| Seminarsonly.Com |
|
| >>
Custom Search
| |
Definition The prevailing techniques of user authentication, which involve the use of either passwords and user IDs (identifiers), or identification cards and PINs (personal identification numbers), suffer from several limitations. Passwords and PINs can be illicitly acquired by direct covert observation. Once an intruder acquires the user ID and the password, the intruder has total access to the user's resources. In addition, there is no way to positively link the usage of the system or service to the actual user, that is, there isno protection against repudiation by the user ID owner. For example, when a user ID and password is shared with a colleague there is no way for the system to know who the actual user is. A similar situation arises when a transaction involving a credit card number is conducted on the Web. Even though the data are sent over the Web using secure encryption methods, current systems are not capable of assuring that the rightful owner of the credit card initiated the transaction. In
the modern distributed systems environment, the traditional authentication policy
based on a simple combination of user ID and password has become inadequate. Fortunately,
automated biometrics in general, and fingerprint technology in particular, can
provide a much more accurate and reliable user authentication method. Biometrics
is a rapidly advancing field that is concerned with identifying a person based
on his or her physiological or behavioral characteristics. Examples of automated
biometrics include fingerprint, face, iris, and speech recognition. User authentication
methods can be broadly classified into three categories as shown in Table 1.1.
Because a biometric property is an intrinsic property of
an individual, it is difficult to surreptitiously duplicate and nearly impossible
to share. Additionally, a biometric property of an individual can be lost only
in case of serious accident. Biometric
readings, which range from several hundred bytes to over a megabyte, have the
advantage that their information content is usually higher than that of a password
or a pass phrase. Simply extending the length of passwords to get equivalent bit
strength presents significant usability problems. It is nearly impossible to remember
a 2K phrase, and it would take an annoyingly long time to type such a phrase (especially
without errors). Fortunately, automated biometrics can provide the security advantages
of long passwords while retaining the speed and characteristic simplicity of short
passwords. Even though automated
biometrics can help alleviate the problems associated with the existing methods
of user authentication, hackers will still find there are weak points in the system,
vulnerable to attack. Password systems are prone to brute force dictionary attacks.
Biometric systems, on the other hand, require substantially more effort for mounting
such an attack. Yet there are several new types of attacks possible in the biometrics
domain. This may not apply if biometrics is used as a supervised authentication
tool. But in remote, unattended applications, such as Web-based e-commerce applications,
hackers may have the opportunity and enough time to make several attempts, or
even physically violate the integrity of a remote client, before detection. A problem with biometric authentication systems arises when the data associated with a biometric feature has been compromised. For authentication systems based on physical tokens such as keys and badges, a compromised token can be easily canceled and the user can be assigned a new token. Similarly, user IDs and passwords can be changed as often as required. Yet, the user only has a limited number of biometric features (one face, ten fingers, two eyes). If the biometric data are compromised, the user may quickly run out of biometri features to be used for authentication
|
copyright © 2006 V2 Computers E-mail :- contactv2@gmail.com
