Escolar Documentos
Profissional Documentos
Cultura Documentos
Methodology
INTECO PROJECT ABOUT BIOMETRIC TECHNOLOGIES APPLIED TO SECURITY
RESEARCH
Diagnosis
PRACTICAL GUIDE
Learning and awareness
Documents Analysis + Expert Personal Interviews + 2.0 Investigation + Workshop for final conclusions
Advantages against other identification processes Uses and applications Future lines of investigation Applicable regulations and standards Threats and Vulnerabilities Security measures and good practices Advice to industry and private and public organisms
Behavioral technologies
1) Fingerprint recognition
Arch
Tented Arch
Left Loop
Right Loop
Plain Whorl
3) Iris recognition
5) Hand geometry
Permanence
Injuries
Acceptability
Permanence
2) Voice recognition
4) Gait
Recognition in crowds
Still being developed
M H L L M M H H M H
H L H H M H L L M M
Fraud resistance
M H M L H M H M M H
H L H H M M L L L L
H M H H M M L L L L
H L H H M M L L L L
10
Fingerprint is the most extended technology. It is due to its high maturity level what implies a lower cost.
Facial recognition is in second place but quite far The inclusion of a photography in many identification documents boosts its implementation
11
Biometry
Password/Cards
12
Advantages:
Disadvantages:
Cost Comfort
More privacy
13
14
More comfort, not needed to remember or to be safely kept. Waiting time reduction. Remote transactions are possible. More security and privacy.
15
Online Banking
ATM
Payment
Secured online
transactions.
16
Access and
presence control
Phone
Mobile
Secured remote
transactions (voice recognition).
17
Success Cases
Quick Access to Airport Borders in Spain Technology: Fingerprint and facial recognition. Benefits:
Raise in time/agent/control ratio Security increase Mitigation of the fear of the users to the
use of biometric systems. Future developments: There are future expansion plans to other national borders (airports and ports) using even more verification elements.
18
Success Cases
Public subsidies management in Poland Technology: Finger veins structure recognition. Benefits:
19
Regulatory Framework
There is enough legislation related to the personal data protection but may be useful to go deeper in the biometric specific case. LOPD (Spanish Data Protection Act) Considerations: Legitimate use of the data. The user must be informed. The user must consent the process except in some particular cases. The data must be registered in the Data Privacy Authority. Data delegation. International Standards There had been identified several standards that are applicable over many different aspects: information transmission, APIs, Systems performances, etc.
20
The implementation and the use of biometric technologies are exposed to several risks, some of them specific and some of them shared with the rest of identification technologies. Identifies threats and vulnerabilities related to different factors. are
There is a set of recommendations and good practices that can suppose a mitigation of the identified risks.
21
Pre-Analysis
Legitimate use of the data. The user must be informed. The user must consent the process
except in some particular cases.
22
23
Continuity Plan
passUDe45
24
Training
25
Recommendations
Organizations Pre-analyze Go for quality technologies Avoid prototypes difficult to use Offer collaboration to final users Comply with what is previously about privacy indicated Look for improvement and reduced costs of technologies Spread knowledge Scientists Develop lines of investigation that satisfy current needs
26
Recommendations
Manufacturer and service providers Bet for innovation Offer high quality systems Solve clients doubts Analyze properly the clients Promote algorithm unification Guarantee the security and confidentiality of biometric traits of the users
27
Recommendations
Public organisms. Ease the access to public services using biometry Use biometric systems in their own facilities Invest in defense and border control Invest in investigation and innovation Realize divulgation
28
Learning and evolving Second generation, challenges already detected Public Administration commitment Help normalizing and divulgating Big companies impulse Expansion and criteria unification Standardization and interoperability Opened systems and users freedom
29
Conclusions - Weaknesses
Risk of personal privacy invasion Fear of citizens Lack of privacy perception Public exposure High exposure = big repercussion of problems Specific regulation needed Promotion of good practices and accountability
30
Final Thoughts
Lack of offers of integral security Lack of knowledge in enterprises Non confidence of users Current economic difficulties
Risk of overconfidence
31
Follow us on:
Web
http://observatorio.inteco.es Facebook Profile http://www.facebook.com/ObservaINTECO Twitter Profile http://www.twitter.com/ObservaINTECO Scribd Profile http://www.scribd.com/ObservaINTECO Youtube Profile http://www.youtube.com/ObservaINTECO Information Security Observatory BLOG http://www.inteco.es/blogs/inteco/Seguridad/BlogSeguridad
http://www.inteco.es http://observatorio.inteco.es