logo

Assignment on Biometric authentication

22 Pages4890 Words366 Views
   

Added on  2019-12-28

Assignment on Biometric authentication

   Added on 2019-12-28

ShareRelated Documents
Biometric authentication overPassword and PIN authenticationSubmitted by:Date:Page 1 of 22
Assignment on Biometric authentication_1
Table of Content1.Introduction 2.The risk assessment process3.Biometric is one authentication method4.TYPES AND DESCRIPTION OF BIOMETRICS5.PHYSIOLOGICAL BIOMETRIC6.BEHAVIORAL BIOMETRIC7.Advantages of the biometric authentication8.Drawbacks of the biometric authentication9.Comparison10.ConclusionsPage 2 of 22
Assignment on Biometric authentication_2
IntroductionPasswords have dominated human-computer authentication for 50 yearsdespite consensus among researchers that we need something more secureand deserve something more user friendly. Much published research hasfocused on specific aspects of the problem that can be easily formalized butdo not actually have a major influence on real-world design goals, which arenever authentication per se, but rather protection of user accounts andsensitive data. As an example of this disconnect, academic research oftenrecommends strict password-composition policies (such as lengthrequirements and mandating digits and non-alphabetic characters) despitethe lack of evidence that they actually reduce harm.We argue that critically revisiting authentication as a whole and passwords’role therein is required to understand today’s situation and provide ameaningful look ahead. Passwords were originally deployed in the 1960s foraccess to time-shared mainframe computers, an environmentunrecognizable by today’s Web users. Many practices have survived with fewchanges even if no longer appropriate. While partly attributable to inertia,this also represents a failure of the academic literature to provideapproaches that are convincingly better than current practices.Financial institutions engaging in any form of Internet banking should haveeffective and reliable methods to authenticate customers. An effectiveauthentication system is necessary for compliance with requirements tosafeguard customer information,3 to prevent money laundering and terroristfinancing,4 to reduce fraud, to inhibit identity theft, and to promote the legalenforceability of their electronic agreements and transactions. The risks ofdoing business with unauthorized or incorrectly identified persons in anInternet banking environment can result in financial loss and reputationdamage through fraud, disclosure of customer information, corruption ofdata, or unenforceable agreements.There are a variety of technologies and methodologies financial institutionscan use to authenticate customers. These methods include the use ofcustomer passwords, personal identification numbers (PINs), digitalcertificates using a public key infrastructure (PKI), physical devices such assmart cards, one-time passwords (OTPs), USB plug-ins or other types of“tokens”, transaction profile scripts, biometric identification, and others. (Theappendix to this guidance contains a more detailed discussion ofPage 3 of 22
Assignment on Biometric authentication_3
authentication techniques.) The level of risk protection afforded by each ofthese techniques varies. The selection and use of authentication technologies and methods shoulddepend upon the results of the financial institution’s risk assessmentprocess. Authentication methodologies involve three basic “factors”:oSomething the user knows (e.g., password, PIN);oSomething the user has (e.g., ATM card, smart card); andoSomething the user is (e.g., biometric characteristic, such as afingerprint).The risk assessment process should:oIdentify all transactions and levels of access associated with Internet-based customer products and services;oIdentify and assess the risk mitigation techniques, includingauthentication methodologies, employed for each transaction type andlevel of access; andoInclude the ability to gauge the effectiveness of risk mitigationtechniques for current and changing risk factors for each transactiontype and level of access.The security literature distinguishes between online attackers who mustinteract with a legitimate party to authenticate and offline attackers who arelimited only in terms of their computational resources.Superficially, offline attackers are far more powerful, as they typically canmake an unbounded number of guesses and compare them against a knownhash of the password. Yet many additional avenues of attack are available tothe online attacker: stealing the password using client-side malware,phishing the password using a spoofed site, eavesdropping the password asit is transmitted, stealing the password from the authentication server,stealing the password from a second authentication server where the userhas reused it, and subverting the automated password reset process.A critical observation is that strong passwords do not help against any ofthese other attacks. Even the strongest passwords are still static secrets thatcan be replayed and are equally vulnerable to phishing, theft, andPage 4 of 22
Assignment on Biometric authentication_4
eavesdropping. Mandating stronger passwords does nothing to increasesecurity against such attacks.Biometric is one authentication method. It consists in identifyingpeople by recognizing one or several physicals characteristics. It is probablyone of the future main solutions for providing authentication. There areseveral types of authentication, based on different aspects of a user,authentication can be based on:oWhat this user has, for example a key.oWhat this user knows, for example a password.oWhere this user is, for example IP-address.oWhat this user is: biometrics methods.Page 5 of 22
Assignment on Biometric authentication_5
TYPES AND DESCRIPTION OF BIOMETRICS1. PHYSIOLOGICAL BIOMETRICoFingerprintsoEyes oDNAoFace oHandprintsoVoice2. BEHAVIORAL BIOMETRIC oSignature oGait oKeystrokes Advantages of the biometric authenticationThe Biometric authentication has several advantages. First, the biometricsauthenticates only people. It cannot authenticate computer as the classicalauthentication methods which are based on IP address or public key. ThePage 6 of 22
Assignment on Biometric authentication_6

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Biometric in Secured e-Transaction
|5
|824
|421

Information Security: Confidentiality, Integrity, Availability, Biometric Authentication, and Cipher
|6
|1396
|129

Biometric Verification
|4
|678
|29

Ethical Issues of Biometric Technology in the Workplace
|32
|6641
|83

Information Security Questions 2022
|5
|2158
|34

Smart-connected Products and its Opportunities and Threats to Commonwealth Bank
|9
|954
|70