Biometrics and the epass - PowerPoint PPT Presentation

1 / 4
About This Presentation
Title:

Biometrics and the epass

Description:

Faraday cage not in place. Cryptographic weakness of Basic Access Control (BAC) ... Implementation of existing security measures such as Faraday cages ... – PowerPoint PPT presentation

Number of Views:63
Avg rating:3.0/5.0
Slides: 5
Provided by: denis3
Category:

less

Transcript and Presenter's Notes

Title: Biometrics and the epass


1
Biometrics and the epass
  • Results and Conclusions from current FIDIS
    Research
  • Dr. Martin Meints
  • Independent Centre for Privacy Protection (ICPP)

2
Epass - Problems
  • The epass uses biometric raw data - all biometric
    raw data (such as pictures of faces and
    fingerprints) are sensitive and protected as
    personal data ? function creep, violation of
    purpose binding
  • They allow the diagnosis of certain diseases by
    experts and in some cases even by laymen
  • They allow in some cases direct identification
  • Combined technologies (in this case RFID and
    biometrics) are complex. Implementation shows
    severe conceptual weaknesses. As a consequence
    there is no effective access control for
    biometrics in the epass
  • Faraday cage not in place
  • Cryptographic weakness of Basic Access Control
    (BAC)
  • Missing effectiveness of the key management (Who
    is in control?)
  • Extended Access Control (EAC) does not protect
    all data and already is organisationally
    circumvented (e.g. visa data in the USA)
  • What is the root of trust? Current research with
    respect to technology acceptance models in AmI
    environments (Spiekermann et al.) suggests that
    perceived control is an important factor
  • Decentralised/centralised storage depends on
    control

3
What can be done?
  • Immediately
  • No transfer of this concept to national ID cards
    and the private sector
  • Implementation of existing security measures such
    as Faraday cages
  • Information of the citizen how to deal with this
    passport
  • International co-ordination of backup procedures
    in cases biometrics fail
  • Introduction of a revocability concept e.g. by
    using biometrics one way hashed with a PIN
    (exchangeable component!) only
  • Introduction of templates instead of biometric
    raw data that contain no health related
    information and cannot be used for sensor
    spoofing
  • In the next three years
  • Development of a new co-ordinated security and
    technology concept
  • Definition of security requirements and
    corresponding measures
  • Taking data protection into account
  • Taking multilateral security requirements into
    account (states, private organisations and
    especially the users of the epass)
  • Taking complexity of combined technologies into
    account
  • Being discussed by European data protection and
    security experts
  • Being internationally co-ordinated (ICAO) and
    implemented

4
Questions and Answers
  • ?

Thank you for your attention! Any questions? Dr.
Martin Meints ICPP LD102_at_datenschutzzentrum.de
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Biometrics and the epass" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!