Biometrics and Encryption

Document Sample
Biometrics and Encryption Powered By Docstoc
					Biometrics and Encryption

   Additional Security Slides
       Biometrics 101 (cont)
Required System Components
• A biometric authentication device is made
  up of three components:
  – A database of biometric data.
  – Input procedures and devices.
  – Output and graphical interfaces.
   Identification Vs. Verification
• In identification, the system then attempts to find
  out who the sample belongs to, by comparing
  the sample with a database of samples in the
  hope of finding a match (this is known as a one-
  to-many comparison). "Who is this?"

• Verification is a one-to-one comparison in
  which the biometric system attempts to verify an
  individual's identity. "Is this person who
  he/she claims to be?"
        Human trait examples used in
                Biometrics
• Fingerprints
  A fingerprint looks at the patterns found on a fingertip. There are
  a variety of approaches to fingerprint verification. Ex. traditional
  police method of matching minutiae; others use straight pattern-
  matching devices; verification approaches can detect when a live
  finger is presented; some cannot.
• Hand Geometry
  Hand geometry involves analyzing and measuring the shape of
  the hand. This biometric offers a good balance of performance
  characteristics and is relatively easy to use. It might be suitable
  where there are more users or where users access the system
  infrequently and are perhaps less disciplined in their approach to
  the system.
      Security Measures for the
            Internet Age
•   Encryption
•   Digital Signatures
•   Digital Certificates
•   Secure Electronic Transactions (SET)
                    Encryption

                           Ciphertext                Plaintext
  Plaintext
              Encryption                Decryption




•Cryptography: art and science of keeping messages
secure
•Cryptanalysis: art and science of breaking ciphertext
•Cryptology: area of mathematics that covers both
           Encryption continued
• If
   –   M=the plaintext message
   –   C=the encrypted ciphertext
   –   E=encryption algorithm
   –   D=decryption algorithm
• Then
   – E(M)=C
   – D(C)=M
   – D(E(M))=M
    Algorithms and Keyspaces
• The cryptographic algorithm (cipher) is a
  mathematical function used for encryption and
  decryption
• Security based on restriction to internals of
  algorithm
  – But
     • If someone leaves group
     • Someone buys algorithm
• Problems of restricted algos solved with using
  keys
                         Keys
• Any one of a large number of values
• The total possible set of keys is called the
  keyspace
• The encryption and decryption is dependent on
  key
• So
  –   E (M)=C
       K

  –   D (C)=M
       K

  –   D (E (M))=M
       K   K

  –   What does this mean?
       • DK2(EK1(M))=M
Private vs. Public Key
      Encryption
      Symmetric vs. Asymmetric
            algorithms
• Symmetric
  – Typically use the same key for encryption and
    decryption
  – Sender and receiver must agree to secret key before
    sending message
• Asymmetric
  –   Key for encryption is different from one for decryption
  –   Encryption key can be made public
  –   Decryption key is private
  –   Sometimes called public key encryption
                 Cryptanalysis
• Recovering the plaintext without the key (an
  attack)
• All secrecy resides in the key
• Types of attack
  –   Ciphertext-only attack
  –   Known-plaintext attack
  –   Chosen-plaintext attack
  –   Adaptive-chosen-plaintext attack
  –   Rubber-hose attack
  –   Purchase-key attack
 Encryption Standards
• Data Encryption Standard (DES)
   – Uses 56 bit key
   – Both sender and receiver must know the key
   – Only took three days to crack in 1998 (see www.
     distributed.net)
• Triple DES (3DES)
   – Encrypt the DES message three times
• Advanced Encryption Standard (AES)
   – Successor to the 3DES standard (128 bit)
   – US Government has chosen Belgian Algorithm
     called Rijndael
• Pretty Good Privacy (PGP)
   – Product that uses the DES but is 128 bit
   – Two keys – public and private
     Public Key Infrastructure
• Involves hardware, software, data
  transport mechanism, smart cards,
  governing policies and protocols
• Requires services of
  – Registration Authority
  – Certificate Authority
  – Data Repositories
           Digital Signatures
• Consists of two pieces of information
  – the data being transmitted
  – The private key of the individual or
    organization sending the data
• The private key acts as a digital signature
  to verify that the data is from the stated
  source
         Transaction Security
• Secure Socket Layer (SSL)
  – Uses the SSL in the TCP/IP model
  – Creates a secure negotiated session between client
    and server
• Secure Negotiated Session
  – All communication between client and server is
    encrypted
     • URL, credit card number, cookies, attached documents
  – Agree upon a symmetric session key
     • Used for only one session and then destroyed
                                                              MERCHANT BANK
                     Online Credit Card
                        Transaction
MERCHANT      3. Merchant server contacts
              clearinghouse                      CLEARING
                                                 HOUSE
                                                                       5. Bank
                                                   4.
                                                                       transfers
                                                   Clearinghouse
                                                                       funds to
                                                   verifies account
             2. SSL connection to                                      merchant
                                                   and balance with
             merchant                                                  bank
                                                   issuing bank




       1. Consumer                          6. Debit issued
       makes                                in monthly
       purchase                             statement
                                                               CONSUMER BANK

•   Secure Electronic Transactions
    Problems with SSL method
• Neither merchant nor consumer can be fully
  authenticated
• Consumers can repudiate charges even though
  goods have been shipped
• Costs for merchants high – 3.5% plus 20-30
  cents per transaction plus setup fees
  – Apples iTunes aggregates for a 24 hour period
• Cards not as ubiquitous as you think
Multi-layered E-Commerce
          Security



                DATA
          Technology Solutions


         Technology Solutions


         Organizational Policies

      Industry and Legal Standards

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:5
posted:4/22/2012
language:English
pages:19