns and
Page 53 and 54: Broker Investor Doctor Patient 1
Page 57 and 58: A Spatio-temporal Access Control Mo
Page 59 and 60: A Spatio-temporal Access Control Mo
Page 61 and 62:
A Spatio-temporal Access Control Mo
Page 63 and 64:
Page 65 and 66:
Page 67 and 68:
A Mechanism for Ensuring the Validi
Page 69 and 70:
Page 71 and 72:
Page 73 and 74:
Page 75 and 76:
Page 77 and 78:
Multilateral Secure Cross-Community
Page 79 and 80:
Page 81 and 82:
Page 83 and 84:
Page 85 and 86:
Page 87 and 88:
Fairness Emergence through Simple R
Page 89 and 90:
Page 91 and 92:
Page 93 and 94:
Page 95 and 96:
Page 97 and 98:
Page 99 and 100:
Combining Trust and Reputation Mana
Page 101 and 102:
Page 103 and 104:
Page 105 and 106:
Page 107 and 108:
Page 109 and 110:
Controlling Usage in Business Proce
Page 111 and 112:
Page 113 and 114:
Page 115 and 116:
Page 117 and 118:
Page 119 and 120:
Page 121 and 122:
Page 123 and 124:
A Semantics Rules for POLPA-Control
Page 125 and 126:
Page 127 and 128:
Spatiotemporal Connectives for Secu
Page 129 and 130:
Page 131 and 132:
Page 133 and 134:
5.2 Expressiveness Spatiotemporal C
Page 135 and 136:
Acknowledgement Spatiotemporal Conn
Page 137 and 138:
BusiROLE: A Model for Integrating B
Page 139 and 140:
Page 141 and 142:
Page 143 and 144:
Page 145 and 146:
Page 147 and 148:
The Problem of False Alarms: Evalua
Page 149 and 150:
The Problem of False Alarms 141 pro
Page 151 and 152:
The Problem of False Alarms 143 To
Page 153 and 154:
The Problem of False Alarms 145 mad
Page 155 and 156:
The Problem of False Alarms 147 Des
Page 157 and 158:
The Problem of False Alarms 149 3.
Page 159 and 160:
A Generic Intrusion Detection Game
Page 161 and 162:
Page 163 and 164:
Page 165 and 166:
Page 167 and 168:
Page 169 and 170:
Page 171 and 172:
On the Design Dilemma in Dining Cry
Page 173 and 174:
Page 175 and 176:
Page 177 and 178:
Page 179 and 180:
Page 181 and 182:
Obligations: Building a Bridge betw
Page 183 and 184:
Page 185 and 186:
Page 187 and 188:
Page 189 and 190:
Page 191 and 192:
Page 193 and 194:
A User-Centric Protocol for Conditi
Page 195 and 196:
Page 197 and 198:
Page 199 and 200:
Identity Escrow: A User-Centric Pro
Page 201 and 202:
Page 203 and 204:
Preservation of Privacy in Thwartin
Page 205 and 206:
Page 207 and 208:
Page 209 and 210:
Page 211 and 212:
Page 213:
Agudo, Isaac 28 Aich, Subhendu 118
show all

Lecture Notes in Computer Science 5185

Create successful ePaper yourself

Delete template?

Save as template?