The document presents a session on user authentication trends, focusing on the significance of authentication methods including biometrics. It discusses the importance of understanding user behaviors regarding password security and highlights various biometric technologies and their historical development. The session concludes by emphasizing the critical need for secure authentication mechanisms to prevent unauthorized access.

1. Slide 1Slide 1
Session : User Authentication - Trends
11-Nov-2014
Prepared by: Zuraiq

2. Slide 2
This Session…
-- Is Technical – will include an introduction/background
-- Will include Interactions, Questions and Answers…
-- The Sections….
The Start
User Authentications
Biometrics
So…
Thank You
-- Disclaimer

3. Slide 3Slide 3
The Start!

4. Slide 4
Question 1: The Picture! – Please Identify….
Creation and Creator!….

5. Slide 5
Nature and Man….
-- Question 2: Who is the painter? Where is it located now?
-- Depicts – “Human Being” as the supreme creation Combines: Science +
Math + Philosophy!!!!
-- “The Geometry of a Man”
References:
http://www.youtube.com/watch?v=GGUOtwDhyzc : Vitruvian Man – The
Beauty of Diagrams
http://www.youtube.com/watch?v=aMsaFP3kgqQ : Da Vinci’s Virtuvian Man
of Math - James Earle

6. Slide 6
Golden Ratio!!!
-- Question 3: What is “Golden Ratio” ?
-- Beautiful and Harmonious – It’s about Patterns!
-- Architecture and Arts – Across Cultures and Regions
-- Pyramids, Stonehenge, Parthenon, Many of the paintings, Music and
Musical Instruments, Symbols
-- Fibonacci Series
-- Nature: Conspicuous Reoccurrence, Surprisingly Oftem
-- Elliot Rafael Waves + Chaos Theory – The Influence
References:

Wikipedia

http://www.youtube.com/watch?v=O2wU-HT7FiM – Fibonacci and the Golden Mean.
http://www.youtube.com/watch?v=SjSHVDfXHQ4 : The magic of Fibonacci Numbers

7. Slide 7
So…
There is a
-- Brilliance in the design, And also is Uniformity…
-- Yet, they are unique – individually…

8. Slide 8Slide 8
User Authentications!

9. Slide 9
Question 4 : Why ?
-- Why “User Authentication” ?…
My Answers:
-- Part of our business, Daily Life
-- Always Fresh
-- Increased Awareness
-- Renewed Focus…

10. Slide 10
The Password World
– Few Facts
-- More than 70% of people revealed their passwords in exchange of a bar of
chocolate
-- 66% shared their passwords with colleagues
-- 75% knows their co-worker’s password
-- 60% use the same password for everything, including their personal
banking
-- Worst Passwords – Easy to predict
-- Own Name (16%), password (12%), football team (11%), DOB(8%)
http://www.forbes.com/sites/davelewis/2014/10/29/internet-of-things-security-vs-time-to-market/

11. Slide 11
Question 5 : Worst Passwords - 2013
1. 123456
2. password
3. 12345678
4. qwerty
5. abc123
6. 123456789
7. 111111
8. 1234567
9. iloveyou
10.adobe123
11.123123
12.Admin
13.1234567890
14.letmein
15.photoshop
16.1234
17.monkey
18.shadow
19.sunshine
20.12345

12. Slide 12
Authentication - Basics
-- Question 6: What is “Authentication” ?
-- Examples:
Allow someone enter based on a photo id card
Entry into a Cinema Hall
ATM Withdrawal
Access a secured website, say Internet Banking
Emigration Clearance in an airport
Degree Certificate – Original or Not?
Checking the authority of a person…
Information Authenticity – Video Tapes, Source etc
Single Sign On
Confirmation E-mails, OTP
Tracing the date of an artifact – carbon dating
SO…. What is “Authentication” ?

