Under lock and key – keeping sensitive data where it belongs

FEATURE

CSSC The Centre for Science, Society and Citizenship (CSSC) is an independent, nonpartisan, human impact research company specialising in the social, cultural and ethical implications of emerging technologies in various fields (eg, homeland security, biometrics and e-ID, smart ambient, ubiquitous computing, cloud computing, disaster preparedness, public health, eInclusion). CSSC’s track record of research, partnering and networking has made it a leading European institution in the area of science and society. CSSC serves as a member of the Fundamental Rights Platform of the Fundamental Rights Agency of the European Union (FRA). The Centre is also a member of the European Association of Centres of Medical Ethics (EACME) and of the International Association of Bioethics (IAB). CSSC is an associate member of the Italian Confederation of Education and Knowledge Companies (Assoknowledge), where it leads the sector group on biometrics. CSSC carries out its work in several ways, including studies, publications, training and coordination of multicenter research projects. For more information, go to: www.cssc.eu

addressed in the international arena, but also pointed out that, rather than the strict regulation of a virtual and ubiquitous environment, the bottom-up approach based on building private and public awareness on cyber-risks and cyberopportunities still remains the best option.

Conclusions: a debate to be continued Emerging technologies could act as strong empowering tools, but their deployment often raises critical ethical and policy issues that need to be constantly addressed. While setting and implementing security policies, such as the inclusion of biometric technologies in e-ID documents and the creation of centralised online databases, or the deployment of body scanners at airport security checkpoints, the rationale for political decisions must be strongly linked to fundamental human rights and freedoms. The real and critical question is: what kind of society do we wish to live in? The RISE workshop addressed the need to create a new sense of responsibility for individuals and states, in order to find the balance between security, privacy and other fundamental human rights. In the European Union, a uniform approach to the definition of security priorities, as well as the man-

agement of e-identities, needs to be further developed. In these tasks, the involvement of relevant stakeholders in a constant, multi-disciplinary, international debate plays a crucial role: the dialogue initiated during the March workshop will continue during the next RISE workshops, to be held in September and December 2010.

About the author Silvia Venier has a background in international political sciences (University of Trieste) and serves as a research assistant at the Centre for Science, Society and Citizenship, where she is in charge of the RISE and HIDE projects.

References 1. India’s UID programme: http://uidai.gov.in 2. Decision Nº 922/2009/EC of the European Parliament and of the Council of 16 September 2009 on Interoperability Solutions for European Public Administrations (ISA) 3. Stork: www.eid-stork.eu 4. HIDE: www.hideproject.eu 5. European Parliament Resolution of 23 October 2008 on the impact of aviation security measures and body scanners on human rights, privacy, personal dignity and data protection, RSP/2008/2651

Under lock and key – keeping sensitive data where it belongs >ۈ`Ê/ˆ˜}]ÊvœÕ˜`iÀÊ>˜`Ê /"]Ê“«ÀˆÛ>Ì> The growth in demand for biometrics as a factor of authentication stems from Ìܜʓ>ˆ˜Ê>Ài>ÃÊqʅ>À`i˜i`ÊÃiVÕÀˆÌÞÊvœÀÊVœ“«ˆ>˜ViÊ>˜`Ê}Ài>ÌiÀÊi˜`‡ÕÃiÀÊVœ˜‡ venience. As security threats grow and security regulations become more rigid, œÀ}>˜ˆÃ>̈œ˜ÃÊ>Àiʈ˜VÀi>Ș}ÞÊV…œœÃˆ˜}Ê̜ʈ“«i“i˜ÌÊLˆœ“iÌÀˆVÊ>Õ̅i˜ÌˆV>̈œ˜Ê ̜ʫÀœÌiVÌÊ`>Ì>Ê>˜`ÊVœ“«ÞÊ܈̅ÊÀi}Տ>̜ÀÞÊ`i“>˜`Ã°Ê Authenticating each user before he or she is granted access to the corporate network is a challenge that faces CIOs across the globe on a daily basis. With the threat of data theft and hacking rife, organisations know they need to improve security at the point of access, whether this is from inside the organisation’s building or from mobile devices that are playing an increasingly pivotal role in the modern business IT infrastructure. The trend towards 10

Biometric Technology Today

using externally hosted web applications will only further increase the password headache for end users and administrators alike. Technologies such as Single Sign-On are being widely adopted in organisations where it is clear that the number of passwords the user has to deal with every day has spiralled out of control. However, this kind of technology is most effective when combined with strong authentication devices that include fingerprint

David Ting

biometrics as well as smartcards and password tokens. This results in two-factor authentication that can increase security and improve workflow if the right method of authentication is selected in the right environmental setting.

Huge flexibility The biometric scanners we see today offer huge flexibility and come mounted on keyboards, notebooks, electronic door locks and safes. They are often direct imaging silicon sensors capable of producing high-quality images with a very small footprint, differing hugely from the earlier generations of fingerprint scanners that were only commonly adopted on civil biometrics programmes.

