You are previewing Biometrics for Network Security.
O'Reilly logo
Biometrics for Network Security

Book Description

The complete guide to implementing biometric security solutions for your network

Network security has become the latter-day equivalent of oxymoronic terms like "jumbo shrimp" and "exact estimate." Newspaper headlines are routinely peppered with incidents of hackers thwarting the security put forth by the government and the private sector. As with any new technology, the next evolution of network security has long languished in the realm of science fiction and spy novels. It is now ready to step into the reality of practical application.

In Biometrics for Network Security, biometrics security expert Paul Reid covers a variety of biometric options, ranging from fingerprint identification to voice verification to hand, face, and eye scanning. Approaching the subject from a practitioner's point of view, Reid describes guidelines, applications, and procedures for implementing biometric solutions for your network security systems.

Coverage includes:

  • An introduction to authentication technologies and biometrics

  • Dealing with privacy issues

  • Biometric technologies, including finger, hand geometry, handwriting, iris, retina, voice, and face

  • Security concerns related to biometrics, including attempts to spoof or fake results

  • Deployment of biometric security systems, including vendor selection and roll out procedures

  • Real-life case studies

  • For security, system, and network administrators and managers, as well as anyone who is interested in the application of cutting-edge biometric technology, Biometrics for Network Security will prove an indispensable addition to your library!

