The Impact of Biometrics on the Justice System - PowerPoint PPT Presentation

1 / 40
About This Presentation
Title:

The Impact of Biometrics on the Justice System

Description:

fingerprints. Keypad. Finger. Digital. Number ... Fingerprint Pattern versus Digital Template. The actual fingerprint pattern is not stored, but only a digital ... – PowerPoint PPT presentation

Number of Views:68
Avg rating:3.0/5.0
Slides: 41
Provided by: george54
Learn more at: http://www.cfp2000.org
Category:

less

Transcript and Presenter's Notes

Title: The Impact of Biometrics on the Justice System


1
The Impact of Biometrics on the Justice System
Computers, Freedom and Privacy Conference, April
5, 2000
2
Unauthorized secondary uses apply to biometrics
  • Biometrics offer the strongest form of positive
    identification
  • although viewed as the solution to reducing
    identity fraud, this feature also threatens
    personal privacy, specifically
  • Secondary uses can apply to
  • collecting biometrics for one use, say welfare
    enrollment, and using them to identifying
    individuals at a crime scene, for example
  • using the biometric as a token to link
    transactions of individuals and using this
    information to construct profiles for
    intelligence purposes.
  • Because of its security and economic value, both
    government and market forces will pursue these
    practices.

3
Privacy laws are not enough
  • Controls must be built into the code.
  • laws or policies to restrict the use of
    biometrics
  • are not sufficient.

4
Biometrics -- the measurement process
Quality enhancement,and feature extraction
Analog to digital
Finger Iris Voice Hand
Image
Scanner
Conversion Software
Digital Number
Biometric signature, e.g., minutia file
for fingerprints
PIN
Finger
Keypad
Digital Number
With todays technology, all biometrics transform
to a number. That number is part of me, I cant
forget nor lose it.
5
Biometrics -- the comparison process
Incorporates salient and repeatable features of
biometric from a number of scans
ENROLMENT
X scans of the same biometric
X Numbers (signatures)
Scanner-S/W
Template generation

n same as or close to t ?
Template (t)
Biometric
Scanner-S/W
Comparison Software
Number (n)
yes
maybe
no
Authentication Compare number (n) to a single
template (t) to determine verification (yes or
no). Identification Compare number (n) to many
templates (t1tk) to determine any matches
within the allowed variability
6
Applications for Authentication
  • Logon to networks, servers, laptops, etc.,
  • digital certificates,
  • access to databases, firearms, premises, bank
    machines, credit and debit cards,
  • access to benefits such as social security,
    medical, welfare
  • access to personal information such as medical,
    financial
  • Biometrics viewed as the solution to identity
    fraud

7
Applications for Identification
  • Positive identification, comparing a biometric to
    a database of known biometric templates to
    determine its presence -- IAFIS for law
    enforcement,
  • Negative identification, comparing a biometric to
    a database of known biometric templates to
    confirm that it is absent -- applying for welfare
    benefits to prevent multiple enrollment or
    double dipping.

8
Biometric Application Program Interfaces
(BioAPI)Plug and Play Biometric Devices
Service Provider Interface
SPI
Bio Device
BSP
APPLICATION
A P I F R A M E W O R K
Biometric Service Provider
Goal Standardize biometrics interface
API
SPI
Bio Device
BSP
SPI
Bio Device
BSP
Applications include State welfare
program, Bank machine access, logon to a
network
Template(s)
9
Networking Application Databases
10
Authentication does not require central storage
of templates
  • Biometrics can be stored locally -- smart card,
    barcode, etc.
  • Comment
  • In practice, we have to resolve how lost, stolen
    or damaged cards will be handled without the
    individual physically going to an enrolment
    center to present his ID and have his biometric
    processed again?
  • Centralized storage of a biometric or its
    templates would allow a new card containing the
    biometric template to be put in the mail, or a
    virtual card downloaded over the Internet.

11
Fingerprint Pattern versus Digital Template
  • The actual fingerprint pattern is not stored,
    but only a digital template is stored which
    cannot be converted back to the original
    fingerprint pattern.
  • Comment
  • The issue is not whether a fingerprint pattern
    can be reconstructed from its digital template.
  • The issue is that both the fingerprint pattern
    and its corresponding digital template are unique
    identifiers and therefore surrogates of ones
    identity.

