This document discusses biometric security for mobile devices. It covers various biometric authentication methods like facial recognition, fingerprints, and voice recognition. It analyzes the pros and cons of each method in terms of accuracy, security, usability, and other factors. The document also provides examples of how voice biometrics can be used for fast authentication and describes the VoiceKeyID algorithm which can authenticate users with half a second of speech.
Firstly used on the Automated Fingerprint Identification Systems (AFIS), fingerprint biometrics is now adapted to parallel markets such as Physical Access Control, Logical Access Control, Secured Payment Solutions and applications OEM. These devices profit from the vast expertise acquired by AFIS systems, while using the latest technology.
Firstly used on the Automated Fingerprint Identification Systems (AFIS), fingerprint biometrics is now adapted to parallel markets such as Physical Access Control, Logical Access Control, Secured Payment Solutions and applications OEM. These devices profit from the vast expertise acquired by AFIS systems, while using the latest technology.
Star Link Communication Pvt. Ltd., India's leading manufacturer of biometric attendance system and access control system, brings you this slideshow about biometrics and how the technology works.
BSI Biometrics Standards Presentation.
View BSI’s presentation about biometric standards, and get an overview of biometrics and identity management, and standards development for biometrics.
Star Link Communication Pvt. Ltd., India's leading manufacturer of biometric attendance system and access control system, brings you this slideshow about biometrics and how the technology works.
BSI Biometrics Standards Presentation.
View BSI’s presentation about biometric standards, and get an overview of biometrics and identity management, and standards development for biometrics.
This project lets you build a fingerprint-based Biometric Authentication system which can allow or deny access
By building this project, get exposed to biometric sensors (fingerprint scanners), storing of biometric patterns, Arduino and LCD display and also about Arduino programming in this project. Learn and Build this project with Skyfi Labs, for more info please visit https://goo.gl/oQgIpC.
What does FinTech really mean for 2017?
We've outlined 6 of the hottest trends to look out for in the coming year,
The Top 6 FINTECH TRENDS for 2017 by Safaraz Ali
AWS re:Invent 2016: Fraud Detection with Amazon Machine Learning on AWS (FIN301)Amazon Web Services
In this session, we provide programmatic guidance on building tools and applications to detect and manage fraud and unusual activity specific to financial services institutions. Payment fraud is an ongoing concern for merchants and credit card issuers alike and these activities impact all industries, but are specifically detrimental to Financial Services. We provide a step-by-step walkthrough of a reference solution to detect and address credit card fraud in real time by using Apache Apex and Amazon Machine Learning capabilities. We also outline different resource and performance optimization options and how to work data security into the fraud detection workflow.
PayPal's Fraud Detection with Deep Learning in H2O World 2014Sri Ambati
PayPal's Fraud Detection with Deep Learning in H2O World 2014 -
Flexible Deployment, Seamlessly with Big Data, Accuracy and Responsive support.
- Powered by the open source machine learning software H2O.ai. Contributors welcome at: https://github.com/h2oai
- To view videos on H2O open source machine learning software, go to: https://www.youtube.com/user/0xdata
Chapter 6
Authenticating People
Chapter 6 Overview
The three authentication factors: what you know, you have, and you are
Passwords, password bias, and search space calculations
Cryptographic building blocks: random choice, one-way hash
Authentication devices: personal tokens and biometrics
Basic issues in authentication policy
Elements of Authentication
Authentication Factors
Something you know
Password or PIN
Something you have
Key or token
Something you are
Personal trait
Traditional parallel terms:
Something you know, are, have
Multi-factor Authentication
Using different factors in authentication
NOT two or three instances of the same factor
Two-factor authentication
ATM authentication: ATM card + PIN
Biometric laptop: Fingerprint + password
NOT: Password + PIN
Three-factor authentication
Biometric access card: fingerprint + card + PIN
NOT: fingerprint + PIN + password
Authentication Threats
Focus in this chapter
Trick the authentication system or access assets through the system
No “remote” attacks via Internet or LAN
Threats must have physical access to system
Range of threats
Weak threat – authentication is effective
Strong threat – authentication may work
Extreme threat – authentication not effective
Attacks on Authentication
Password Authentication
Each User ID is associated with a secret
User presents the secret when logging in
System checks the secret against the authentication database
Access granted if the secret matches
Risks
Shoulder surfing at the keyboard
Reading the password off of printer paper
Sniffing the password in transit or in RAM
Retrieving the authentication database
Password Hashing
One-Way Hash Functions
A Cryptographic Building Block function
We will see more building blocks later
Input:
An arbitrarily large amount of data, from a few bytes to terabytes – RAM or files or devices
Output:
A fixed-size result
Impractical to reverse
Minor change to input = big change to output
Sniffing Passwords
Goal: intercept the password before it is hashed
Keystroke loggers
In hardware: Devices that connect to a keyboard's USB cable
In software: Procedures that eavesdrop on keyboard input buffers
Password Guessing
DOD Password Guideline (1985) required a minimum 1 in a million chance of successful guessing.