13. Slide 13
The Identity!
-- The Identity Crisis 
-- Basics: Definition – Authentication
1 - Accepting proof of Identity
2 – Comparing the attributes of the object itself to what is known about it
3 – Establishing identity based on external affirmations
-- Lingo : Identity, Authorization, Access, Strong Authorization
-- Multi-factor Authentication - MFA

14. Slide 14
Multi-factor Authentication!
-- Knowledge factors – Something you know
[Passphrase, PIN, Challenge/Response]
-- Possession factors – Something you have
[ID Card, Token, Phone]
-- Inherence factors – Something you are
[Fingerprint, Retina, Iris, Voice, Face]
-- Dynamic factors – Something you do - Question 6
-- Hybrid [Private Keys Encrypted by a Fingerprint Device Inside a USB
Token]
-- So… How many? Who will decide? Criterion?
More Reading: https://twofactorauth.org/

15. Slide 15
Multi-factor Authentication!
-- Tokens – Connected, Disconnected, H/W, S/W, USB
Based, Audio Port Based
-- Cards – Magnetic Strip Cards, Grid Cards, Patterns
-- Wireless Tokens [RF Id, Bluetooth]
-- Software: Capcha, SSO
-- Onetime pads, iButtons  These are OLD….
-- Mobile Phone Based Tokens – Soft token, SMS, QR
Code, Call, smart phone Push, Mobile Signatures, Apps

16. Slide 16
Multi-factor Authentication!

17. Slide 17Slide 17
Biometrics

18. Slide 18
Biometrics!!!
-- What is Biometrics?

19. Slide 19
Biometrics!!!
-- What is Biometrics?
Biometric refers to "automatic" identification of a person, based on her
physiological or behavioral characteristics.
As a characteristic: is a measurable characteristic of an individual
As a Process: Automated Methods of Recognizing an individual based on the
measurable characterstic

20. Slide 20
Biometrics – Timelines…
1858: First systematic capture of hand images for identification is recorded
1870: Bertillon develops anthropometrics to identify individuals
1892: Galton develops a classification system for fingerprints
1896: Henry develops a finger print classification system
1936: Concept of using the iris pattern for identification is proposed
1960s: Face recognition becomes semi-automated
1960: First model of acoustic speech production is created
1965: Automated signature recognition research begins
1969: FBI pushes to make fingerprint recognition an automated process
1974: First commercial hand geometry systems become available
1986: Exchange of fingerprint minutiae data standard is published
1988: First semi-automated facial recognition system is deployed
1992: Biometric Consortium is established within US Government
1997: First commercial, generic biometric interoperability standard published
1999: FBI's IAFIS major components become operational
2002: M1 Technical Committee on Biometrics is formed
2003: Formal US Government coordination of biometric activities begins
2004: US-VISIT program becomes operational
2004: DOD implements ABIS
2005: US patent on iris recognition concept expire

21. Slide 21
Biometrics – Predecessors…
-- Handprints may have acted as a signature….
-- 500 BC – Fingerprint Usage as a person’s mark – settling transactions
-- Chinese used fingerprints and footprints to differentiate children
-- Early Egyptians:
Traders were identified by their physical description
Differentiate between trusted traders and new traders

22. Slide 22
Process Flow – Generic ….

23. Slide 23
Biometrics – Broad Classification
-- Behavioral
[Keystroke, Signature: Static, Dynamic]
-- Physical
[Fingerprint, Voice, Hand/Finger/Face Geometry, Facial Recognition,
Signature, Voice, Iris]
-- Still In Progress
[Smell, Ear Shape, Finger Nail Bed, Face-3D, Gait, Lip Movement, Vein Scan]
-- Traits: Collectability, Uniqueness, Performance, Acceptability, Expected
Number of Users
-- Components: Server, Signal Processing, Data Storage, Matching
Algorithm, Decision Process
-- Capturing Technology: RF, Optical, Capacitive, Pressure Tracking