12
A Scenario of Privacy Infringement (1)
  • A welfare recipient leaves his latent
    fingerprints at a nightclub that later becomes
    the scene of a crime. The latent prints are
    picked up and matched to the fingerprint database
    compiled for welfare recipients. He is
    identified and questioned.
  • Solution
  • The fingerprint database will be off limits to
    the police by virtue of legislation.
  • How can we ensure it will be the case with the
    next government?
  • What about the issue of unauthorized access to
    the database. The temptation for secondary or
    unauthorized uses of such a database beyond its
    primary purpose may be very great.

13
A Scenario of Privacy Infringement (2)
  • Solution
  • Never store the actual fingerprint pattern, only
    its digital template.
  • Still a problem. If the police obtain access to
    a similar biometric device, and place some
    digitized latent fingerprints through the system,
    they will be able to compare against the
    templates. They have to, otherwise the system
    doesnt work.

14
Mapping Templates
T1
T1
Translation of templates from one format to
another is a mapping process from one minutiae
n-space to another
15
A Scenario of Privacy Infringement (3)
  • Solution
  • Have unique hardware or software algorithms that
    are encrypted for different organizations and
    government agencies. Privacy is based on
    ignorance of the potential attacker.
  • to be comparable to cryptographic systems,
    biometric security cannot depend on the secrecy
    of the algorithm or unavailability of the
    hardware.
  • The system should have an open design. The
    protection mechanism must not depend on the
    ignorance of potential attackers.
  • The algorithms should be open to public scrutiny,
    just as cryptographic algorithms are subjected to.

16
A Scenario of Privacy Infringement (4)
  • Solution
  • Either the templates in a database or their
    links to personally identifiable information will
    be encrypted, therefore matching cannot occur
    without access to the encryption key.
  • In this case, secure key management would be
    crucial.
  • Who is going to have control over the encryption
    keys?
  • How do we guard against putting the rabbits in
    charge of the lettuce?
  • With key management, we are basing our privacy on
    the trust model versus the absolute security we
    have with cryptographic algorithms.

17
Current biometric systems place the use
limitationprovision in FIPs further in jeopardy
  • Third parties, such as the law enforcement
    community, will have access to personal profiles
    about you that are more complete, and potentially
    more damaging than the combined information that
    your best friends, spouse and parents have.

18
Privacy loves the company of numbers
  • 3271 bank card PIN
  • 5733 office security system PIN
  • 2259 telephone PIN
  • Mapple Laptop password
  • 8932 home security PIN
  • The feature of PINS that makes for bad security
    makes for great privacy -- a lot of them !
  • With current biometrics, you have one number or,
    at most, a few.

Safety in numbers -- hazards in one number
19
Security issues with Biometrics (I)
  • Limited to a Yes/No response.
  • For network security, still need to link to a PIN
    unless one uses the template as the password. If
    so, then templates have to be stored in
    databases.
  • Solution use the biometric to encrypt the PIN

20
Use the biometric to encrypt the PIN
Enrollment
Coded PIN is stored
PIN
Fingerprint Pattern
73981946
h94Kd
CODES
Authentication
PIN used for access
Coded PIN
Fingerprint Pattern
h94Kd
73981946
DECODES
Can literally have hundreds of PINs -- Safety in
numbers!
21
Security issues with Biometrics (II)
  • Current biometrics are not challenge-response
    sytems. The password, which is the biometric, is
    always the same.
  • Solution use challenge-response systems

22
Challenge-Response Using Biometrics
Response Function
Enrollment
Coded Res Fnc is stored
Fingerprint Pattern
2x 7
Hgrcj
CODES
Client decodes Res Fnc with fingerprint
Host
Calculated Response
Challengex 4 R 15
2x 7
15
X 4
R 15 sent back to Host
23
Security issues with Biometrics (III)
  • If template resides in a client PC, open to
    future surveillance by intelligent agent
    software, i.e. trojan horses, worms.
  • Solution use embedded trusted biometric devices
    that are isolated from the client. Never store
    template in the client

24
Embedded Biometric Devices
Trusted Device
Embedded Hardware Device
Scanner-S/W
Template generation
Biometric
To Client PC
Template Storage
Comparison Software
Template (t)
25
Security issues with Biometrics (IV)
  • Biometric systems are still inaccurate and will
    generate false identifications.