This was designed to defeat interactive password guessing: A person or machine made numerous guesses
Some guessing succeeds based on social and personal knowledge of the targeted victim
Modern network-based guessing can try tens of thousands of alternatives very quickly.
Off-line Password Cracking
How Fast Is Off-line Cracking?
It depends on the size of the search space
i.e., how many legal – or likely – passwords?
Legal passwords are limited to specific sets of characters, typically from the ASCII set
Single-case letters only:
Two letter passwords = 262
Three letter passwords = 263
… etc.
Password with L letters = 26L
Increasing the Search Space
Two options
Increase L – the length of pas ...
A recent revision to the US Government’s authentication guideline, NIST SP 800-63B "Authentication and Lifecycle Management", puts a greater emphasis on the usability of authentication in its recommendations. This talk will discuss the ways in which it attempts to relieve the users’ burden and shift more responsibility to the services themselves, hopefully improving overall security in the process.
Presentation to BayCHI, December 12, 2017
Identity authentication using voice biometrics techniqueeSAT Journals
Abstract
Identification of people using name, appearances, badges, tags and register may be effective may be in a small organization.
However, as the size of the organization or society increases, these simple ways of identifying individual become ineffective.
Therefore, it may be necessary to employ additional and more sophisticated means of authenticating the identity of people as the
population increases. Voice Biometrics is a method by which individuals can be uniquely identified by evaluating one or more
distinguishing biological traits associated with the voice of such individuals. In this paper, an unconstrained text-independent
recognition system using the Gaussian Mixture Model was applied to match recorded voice to stored voice for the purpose of
identification of individual. Recorded voices were processed and stored in the enrollment phase while probing voices were used
for comparison in the verification/recognition phase of the system.
Keywords: Model, Biometric, verification, enrollment, database, authentication, matching, identity.
Asegurarme de la Seguridad?, Un Vistazo al Penetration TestingSoftware Guru
Sesión presentada en SG Virtual 11a. edición.
Por: Gilberto Sánchez.
En esta charla veremos ¿qué es el Penetration Testing?, ¿Porque hacerlo?, los tipos de Pen testing que existen, además veremos el pre-ataque, ataque y el post-ataque así como los estándares que existen en la actualidad..
2. All Authentication Options
What you know, e.g. password
What you have, e.g. soft- or hard-token
Who you are, e.g. any biometric
How you behave, e.g. adaptive
authentication
2
3. Passwords
Your password is “dinosaur”
October 2013 – Adobe announces 38 M passwords are compromised
Password hints posted in cleartext
Passwords not salted
Days later they’re posted online and many are soon broken
June 2012 – LinkedIn announces 7M of 150M passwords stolen
Passwords not salted
Days later they’re posted online and …
Customers using same password for Facebook, garage door openers,
and banking
Passwords heavily re-used or shared
Passwords have to be remembered (and typed)
Passwords can be “cracked” (recovered)
3
6. Facial Recognition
Pro’s
Convenient
Liveness Test
Con’s
Lighting condition requirement
Can be faked with static and/or animated gif from
public photos
Repudiation
6
7. Fingerprint
Pro’s
EER of around 1%
Convenience
Liveness Test
Non-repudiation
Con’s
Specialized Hardware
Finger cleanliness
Cuts to finger
Angle or pressure of placement
Biometric privacy concerns
Fingerprints can be captured easily
Search for “MythBusters Fingerprints Busted” on YouTube
7
8. Voice
Pro’s
Convenience
Cost
EER of around 2-3%
Liveness Test
Non-repudiation
Can be authenticated remotely
Con’s
Cold or illness affecting voice
Environmental noise
Behavioral or temporal speaking differences
User education or awareness to use
8
17. Voice Biometric Use Cases
Use Cases
Fast Balance
Step up authentication option
Online Account Opening
Login authentication
Male v. Female voices
Male frequency 85-180 Hz
Female frequency 165-255 Hz
We hear frequency as the pitch
Double the frequency we perceive it as “twice as high”
17
18. VoiceKeyID™ Algorithm
Authenticates in ½ second
Runs on device, no servers needed
Configurable for low FAR (False Acceptance Rate)
Multi-lingual, any language or song or repeatable gibberish will work
Requires 10-12 syllables or 4-6 seconds of speech
Robustness against recorded attacks
Low Failure To Enroll Errors
Low Storage Requirement (50-100KB)
Secure Storage
Can identify forced failure attempts and deny them
Available for use anywhere in apps
Patent protected in US and China
18