24. Slide 24
Bio Metrics - Pictorial

25. Slide 25
Finger Prints – Few Facts
-- Oldest form of Biormterics; Widely in practice
-- Highly Reliable
-- Uses distinctive features of Fingerprints: Ridges,
Spurs, Bridges, Patterns
--
--
--

26. Slide 26
Iris Scan – Few Facts
-- Iris is a protected internal organ whose random
texture is stable throughout life
-- High degree of randomness; No 2 iris are identical
-- Stable in a persons life
-- Infra red / High Resolution Photograph
-- Iris Unique Characteristics: Ridges (Rings),
Furrows, Striations (freckles)
--

27. Slide 27
Other Biometrics…
-- Voice Scan: Measures sound waves of a human
speech; Voice print compared to a previous one.
-- Signature Scan: Measures speed, pressure, stroke
order of a signature
-- Retina Scan: Measures Unique characterestics of a
retina; Blood vessel patterns, Vein Patterns
-- Facial Scan: camera measures the following facial
features: Distance between eyes, eyes and nose
ridge, angles of cheek, slope of the nose, Facial
Temperatures
-- Hand Scan: Measures Top and Side of a hand – Not
the palm [Hand Geometry]

28. Slide 28
Biometrics – Metrics 
-- FAR : False Acceptance Rate [Wrong Identification]
-- FRR : False Recognition Rate [Access Denial]
-- FTE: Failure to Enrol Rate
-- AVT : Ability To Verify
[AVT = (1 – FTE)(1-FRR)
-- IRIS: FAR – 1/1,000,000; FRR : 2%
-- Fingerprint: FAR – 1/100,000; FRR: 1%
-- Algorithmic; Matching Scores
-- Standards: BioAPI, BAPI

29. Slide 29
Biometrics – Areas
-- Identification Systems: Who am I ?
[Determine Identity]
-- Verification Systems: Am I who I claim to be ?
[Authenticate Identity]
-- In short, Determine or Authenticate Authority!
--Verification Systems:
More Accurate
Less Expensive
Faster
Limited in Functionality
More Efforts by User than Computer

30. Slide 30
Biometrics – Areas
-- Criminal Identification
-- Automobiles
-- Airport Security
-- Prison Security
--
--

31. Slide 31
Bio-Metric - Usage

32. Slide 32
Bio-Metric Passports
Reference: http://commons.wikimedia.org/wiki/Biometric_passport

33. Slide 33
Biometrics – Pros
-- Cannot be manipulated by Brute Force
-- Not easy to Copy or Steal and Avoids Lost Identity
Cases
-- No Need to memorize
-- Natural
-- Happens in Real Time, and in a Definitive Manner

34. Slide 34
Question 6: Biometrics – Cons
-- Can be faded with time : Fingerprint, Voice [Answer]
-- Not still matured – For example Fingerprint
-- Standards are not in place yet – Replacement, if Lost
-- Not easy to introduce variability
-- Still Expensive
-- Replacement, if Lost
-- Cultural/Religious Issues
-- Privacy Concerns of misuse

35. Slide 35Slide 35
So….

36. Slide 36
So, What are we guarding against ?
Question
Simple – “Unauthorized Access”
And what are the threats ? [Question]
--- Stealing
--- Confidence Tricks
--- Technical Tricks [Local, Remote]
--- Victim Mistakes
--- Implementation Oversights
--- DoS Attacks
--- Enrollment Attacks
https://www.owasp.org/index.php/Comprehensive_list_of_Threats_to_Authe
ntication_Procedures_and_Data

37. Slide 37
Concluding Remarks
-- IdM – is a new area of business and it is Serious!
-- Biometrics – You cannot ignore it!
-- Challenge is to make it simpler – the “User Experience”
around it…
-- User Authentication is an area that demands 100%
perfection without compromise!!!

38. Slide 38Slide 38

39. Slide 39Slide 39
Next Session
On
18-Nov-14