Biometric authentication and authorisation infrastructures [Elektronische Ressource] / vorgelegt von Matthias Olden

universitat_regensburg - Daria Solenik

Le téléchargement nécessite un accès à la bibliothèque YouScribe
Tout savoir sur nos offres

222 pages

English

Le téléchargement nécessite un accès à la bibliothèque YouScribe
Tout savoir sur nos offres

A propos
Informations
Extrait

Description

Sujets

BIOMETRIC AUTHENTICATION AND
AUTHORISATION INFRASTRUCTURES

Dissertation zur Erlangung des Grades eines Doktors der Wirtschaftswissenschaften
eingereicht an der Wirtschaftswissenschaftlichen Fakultät der Universität Regensburg

vorgelegt von

Dipl. Wirt.Inf. Matthias Olden

Berichterstatter
Prof. Dr. Dieter Bartmann
Prof. Dr. Günther Pernul

Regensburg, den 21. Oktober 2008 PREFACE
Nowadays, replacing traditional authentication methods with authentication and authorization
infrastructures (AAIs) comes down to trading several passwords for one “master password”, which
allows users to access all services in a federation. Having only one password may be comfortable
for the user, but it also raises the interest of potential impostors, who may try to overcome the
weak security that a single password provides. A solution to this issue would be a more factor AAI,
combining the password with a biometric method of authentication that can work on the internet.
The model presented in this work is based on typing behaviour biometrics, which can recognize a
user by the way he types (Bartmann 2007). This biometric method uses the keyboard as a sensor
and is a pure software solution that can function in a web browser.
Due to the fact that biometrics do not require any knowledge based features (like passwords),
biometric AAIs based on typing behaviour are comfortable for the user. Also, no special devices
(like tokens) are necessary for the authentication. Additionally, biometric AAIs provide high
protection against attacks by uniquely assigning a username to a certain person. These advantages
make biometric AAIs interesting for practical use.
As common AAIs were not especially designed to be used with biometrics (Schläger 2008), their
architectures do not foresee specific biometric issues like the process of enrolment on different
servers, template aging and synchronisation of biometric data (e.g. for the purpose of recognizing
replay attacks). They also do not include methods of delivering information about the quality of
biometric data upon the login process. A part of this research will concentrate itself upon the
problems of biometrics in combination with AAIs, which will be studied both at the level of the
typing behaviour biometric as well as at the level of AAIs. For this, different AAI architectures will
be investigated in order to see whether they permit the use of biometrics as authentication
technology and to research the necessary changes in their architectures in order to provide a
reference model for a biometric AAI.

LOGIC FLOW DIAGRAM
This work is divided in three parts:
I. Theoretical concepts: In this first part, different concepts concerning identity management,
biometric authentication and AAIs are investigated at a theoretic level. The various trends in
identity management systems show the necessity of increasing security by the use of biometrics.
This makes it important to understand the particularities of biometric systems, which will be done
on the example of typing cadence. Furthermore, criteria for the choice of an AAI appropriate for
biometric integration will be elaborated.
II. Investigation of practical issues: This part of the work is an in depth view on the problems of
biometric authentication. Several issues like replay attacks, quality and aging of biometric data are
researched by means of examples and experiments taken from typing behaviour biometrics.
Another investigation topic is the conception of fall back mechanisms for more factor
authentication.
III. Biometric AAI solutions: This part includes the development of use cases and real prototypes
of biometric AAIs. For this purpose, two possible solutions are provided for different system
architectures.
A logic flow diagram of this work is presented here:
CONTENTS
1 INTRODUCTION ..............................................................................................1
1.1 Problematic............................................................................................................................................1
1.2 Purpose of this work.............................................................................................................................3
1.2.1 Particularities of the use of AAIs together with biometrics..............................................................3
1.2.2 Conception of an architectural model for biometric authentication services...................................3
1.3 Research questions................................................................................................................................3
1.3.1 Architectural aspects: aging process of biometric data.....................................................................4
1.3.2 Security aspects: replay attacks .........................................................................................................4
1.3.3 Quality aspects: quality of biometric features...................................................................................4
1.3.4 Consequences for architectures: reference models ...........................................................................5
1.3.5 Prototype implementation of a biometric AAI on the basis of typing behaviour ............................5
2 IDENTITY MANAGEMENT..............................................................................6
2.1 Reasons for using identity management ............................................................................................6
2.2 Definition of terms ................................................................................................................................7
2.2.1 Identity ...............................................................................................................................................7
2.2.2 Partial identity....................................................................................................................................7
2.3 Identity management............................................................................................................................8
2.4 Functionality and components of an IDM system ............................................................................8
2.4.1 The level of personal data..................................................................................................................9
2.4.2 The level of resources........................................................................................................................9
2.4.3 The level of authentication ................................................................................................................9
2.4.4 The level of authorisation ................................................................................................................10
2.5 Trends in the field of IDM .................................................................................................................11
2.5.1 The number of IDM providers will increase...................................................................................11
2.5.2 Companies will use federated identity management ......................................................................12
2.5.3 Privacy and data protection will be gaining importance.................................................................12
2.5.4 Identity 2.0 will be the base of future IDM systems.......................................................................13
2.5.5 Biometrics will contribute to increase the security of IDM systems..............................................15
2.6 Evaluation............................................................................................................................................16
3 BIOMETRICS .................................................................................................17
3.1 Motivation............................................................................................................................................17
3.2 Terminology.........................................................................................................................................18
3.3 Typing cadence as a biometric method ............................................................................................22
3.3.1 Classification of typing cadence biometrics....................................................................................23
3.3.2 Criteria for biometric features .........................................................................................................24
3.3.3 Criteria for biometric methods ........................................................................................................25
3.3.4 Particularities of typing cadence......................................................................................................26
3.3.5 Operational areas .............................................................................................................................26
3.3.6 Typing cadence by Psylock .............................................................................................................27

4 AUT