Difference between revisions of "Biometric Attribute"
From MgmtWiki
(→References) |
(→Other Material) |
||
Line 32: | Line 32: | ||
[[Category: Authentication]] | [[Category: Authentication]] | ||
[[Category: Assurance]] | [[Category: Assurance]] | ||
+ | [[Category: Identifier]] | ||
[[Category: Factor]] | [[Category: Factor]] |
Revision as of 18:21, 19 March 2023
Full Title or Meme
Biometrics are literally the measures of the biologic phenotype of a User.
Context
- Biometric Attributes are taken to be exclusively the measure of human characteristics like fingerprint, facial and behavior patterns.
- The human characteristics are another factor that can be a part of Multi-factor Authentication.
- So the human characteristics can be considered to be a Credential.
- The measurements of the characteristic are compared against a template of the characteristics using some Assurance level to produce a Validated claim.
Problems
- False positives typically come from either relaxed testing, environmental noise or obsolete technology.
- False negatives infuriate Users which is why false positives are tolerated.
- Attacks against the sensor capabilities. Various movie and television plots have shown the attacks like taking someone's eyeball, or using a thin-film replica of a fingerprint to complete an Authentication which Authorizes access.
- Attacks against the sensor processor. The device that does the validation of the biometric using the human evidence must be trusted to both securely store the biometric template and accurately compare that to the live human evidence, which is usually an image of some sort.
- Attacks against the template store. Access to the Authentication data store can often be the simplest attack as it is based on known techniques.
- Biometric Attributes attached to official documents may inadvertently become Biometric Identifiers which invade the user's privacy. See the wiki page Biometric Identifier for user cases where that has damaged a user's life.
- Liveness proofs require some indicator that the image presented is that of a live human who is present at the sensor. The continued presence of the human may also be required in some long-lived interactions.
Solutions
- [https://www.computer.org/csdl/journal/oj/2022/01/09663008/1zBahhRd0Fa A Privacy-Preserving Biometric Authentication System with Binary Classification in a Zero Knowledge Proof Protocol) 2022. Creates a complex protocol for check fingerprint and iris evidence, but does not address the security of the sensor or of the biometric template.
- Coincident with the Mobile Driver's License the airports are looking at automated ways to compare the user's face to the mDL as in the linked example from IDEMIA. (2021-11-23)
- ISO 30107-3:2017 describes testing of Biometric Attribute presentations.
- The first Level 1 rating in the NIST/NVLAP-certified iBeta Presentation Attack Detection (PAD) Certification test was granted on (2018-09-23) to facetec[1]
- Fujitsu Proposes Windows Hello Palm Vein Authentication in the Workplace 2018-02-12
References
- ↑ Planet Biometrics, FaceTec notes achievement in anti-spoofing test. (2018-09-23) http://www.planetbiometrics.com/article-details/i/7463/desc/facetec-notes-achievement-in-anti-spoofing-test/
Other Material
- See the Biometric Pre-Check use case on the Kantara Privacy Enhanced Mobile Credential Work Group wiki (2202-02)