May 2010

FEATURE These older optical devices used video cameras, mirrors, prisms and lenses to obtain an image of a fingerprint and found it difficult to capture prints under all conditions. Combining modern biometrics technology with password authentication therefore has a strong value proposition, particularly as more and more industry and government regulations require two-factor authentication and audit trails for access reporting. The convenience of using a simple finger swipe or touch to access all the applications you need each day is huge – especially if the user is required to repeatedly logon and logoff. The fundamental idea behind biometric systems is that while you could share your password, a password token or even a swipe card, you can’t share your fingerprint: thus biometric devices have built a solid reputation for being one of the strongest and most accurate ways of authenticating a user.

“The benefit of biometric authentication extends to the flexibility of the authentication modality to provide greater security, whether accessed through the network locally, via remote VPN, or while working offline.” Unlike a card, token or password, a biometric print is extremely difficult to duplicate and this security has offered enterprises of all sizes a unique level of authentication. Additionally, as many leading PC vendors now include highquality biometric readers as standard on laptops, these devices can be integrated with access-management solutions simply and inexpensively. The benefit of biometric authentication, however, extends to the flexibility of the authentication modality to provide greater security, whether accessed through the network locally, via remote VPN or while working offline. With the biometric readers now being offered on laptops by Dell, Lenovo, HP, Fujitsu, Panasonic, Motion and other manufacturers (which use embedded UPEK or Authentec swipe sensors, as well as support for external UPEK and Authentec USB readers that organisations can mix and match on workstations

May 2010

or personal desktop machines) users can now select the device to suit their needs, at a price point that matches budget restrictions. Although security and cost remain primary concerns at management level, an increasing number of businesses now realise that the success of any access security infrastructure is ultimately determined by the rate of adoption by the user. The technology in place needs to fit seamlessly into the working practices of the staff, enhancing workflows and making life easier wherever possible. If this simplicity can be achieved, and the authentication process is not onerous for users, there will be no temptation to cut security corners when accessing confidential data. Even the best security measure can be defeated by end users if it is seen as cumbersome or interfering with user productivity. After all, users are not measured based on whether they have been security conscious, but on how productive they have been at their primary function. With this in mind, biometrics as a form of authentication has yet another benefit. Biometrics are very quick and easy to use, and unlike proximity cards and readers, a user’s biometric cannot be easily lost or forgotten – common complaints with device-based tokens.

Key points There are other key points that should also be considered when exploring biometrics as a method for authentication: UÊ ˜ÃÕÀiÊ̅>Ìʅˆ}…‡i˜`ʈ“>}i‡«ÀœViÃȘ}ÊÌiV…nology is embedded into the commercial product you are looking at – there are many solutions out there, and some cost more than they should, so keep an eye out for the balance between cost and system capabilities. UÊ œœŽÊ vœÀÊ ÃœṎœ˜ÃÊ Ì…>ÌÊ ˆ“ˆÌÊ v>ˆÕÀiÊ À>Ìi]Ê œÀÊ ‘False Accepts’ and ‘False Rejects.’ Although it is impossible to guarantee that there won’t ever be a false accept, keeping the rate better than 1 in 1 million is important. Some personal-use systems, for example, provide a false acceptance rate of only 1 in 1,000 – good enough for home use but certainly not for enterprise use.

UÊ œÀÊ “œÃÌÊ i˜`‡ÕÃiÀÃ]Ê >Õ̅i˜ÌˆV>̈œ˜Ê ˆÃÊ Ãœ“ithing they want to get done quickly so they can get their job done, so identification or authentication speed is paramount. Acceptable time for authentication (where you enter a user name) should be within 1 second and identification (where you don’t enter a username), within 2-3 seconds. Consider the verification speeds of integrated Single Sign-On biometrics solutions and do a head-to-head comparison of the best options. UÊ œVÕÃÊ œ˜Ê ܏Ṏœ˜ÃÊ Ì…>ÌÊ V>˜Ê …>˜`iÊ >Ê Üˆ`iÊ range of finger image presentation with a higher degree of accuracy. Users don’t put their fingers at the same angle, position within the sensor or swipe the same way as they did during enrolment, so having a robust solution that can handle variability ensures user adoption. Test the system to see what finger placements are allowed to gauge the user experience – try placing the finger at a different angle or swipe at different speeds. Test with dry, moist, dirty, or oily fingers and above all, try using it by touch alone with your eyes closed.

Compromised computers It is safe to assume that a determined or knowledgeable hacker will be able to break the password logon for a lost computer using a variety of ‘recovery tools’ designed to crack the offline store of hashed passwords used for local authentication. These tools rely on sequencing combinations of passwords until they match the stored hash codes associated with the original user password, and because of the lack of entropy or randomness in most passwords, they are extremely effective and surprisingly quick. Complex passwords made with random characters, interspersed with special characters and numbers take considerably longer to break but many users don’t use complex passwords because they are difficult to remember – especially if they have to be changed frequently. Once the Window’s password is ‘recovered’ it is easy to log on to the computer to gain access to even encrypted Windows folders on the machine and potentially join the computer to the corporate network. This is why it is mandatory to change the user’s domain credentials as soon as possible when a computer is stolen. Any computer that is lost should be assumed to be compromised and appropriate security precautions should be taken Continued on page 12...