26
The need for balance when using biometrics
Confidentiality, Authentication
Benefit
Surveillance
Linkage
Risk
27
Conclusion
  • Current off-the-shelf biometrics will permit the
    secondary uses of personal information. They are
    not privacy protective.
  • Technology that allows informational
    self-determination and makes good security a
    by-product of protecting ones privacy is the
    goal.
  • Using the biometric to encrypt a PIN or a
    standard encryption key will meet that goal.

28
The privacy problem with current biometrics
  • A biometric such as a fingerprint can be used as
    a unique identifier of a person which, as a
    unique identifier
  • can be used to trace the persons transactions,
    and
  • link massive amounts of personal data about
    them.
  • Because of its value, both economic and security,
    both market and government forces will promote
    this practice.
  • If biometrics are adopted as the standard method
    of authentication in our society, we will have
    central databases of peoples biometrics or
    digital templates residing in networked
    databases.

29
The Identity Spectrum
Biometric Digital Certificate x.509
Digital Certificate x.509
PINs and Passwords
Multiple Pseudonym x.9.59
Anonymity Most Privacy Protective
Absolute ID Least Privacy Protective
Secure transactions do not require divulging of
identity in all cases.
30
Networking Template Databases
31
Process to establish authentication credentials
  • 1. Identification a one time process to
    establish that I am a unique, named individual
    (e.g., George Tomko).
  • 2. Confirmation of Eligibility a one time
    process to confirm that the named individual is
    indeed eligible (i.e. meets certain stated
    criteria) for a given service.
  • 3. Authentication Credentials a token,
    furnished or chosen by the service provider,
    which allows the individual to access the service
    involved on a recurring basis. It presumes the
    existence of steps one and two, without which it
    could not operate.

32
Levels of Security for Identity Fraud
  • No proof of identity required.
  • PIN or password used as token of identity.
  • Digital certificate used as token of identity.
  • Biometric tied to digital certificate used as
    token of identity.
  • Token changed frequently, e.g, changing a
    password or PIN on a weekly basis.
  • Different token for each access attempt, e.g.
    challenge-response system, one time password.

33
Industrys Response
  • This threat to privacy, highlighted by public
    exposure and heightened media attention, has
    became somewhat of an obstacle in some countries
    in the marketing of biometric technologies.
  • In response, biometrics are now being promoted
    as privacy-enhancing.
  • Is this Orwellian double-speak or is there some
    foundation to this claim?

34
BioAPI Implications
35
Integrating Justice Information The privacy
threat
  • Secondary uses of personal information without
    consent -- beyond the intent of the primary
    purpose for collection.
  • Impacts privacy rights of
  • accused but not yet convicted individuals,
  • victims or witnesses at a crime scene,
  • suspicious individuals -- intelligence gathering
    activities of a government agency.

36
Levels of Security for Access
  • Open door policy, e.g., no PIN or password
  • Same token used for each access attempt, eg.,
    PIN, password, biometric.
  • Token changed frequently, e.g, changing a
    password or PIN on a weekly basis.
  • Different token for each access attempt, e.g.
    challenge-response system, one time passwords.
  • The fundamental problem is that biometrics are
    not what cryptographers refer to as a challenge
    and response system. That is, the response to
    the question, What is your left index
    fingerprint? is always the same. A challenge
    and response system would ask different questions
    each time and be able to measure the correct
    response. (Peter Wayner - New York Times)

37
Levels of Privacy
  • Systems designed to protect privacy must have the
    same level of security as cryptographic systems.
  • That is, their security cannot depend on the
    secrecy of the algorithm or unavailability of the
    hardware. The system should have an open design
    and the protection mechanism must not depend on
    the ignorance of potential attackers.

38
The Solution to Identity Fraud
  • Biometrics are being viewed as a solution to
    identity fraud because they can be used to
    positively authenticate and in many cases
    positively identify individuals.
  • Furthermore, if one wants, biometrics can be
    used to track individuals and their
    transactions.

39
Privacy Issues
Confidentiality of personal data (security)
Surveillance of location (activities)
Linkage of personal data (secondary use)
40
Your Identity Stored in Cyberspace
  • If biometrics are adopted as the standard method
    of authentication in our society, we will have
    databases of peoples biometrics or digital
    templates residing in a networked society
Write a Comment
User Comments (0)
About PowerShow.com