P Protected biometrics for Identity Trust Protected biometrics for Identity Trust P t t t d bi t d bi t i t i f f Id Id tit T tit T t t RISE - Awareness of Biometrics and Security Ethics y By Nicolas DELVAUX nicolas.delvaux@sagem.com Hong-Kong, 5 th of January 2010 DOCUMENT INTERNE - Equipe Marketing / 20 février 2010 0
SAFRAN AT A GLANCE An international high technology group More than 12 billion Euros sales in 2007 (At December 31, 2007) 58 200 employees in over 30 countries 58,200 employees in over 30 countries (At September 30, 2008) Three branches of activity: - Aerospace propulsion - Aircraft equipment - Defense Security Sagem Sécurité: worldwide leading positions Multi modal biometrics solutions ID ID solutions l ti Biometric terminals (access control) Automated fingerprint identification systems Secure ID documents including biometric features (passports, H&ID cards, driving licenses) Sagem Sécurité / DTS / ND / RISE – 05 Jan 2010 1
Sagem Sécurité / DTS / ND / RISE – 05 Jan 2010 2
Agenda 1. An Identity use case - from Passport to e-Passport: a short survey 1 2. Identity : a new field for organised crime 3. Biometrics for identity : strategies for trustworthy framework 4. Conclusion Sagem Sécurité / DTS / ND / RISE – 05 Jan 2010 3
An Identity use case - from Passport to e-Passport: a short survey DOCUMENT INTERNE - Equipe Marketing / 20 février 2010 4
Travel document : passport usage Process for identity verification: 1. 1 T To authenticate the travel document: issuer, securities, etc… th ti t th t l d t i iti t 2. To check document personalisation 3. 3 To check the link between document data and holder To check the link between document data and holder Majors identity’s issues j y Fake travel documents Genuine travel document with fraudulent personalisation Stolen travel document with photo substitution Stolen travel document with photo substitution Impostor using similarity with the genuine travel document holder Sagem Sécurité / DTS / ND / RISE – 05 Jan 2010 5
Challenging issues for checking process Genuine document Facial similarity Sagem Sécurité / DTS / ND / RISE – 05 Jan 2010 6
Identity on e-Passport: more authentication factors ICAO 9303 introduces major updates Electronic: to authenticate the genuine travel document and information El t i t th ti t th i t l d t d i f ti consistency by electronic signature Biometrics features: face (M), fingerprint and iris to link the document and the holder To be: To know: PIN biometrics biometrics To have: token 1 2 3 4 5 6 7 8 9 * 0 # Sagem Sécurité / DTS / ND / RISE – 05 Jan 2010 7
Identity : a new field for organised crime y g DOCUMENT INTERNE - Equipe Marketing / 20 février 2010 8
Biometric authentication Biometrics technologies is not restricted to law enforcement Since 90’s: large scale civil application for civil registry, welfare, etc. Since 90 s: large scale civil application for civil registry, welfare, etc. Need for ID fraud prevention US: $50 billions / year (source: Javelin Strategy & Research Survey – 2007 ) UK: £1.7 billions / year UK £1 7 billi / (source: 2006 Home office report) France: France: € 6.2 Billions / year for welfare organizations € 474 Millions for 212,762 victims in 2008, (source CREDOC, June 2009) Sagem Sécurité / DTS / ND / RISE – 05 Jan 2010 9
Biometrics as Security Enhanced Technology for Identity Identity management is a security target for the future Biometrics: individual authentication or identification based on physiological / behavioral traits of individuals Many modalities : fingerprint, face, iris, vein, DNA.. Different performances and no « silver bullet » modality or technology Common characteristics: Universality, Uniqueness, Permanence, Collectability y, q , , y As any stage, use of biometrics can potentially raise privacy & securiy concerns: Misuse / Abuse breach function Creep Misuse / Abuse, breach,function Creep Collected without consent: collected from a trace, from a data base, Nobody can revoke his/her biometrics Protection schemes are essential! Sagem Sécurité / DTS / ND / RISE – 05 Jan 2010 10 10
