The challenge
Personal identification numbers (PINs) once provided a reasonable measure of privacy and peace of mind to online shoppers, bank customers and other security-conscious Internet users. While PINs are still useful in some cases, clever hackers, phishers and pharmers have heightened the need for added security techniques. Phishers, for example, often pose as brand name Web sites and trick users into divulging financial data such as passwords, credit card numbers and PINs. Pharmers misdirect users to fraudulent sites or proxy servers, typically by hijacking or poisoning domain name systems.
Another force for change is the U.S. Federal Financial Institutions Examination Council, which is requiring banks to employ authentication processes for Internet services customers by the end of 2006. Noting that single-factor authentications such as user names and passwords are insufficient, the council says banks must institute dual-factor authentication, which relies on something consumers have, such as smart cards, and something they know, like passwords or birth dates.
Another cutting-edge alternate authentication system coming into greater use is biometrics, which verifies identities by physiological factors such as fingerprints, retinal patterns and facial appearance, or by behavioral characteristics such as signatures, voiceprints and gait. Biometric characteristics are unique to each user, they cannot be lost, and biometric signals are difficult to steal or forge.
But even biometric authentication is vulnerable to determined identity thieves. Attackers can present counterfeit biometrics (a fake finger, for example) to the sensing device or submit previously stored digitized biometric signals (such as a recorded voice message). Another disadvantage is that many people balk at sharing such personal data across various databases. And the property that makes biometrics so attractive for authentication purposes – invariance over time – can also be one of its liabilities. When a credit card number is compromised, the issuing bank can merely assign the customer a new number. When biometric data are compromised, replacement is not possible. And once a set of biometric data has been compromised, it is compromised forever.
The approach IBM Research is working to address these and other biometric issues with a method called Cancelable Biometrics. Instead of enrolling a person’s identity with a true fingerprint, for example, the biometric signals are intentionally distorted in a repeatable manner, and the altered fingerprint is used as the identification. If for some reason the altered print is stolen, a new uniquely configured fingerprint can be issued by simply changing the parameters of the distortion process.
Privacy is further enhanced because different distortions can be used for different services and because the true biometrics are not stored or revealed to the authentication server. In addition, such intentionally distorted biometrics cannot be used for searching legacy databases. This novel IBM technique can be used with other biometrics to achieve similar benefits.
Next steps Cancelable Biometrics is generating interest within the financial sector, with several large banks exploring its use with IBM researchers. Other applications include government entities that deal with sensitive information, such as the IRS, the Social Security Administration and state motor vehicle departments; utilities, military and law enforcement organizations; and aerospace and defense contractors.
To find out more about IBM Cancelable Biometrics capabilities and to explore other innovative ways to address other security and privacy issues in your business, contact contact ODIS today.
| |