    Table of Contents

    1. Copyright
      1. Dedication
    2. Prentice Hall PTR Series in Computer Networking and Distributed Systems
    3. About Prentice Hall Professional Technical Reference
    4. Foreword
    5. Preface
    6. Acknowledgments
    7. 1. Introduction and Background
      1. 1. Introduction
        1. What Makes This Book Different?
        2. The Structure of This Book
          1. Section 1–Introduction and Background
          2. Section 2–Biometric Technologies
          3. Section 3–Implementing Biometrics for Network Security
          4. Section 4–Future and Conclusions
        3. Everything You Need to Know about Biometrics to Understand the First Three Chapters
          1. What Is a Biometric?
          2. Enrollment, Template, Algorithm, and Verification
          3. FAR, FRR, and FTE
        4. Who Should Read This Book?
        5. Conclusion
      2. 2. Authentication Technologies
        1. Something You Know
        2. Something You Have
          1. Storage Tokens
          2. Dynamic Tokens
          3. Token Usability
        3. Something You Are
        4. The Need for Strong Authentication
          1. Network Convergence Role in Password Proliferation
          2. Mitigating Public Risk through Government Regulation
            1. Financial institutions
            2. Healthcare industries
            3. Pharmaceutical companies
            4. Governmental entities
            5. Military organizations
          3. Mitigating the Risks from an Inside Threat
        5. The Role of Strong Authentication with Single Sign-On (SSO)
        6. Biometric Technologies: An Intelligent Solution
        7. Conclusion
      3. 3. Protecting Privacy with Biometrics and Policy
        1. Employer's Right to Privacy
          1. Protection of Trade Secrets and Proprietary Information
          2. Protection of Personal Data about Employees and Customers
          3. Background Checks
          4. External Reporting and Auditing Requirements
            1. Provide separation of data
            2. Provide accurate transaction reports
              1. Who performed the transaction?
              2. What was the transaction?
              3. Where was the transaction conducted?
              4. When was the transaction executed?
            3. Provide internal memos and emails
          5. Access Control
        2. Employee's Right to Privacy
          1. Protection of Personal Data Collected by the Employer
            1. Biometrics as an enabler of employee privacy
            2. Biometrics used to invade employee privacy
          2. Creating a Positive Biometric Policy
            1. Biometric enrollment
            2. Template storage and transmission
            3. Verification
              1. Reason for verification
              2. Justifiable verifications
              3. Unjustifiable verifications
            4. Where verification takes place
              1. Servers
              2. Workstations
              3. Smart cards
            5. Terms of use and audit statements
              1. What can the biometric data be used for?
              2. Will it be used in correlation with other data?
              3. Length of storage of the biometric data
              4. Audit trails for access to the biometric data
              5. Audit trails created for verification
              6. How the employer is audited against terms of use
              7. Will biometric data be shared with third parties?
              8. What options do employees have who cannot or will not use biometrics?
        3. Conclusion
    8. 2. Biometric Technologies
      1. 4. Biometric Technologies
        1. User Interaction with Biometric Technology
          1. Passive Biometrics
          2. Active Biometrics
        2. What Makes a Good Biometric?
          1. User Acceptance
            1. Number of calls to help desk
            2. Number of attempted authentications
              1. Below average
              2. Average
              3. Above average
            3. Number of times fallback authentication methods are used
          2. Ease of Use
            1. Ergonomics
            2. FRR
            3. Biometric software
          3. Technology Cost
            1. Device cost
            2. Deployment costs
            3. Support
          4. Deployability
            1. Device size
            2. Environmental conditions
            3. Infrastructure requirements
            4. Minimum client/server system requirements
            5. Deployment methodology supported by the hardware and software selection
          5. Invasiveness of the Technology
          6. Maturity of the Technology
          7. Time It Takes for a User to Become Habituated
        3. What Makes a Good Biometric for Network Security?
        4. Conclusion
      2. 5. Finger Biometric Technologies
        1. General Description of Fingerprints
          1. Macro Fingerprint Features
            1. Ridge patterns
            2. Ridge pattern area
            3. Core point
            4. Delta point
            5. Type lines
            6. Ridge count
          2. Micro Fingerprint Features
            1. Type
            2. Ridge ending
            3. Ridge bifurcation
            4. Ridge divergence
            5. Dot or island
            6. Enclosure or lake
            7. Short ridge
            8. Orientation
            9. Spatial frequency
            10. Curvature
            11. Position
        2. How Is the Finger Imaged?
          1. Optical Scanners
          2. Silicon Scanners
            1. Capacitive
            2. Thermal
            3. Radio frequency (RF)
        3. Types of Algorithms Used for Interpretation
          1. Minutia-Based Algorithm
          2. Pattern-Based Algorithm
          3. Hybrid Algorithm
          4. Which Algorithm Is Best?
        4. How Can this Biometric be Spoofed?
          1. Attacking the Physical Finger
            1. Mitigating this attack
          2. Using Artifacts
            1. Mitigating this attack
          3. Attacking the Communication Channels
            1. Mitigating this attack
          4. Compromising the Template
            1. Mitigating this attack
          5. Attacking the Fallback System
            1. Mitigating this attack
        5. Conclusion
      3. 6. Face Biometric Technologies
        1. General Description of Face Biometrics
        2. How Is the Face Imaged?
        3. What Types of Algorithms Are Used for Facial Interpretation?
          1. Eigenface
          2. Local Feature Analysis
          3. Neural Network
            1. Face detection and framing
            2. ANN input level
            3. Receptive fields
            4. Hidden units
            5. Output
          4. Automatic Face Processing
          5. Which Algorithm Is Best?
            1. Eigenface
            2. Local feature analysis
            3. Neural network
            4. Automatic face processing
            5. Recommended facial algorithm
        4. How Can This Biometric Be Spoofed?
          1. Attacking the Physical Face
            1. Mitigating this attack
