SLIDE 1
Srivaths Ravi NEC Labs America
Security Requirements of Mobile Appliances
- Securit y is
- nly as st rong
as it s weakest link
- Passwords
Securing Next- generation Mobile Platf orms: The User- to- Device - - PowerPoint PPT Presentation
Securing Next- generation Mobile Platf orms: The User- to- Device - - PowerPoint PPT Presentation
Securing Next- generation Mobile Platf orms: The User- to- Device Authentication I ssue MPSoC (August 2006) Srivaths Ravi (Email: sravi@nec- labs. com) NEC Laboratories America Princeton, NJ Security Requirements of Mobile Appliances
SLIDE 2
SLIDE 3
Srivaths Ravi NEC Labs America
- Solut ion: Use of biomet rics
Solut ion: Use of biomet rics
- Physiological t rait s t hat are unique t o an individual & easily
quant if iable – Fingerprint – Voice – Face – I ris – Hand geometry
A Case f or Biometrics
Fingerprint Face recognition Voice recognition
- Convent ional solut ions (E.g., passwords, Tokens)
– Easy- to- break: Most commonly used password is “password” – Cumbersome: 30% of system- admin help desk calls are reset requests
- Cost of insecurit y is very high
–
- 3. 3 million identity thef ts in U. S. (2002)
–
- 6. 7 million victims of credit card f raud
– – US$ 10 billion US$ 10 billion loss per year due to identity thef t (Gartner, 2002)
SLIDE 4
Srivaths Ravi NEC Labs America
Biometric Technologies: Market Projections
- Growt h +35% per
annum
– I n response to increasing needs f or security 500 1000 1500 2000 2500 3000 3500 4000 4500 5000 2003 2004 2005 2006 2007 Source: International Biometrics Group Revenues ( US$, MILLIONS)
Middleware 12% Hand-Scan 11% Facial-Scan 15% Iris-Scan 6% Signature-Scan 3% Voice-Scan 4% Finger-Scan 49%
- Market breakdown by
Technology (2001)
– Fingerprint (49%) – Face (15%) – Voice (4%)
SLIDE 5
Srivaths Ravi NEC Labs America
How does Biometric Authentication Work? (An Example: Fingerprint)
User Acquisition system Processing device Template minutiae database User 1 Processing device User 2 Acquisition system Template minutiae database Granted Denied User 1 User 2
Enrollment Verif ication
SLIDE 6
Srivaths Ravi NEC Labs America
Challenges in Mobile Biometrics: Perf ormance
- Heavy workload can easily
- verwhelm embedded processors in
mobile t erminals!
–
- E. g. , High- f idelity f ingerprint
verif ication on a PDA with 206MHz StrongARM CPU takes > 100 sec !
500 1000 1500 2000 2500 3000 3500 Desktop iPAQ 20 40 60 80 100 120
- Current solut ions
– Using better sensors: MORE COST
MORE COST
– Dedicated chip f or biometric authentication: MORE COST
MORE COST
– Trade- of f between perf ormance and accuracy
- E. g. , skip image enhancement steps
- LOWER ACCURACY
LOWER ACCURACY
Processor MIPS Run time (sec)
Pentium4 SA-1110
SLIDE 7
Srivaths Ravi NEC Labs America
Challenges in Mobile Biometrics: Accuracy
× High inaccuracies f or uni-modal biomet ric t echnologies × Can deny legal user ent ry × Can provide unaut horized user access × × Poor User Experience Poor User Experience × × Low Securit y Low Securit y 1% 10% Varied Lighting (outdoor/ ind
- or)
FRVT [2002] Face 2- 5% 10- 20% Text independent NI ST [2000] Voice 2% 2% 20 years (average age) FVC [2004] Fingerprint
False Accept Rate False Reject Rate Test Parameter Test
(Courtesy: Anil Jain, MSU)
SLIDE 8
Srivaths Ravi NEC Labs America
Challenges in Mobile Biometrics: Vulnerability to Attacks
Decision
Sensor
Feature Extractor
Matcher
Fake biometric Replay previous data Compromise feature extractor Replace feature extractor output Modify matcher Attack template database Override decision Alter transmitted template
Template(s)
- Several points of
vulnerabilities in a biometric system
- Success ratio of attacks can be
very high
- E.g. Spoofing with Playdoh molds
- n various fingerprint scanners
0.1 0.2 0.3 0.4 0.5 0.6 0.7 Capacitive DC Opto- electric Optical Capacitive DC
Success Ratio Scanners
Source: Info. Security TR, 2002
SLIDE 9
Srivaths Ravi NEC Labs America
Summary of Challenges
- Perf ormance Gap
– Comput at ional workload of biomet ric aut hent icat ion algorit hms can overwhelm embedded processor capabilit ies
- Accuracy
– Biomet ric aut hent icat ion accuracy (f alse accept / rej ect ) needs t o be signif icant ly improved
- Attack Resistance
– Prot ect t he aut hent icat ion process f rom implement at ion at t acks (physical, SW,..)
SLIDE 10
Srivaths Ravi NEC Labs America
HW/ SW Multimodal Biometric Platf orm
MW OS HW Services
CPU0 PE Scratch pad
Co-processor
Multi-Processor Operating System
Common Biometric and Crypto Libraries Voice Fingerprint Face Multimodal Biometric Manager User Authentication Secure Transactions Encrypted FS CPU1 CPU2
Multi-modal biometric
manager SW
Higher security by
combining biometrics
Multi-threaded for
efficient utilization of multi-processor platforms
Mobile biometric processor Custom instruction set
accelerates biometric algorithms
Over 10X speedup Low overheads Attack resistance Several elements
including boot-time verification, runtime protection using access control monitors, etc.
SLIDE 11
Srivaths Ravi NEC Labs America
Benef its: Faster Authentication
- Example (Face
Authentication) – PCA/ LDA – Bayesian
- Evaluation
– A commercial embedded processor – Open-source f ace recognit ion SW (CSU) – I mage Dat abase: FERET (NI ST)
5 10 15 20 25 30 Enrollment (PCA/ LDA) Verif icat ion (PCA/ LDA) Enrollment (Bayesian) Verif icat ion (Bayesian) I mage Enhancement )
SW (Orig) +FP +CodeOpt +Cust om I nst r. +Copro
- 4. 8X
- 5. 0X
- 2. 3X
- 3. 2X
- 8. 1X
SW SW (opt)
Architecture Perf ormance Results Time (sec)
SLIDE 12
Srivaths Ravi NEC Labs America
Benef its: I mproved Accuracy
A Bi- modal biometric architecture using f ace and f ingerprint
Signif icant improvement in accuracy when f ace and f ingerprint based biometrics are combined
False Accept Rate (%) Log Scale
0.001 0.01 0.1 1 10 100
Genuine Accept Rate (%)
60 50 100 90 80 70 Face Fingerprint Face+Fingerprint
Decision Module
Sensor 1
Feature Extractor 1
Matcher 1
Fingerprint Template(s)
Sensor 2
Feature Extractor 2
Matcher 2
Face Template(s)
Matching Parameters
Courtesy: Anil Jain, MSU
Accept/ Reject