ISO/IEC JTC1 SC37 Biometrics protection issues Reference Architecture Attacks Data Data Comparison Matching Decision Storage Collection Enrolment Matchi ng Compare Database Template Identity Matching Score(s) Claim Signal Candidate? Match? P Processing i Presentation Presentation T Template l t Threshold Template Candidate Match/ Creation List Non -match Biometric Characteristics Features Features Verified? Identified? Quality Control Re-acquire Sensor Feature Extraction Decision Criteria Segmentation Verification Identification Sample Sample Expansion Compression p Transmission Enrolment Channel Verification Transmission Identification Sagem Sécurité / DTS / ND / RISE – 05 Jan 2010 11 11
Biometrics for identity : strategies for trustworthy framework DOCUMENT INTERNE - Equipe Marketing / 20 février 2010 13
Biometrics protection: technological approaches Secure token Pros: an evaluated solution Cons: what happens when Cons: what happens when token is cracked? Cryptography Pros: reliable solutions Cons: ready for all your live Multi-modalities Pros: statics and dynamics mixture Pros: statics and dynamics mixture Cons: increase complexity only Crypto-biometrics Pros: revocability capability Cons: accuracy & irreversibility Sagem Sécurité / DTS / ND / RISE – 05 Jan 2010 14 14
An implementation on bio-encryption Fingerprint biometry biometry Multiple + revocable Multivendor Multivendor identities based on the identities based on the Generation of Generation of interoperability same fingerprint protected pseudo identities Minutiae Minutiae Vendor A ID1 Hash Template ID3 protection Minutiae Minutiae Vendor B ID2 Identities are not invertible Sagem Sécurité / DTS / ND / RISE – 05 Jan 2010 15 15
Biometrics protection: Legal Approaches Solution providers in EU Needs more developments Needs more developments Depending MS: EU: legal Data Protection from prior authorisation to simple framework notification Interpretation by DPA principles: “PROPORTIONALITY PRINCIPLE” Directive 95/46 on personal data Systematic warnings about biometrics protection protection databases d t b National transposition in (27) laws Deployment discrepancy & different perceptions different identity management In most MS: I different level of trust diff t l l f t t t MS no specific provisions on biometrics Some MS: biometric data as « sensitive data » biometric data as sensitive data or only when reveal racial, ethnic origins or health Needs of dedicated legal decision Sagem Sécurité / DTS / ND / RISE – 05 Jan 2010 16 16
Principles of proportionality: uses cases Time attendance Access control in sport stadium Access control in swimming pool At school (Fingerprint) Sagem Sécurité / DTS / ND / RISE – 05 Jan 2010 17 17
Biometrics database: submitted to DPA decision? Sagem Sécurité / DTS / ND / RISE – 05 Jan 2010 18 18
Conclusion Identity is a major value in society To demonstrate Identity: T d t t Id tit Travel document: authentication factors by a token Need of an additional authentication factor: biometrics modalities Long-term mechanisms for a worldwide trust Needs of technical and legal consistent approaches N d f h i l d l l i h Protect identity for citizen privacy Protect identity for trusted relationship Protect identity for trusted relationship Security against abuse, misuse and corruption of identity Privacy and Security shall become “a positive-Sum Paradigm” Sagem Sécurité / DTS / ND / RISE – 05 Jan 2010 19 19
Th Thank you for your patience! Thank you for your patience! Th k k f f ti ti ! ! Protected biometrics for identity trust y RISE - Awareness of Biometrics and Security Ethics By Nicolas DELVAUX nicolas.delvaux@sagem.com @ g Hong-Kong, 5 th of January 2010 DOCUMENT INTERNE - Equipe Marketing / 20 février 2010 20
Recommend
More recommend