          2. Using Artifacts
            1. Mitigating this attack
        5. Conclusion
      4. 7. Voice Biometric Technologies
        1. General Description of Voice Biometrics
        2. How Is the Voice Captured?
        3. Types of Algorithms Used for Voice Interpretation
          1. Fixed phrase verification
          2. Fixed vocabulary verification
          3. Flexible vocabulary verification
          4. Text-independent verification
          5. Which Algorithm Is Best?
          6. Recommended Voice Algorithm
        4. How Can This Biometric Be Spoofed?
          1. Attacking the Physical Voice
            1. Using artifacts
            2. Mitigating this attack
        5. Conclusion
      5. 8. Iris Biometric Technology
        1. General Description of Iris Biometrics
        2. How Is the Iris Captured?
        3. Description of the Iris Algorithm
        4. How Can This Biometric Be Spoofed?
          1. Attacking the Physical Iris
            1. Mitigating this attack
          2. Using Artifacts
        5. Conclusion
    9. 3. Implementing Biometrics for Network Security
      1. 9. Recommended Biometric for Network Security
        1. Finger Biometrics
          1. Acceptance: 9
          2. Easy: 8.5
          3. ROI: 7
          4. Deployable: 9.9
          5. Noninvasive: 8
          6. Mature: 9.9
          7. FAR: 8
          8. FRR: 8
          9. Size: 9
          10. Habituation: 8.5
        2. Face Biometrics
          1. Acceptance: 8.5
          2. Easy: 6
          3. ROI: 5.5
          4. Deployable: 6
          5. Noninvasive: 9
          6. Mature: 7
          7. FAR: 7.5
          8. FRR: 7.5
          9. Size: 6
          10. Habituation: 7.5
        3. Voice Biometrics
          1. Acceptance: 8.5
          2. Easy: 5
          3. ROI: 5.5
          4. Deployable: 8
          5. Noninvasive: 9
          6. Mature: 7
          7. FAR: 6
          8. FRR: 5.5
          9. Size: 9.9
          10. Habituation: 7.5
        4. Iris Biometrics
          1. Acceptance: 4
          2. Easy: 4
          3. ROI: 4.5
          4. Deployable: 6
          5. Noninvasive: 1
          6. Mature: 6
          7. FAR: 9
          8. FRR: 7.5
          9. Size: 6
          10. Habituation: 5
        5. The Choice of a Biometric for Network Access
        6. Conclusion
      2. 10. An Introduction to Statistical Measures of Biometrics
        1. FAR
          1. Definition
          2. The Simple Math
          3. Why Is This Important?
        2. FRR
          1. Definition
          2. The Simple Math
          3. Why Is This Important?
        3. FTE
          1. Definition
          2. The Simple Math
          3. Why Is This Important?
          4. A Quick Note on Biometric Systems
        4. EER
          1. Definition
          2. The Simple Math
          3. Why Is This Important?
        5. What Measure Is Most Important?
          1. Define the User Population
          2. Is the Application for Verification or Identification?
          3. Are Other Means of Authentication Available?
          4. What Is the Importance of the Biometric Authentication?
          5. Is It Driven by Convenience and Ease of Use?
        6. Conclusion
      3. 11. The Biometric Transaction
        1. Securing and Trusting a Biometric Transaction
          1. User
          2. Biometric Reader
            1. Trusted biometric devices
              1. Physical hardening
              2. Electronic hardening
              3. Final thoughts on trusted devices
            2. Non-trusted biometric devices
        2. Matching Location
          1. Local Host
          2. Authentication Server
          3. Match on Card (MOC)
            1. Where is the template created?
            2. What communication methods are used between the biometric device and the smart card?
            3. How is the algorithm implemented on the card?
            4. Final thoughts on matching location
        3. Conclusion
      4. 12. Preparing for the Proof of Concept and Selecting a Vendor
        1. Define the Driver of the Project as Either Corporate IT or a Business Need
          1. The Methodology
        2. Define the Business Need or Objectives
          1. The Methodology
        3. Designate the Internal Sponsor of the Project
          1. The Methodology
        4. Define the Stakeholders
        5. Define a Clear Set of Goals and Success Criteria for the Project
          1. The Methodology
        6. Form and Charter the POC Group
          1. The Methodology
        7. Based on the Goals and Success Criteria, Invite a Few Vendors to Pilot
          1. The Methodology
        8. Set the Timelines for the POC and Ensure That the Implementation Activities Are Done Within the Scope of the POC
          1. The Methodology
        9. Deploy the POC
          1. The Methodology
        10. Monitor and Evaluate the POC
          1. The Methodology
        11. Wrap Up the POC
          1. The Methodology
        12. Decide on the Validity of Each Vendor's Solution
          1. The Methodology
        13. Make a Go/No Go Decision to Move Ahead
          1. The Methodology
        14. Announce the Results and Lay the Groundwork for the Next Phase
          1. The Methodology
        15. Conclusion
      5. 13. Preparing for the Pilot Deployment
        1. Define the Group of Stakeholders
          1. The Methodology
        2. Put in Place a Project Management Team That Can See the Solution Through to Rollout
          1. The Methodology
        3. Form and Charter the Pilot Group
          1. The Methodology
        4. Develop Policy Documents
          1. The Methodology
        5. Summarize Daily Reports Weekly and Send Them Out
          1. The Methodology
        6. Address and Track Problems and Solutions As They Happen
          1. The Methodology
        7. Put a Training Plan in Place
          1. The Methodology
        8. Prepare Audit and Analysis Reports
          1. The Methodology
        9. Build and Test an Automated Install
          1. The Methodology
        10. Roll Out the Software and Hardware in a Practical Manner
          1. The Methodology
        11. Provide Mechanisms for Feedback
          1. The Methodology
        12. After Initial Pilot Rollout, Get the Executives Involved
          1. The Methodology
        13. Start Addressing Issues of Scalability and Manageability for Rollout
          1. The Methodology
        14. Near the End of the Pilot, Start Discussing the Next Steps
          1. The Methodology
        15. Wrap Up the Pilot
          1. The Methodology
        16. Make a Go/No Go Decision
          1. The Methodology
        17. Build a Transition Book
          1. The Methodology
        18. Conclusion
      6. 14. Preparing for the Rollout
        1. Why Is This Chapter So Short?
        2. Conclusion
    10. 4. Future and Conclusions
      1. 15. The Future of Biometric Authentication
        1. Will Biometrics Be Integrated Everywhere?
        2. What Other Biometric Measures Will Exist?
        3. A Futuristic Example: New Form of “Caller ID”
        4. Conclusion
    11. Glossary
    12. Bibliography