BIOMETRIC

What is Biometric
• It is believed that every human being has unique physiological and
behavioral characteristics, which cannot be forge or forgotten

• Biometric technology is a science of measuring and compiling

distinguishing physical and behavioral characteristics of a
person(what a person “is”)

• Refers to identification of a person through his/her physiological or

behavioral characteristics
Biometric
• Recognition
• Identification
• Verification
Biometric types
• Physiological
• Behavioural
Physical biometrics
• Fingerprint
• Face Recognition
• Hand Geometry
• Iris Scan
• Retina Scan
Behavioral Biometric
• Voice Scan/ Speaker
• Signature/ handwriting
• Patterning/keystroke
Fingerprint
Face Recognition
Hand Geometry
Iris Scan
Retina Scan
Voice Scan/ Speaker
Signature
Patterning/keystroke
Access control
Introduction
• Technical controls are essential in enforcing policy for many IT
functions that do not involve direct human control
• Technical control solutions improve an organization’s ability to
balance making information readily available against increasing
information’s levels of confidentiality and integrity

Principles of Information
16
Security, Fourth Edition
Access Control
• Access control: method by which systems determine whether and
how to admit a user into a trusted area of the organization
• Mandatory access controls (MACs): use data classification schemes
• Nondiscretionary controls: strictly-enforced version of MACs that are
managed by a central authority
• Discretionary access controls (DACs): implemented at the discretion
or option of the data user

Principles of Information
17
Security, Fourth Edition
Identification
• Identification: mechanism whereby an unverified entity that seeks
access to a resource proposes a label by which they are known to the
system
• Supplicant: entity that seeks a resource
• Identifiers can be composite identifiers, concatenating elements-
department codes, random numbers, or special characters to make
them unique
• Some organizations generate random numbers

Principles of Information
18
Security, Fourth Edition
Authentication
• Authentication: the process of validating a supplicant’s purported
identity
• Authentication factors
• Something a supplicant knows
• Password: a private word or combination of characters that only the user should know
• Passphrase: a series of characters, typically longer than a password, from which a virtual
password is derived

Principles of Information
19
Security, Fourth Edition
Authentication (cont’d.)
• Authentication factors (cont’d.)
• Something a supplicant has
• Smart card: contains a computer chip that can verify and validate information
• Synchronous tokens
• Asynchronous tokens
• Something a supplicant is
• Relies upon individual characteristics
• Strong authentication

Principles of Information
20
Security, Fourth Edition
Authorization
• Authorization: the matching of an authenticated entity to a list of
information assets and corresponding access levels
• Authorization can be handled in one of three ways
• Authorization for each authenticated user
• Authorization for members of a group
• Authorization across multiple systems
• Authorization tickets

Principles of Information
21
Security, Fourth Edition
Accountability
• Accountability (auditability): ensures that all actions on a system—
authorized or unauthorized—can be attributed to an authenticated
identity
• Most often accomplished by means of system logs and database
journals, and the auditing of these records
• Systems logs record specific information
• Logs have many uses

Principles of Information
22
Security, Fourth Edition
Biometrics Access control
Passwords based systems

• Can be lost
• Can be stolen
• Used by intruder to access your data( e.g banking data)
Telesis Community Credit Union(CA)(case
study)
• financial services provider that manages $1.2 billion in assets
• run a network password cracker as part of an enterprise security
audit - to see if employees were following Telesis’ password policies
• 30 seconds the team was able to identify 80% of people’s passwords
problems
• We can not remember so many passwords – use birthday, names ,
pet names e.t.c
• Password are easy to crack – because they are weak
• we easily forget strong passwords
How Biometrics works
 References
• https://nexidbiometrics.com/about/company/
• http://belgium.usembassy.gov/fingerprint-services.html
• http://www.engineersgarage.com/articles/face-recognition
• http://eagleeyett.com/biometric-systems.php
• http://credenzeinfra.com/face-recognition-system.php
• http://blog.synerion.com/biometric-time-clocks-what-are-they-what-
can-they-do
• http://usa.immigrationvisaforms.com/travel/nexus-iris-scan-locations
• http://arstechnica.com/business/2012/09/company-bets-on-airport-of-
the-future-passing-security-with-an-iris-scan/
• http://hdr-users.blogspot.com.cy/2011/01/retina-scans.html