Biometric Technology Today

11

NEWS/COMMENT ...Continued from page 11 to review access logs and to change appropriate account logons for the affected user. Biometric authentication compares the biometric data for an unknown user against one or more reference data captured during user enrolment. The matching algorithm converts a captured image – eg: of a finger – to a digital signature that is then used in a fuzzy comparison against the enrolled data. The large number of pixels involved in the image (several hundred Kbytes) together with the randomness of the finger being scanned results in the creation of, effectively, a long ‘password’ with a significant amount of randomness. This makes the biometric password extremely difficult to recover using brute force attacks. In effect this task can be compared to trying to create an image of a fingerprint by systematically setting pixels in an image to different grey values until a print is generated and compared. Of course this also assumes that you can gain access to the enrolled fingerprint data, which can either be totally server resident or be encrypted and stored locally. All this is considerably more difficult than downloading a password recovery tool and letting it go on a file of hashed passwords. When securing mobile devices, passwords have to be particularly complex to thwart cracking and yet most users don’t use strong passwords because they’re inconvenient. This creates a challenge not only for the primary Windows logon but also applications served out over the intranet – or, with increasing popularity, via Software as a Service (SaaS) providers. When it comes to protecting the corporate network, the challenge is therefore to use accessmanagement tools that can delegate the creation and entry of complex passwords and isolate the user from knowing about the password in the first place. These tools, layered with strong authentication such as biometrics, which secure access to the Windows log-on, provide additional security and – in the event that the machine is lost – offer a higher barrier to systematic cracking. This ultimately means more protection for the end-user and the sensitive data at hand.

About the author David Ting is the founder and CTO of Imprivata (www.imprivata.com). He has more than 20 years experience in developing advanced imaging software and systems for high-security, high-availability systems and was named one of Infoworld’s Top 25 CTOs of 2006. Prior to founding Imprivata, he developed biometric applications for government programmes and web-based applications for secure document exchange. He holds six patents and has several patents pending. Ting regularly blogs at Identity 360 – blog.imprivata.com 12

Biometric Technology Today

border control ...News continued from page 5 recognition technologies typically being used in small-scale projects. The cost per scan in India’s ambitious scheme to produce biometric IDs for all 1.2 billion citizens will be much lower, UIDAI says, due to economies of scale. This will help bring down the cost of both hardware and software, it asserts. The paper also says that iris scanning is a necessity. In the kinds of environments in which biometric enrolment will take place, it believes that fingerprint scanning will not achieve the level of quality necessary to ensure uniqueness and bring false acceptance rates down to an acceptable level. “The logistics of going back and re-enrolling residents [where] the biometrics set is insufficient would be unacceptable,” it said. The UID project itself has also undergone a name change. It was thought that the UID acronym was too abstract and confusing, and the programme will now be known as Aadhaar (chosen because it works in all regional languages).

Pakistan and Afghanistan to use biometric border system

T

wo key border crossing points between Pakistan and Afghanistan will be equipped with biometric ID systems, according to a joint statement issued by the two countries’ governments. The two countries share a 2,000km border, but Torkham and Chaman are the official crossing points recognised by both sides. People who live close to the border are accustomed to moving freely across it but Afghanistan has complained that its people are being hindered by Pakistani border security officials while militants frequently move into the country from Pakistan. However, it’s Afghanistan that has been reluctant, until now, to implement more formal monitoring systems. The move to implement a biometric system follows talks in Dubai and forms part of the G8 Afghanistan Pakistan Border Region Prosperity Initiative that was also agreed there.

COMMENT Immigration reforms proposed by US Senators Charles Schumer (D) and Lindsey Graham (R) have certainly set the cat among the pigeons. The senators want to introduce biometric Social Security cards as a way of preventing illegal immigrants from getting jobs. The other three parts of their four-pillar programme are: “Fulfilling and strengthening our commitments on border security and interior enforcement; creating a process for admitting temporary workers; and implementing a tough but fair path to legalisation for those already here.” There’s plenty of room for heated debate in any one of those proposals. But it’s the idea of introducing what would, in effect, be a biometric ID card that has boosted the blood pressures of pundits and activists across the political spectrum. The proposals would require all workers in the US to carry a smartcard encoded with their fingerprints, which could be matched against a central ‘work authorisation’ database. Right-wingers see creeping government control. And so, for that matter, do the lobbyists and civil liberties activists who would normally find themselves on the other side of the argument. For example, the American

Civil Liberties Union (ACLU), the American Libraries Association and about 40 other groups and individuals signed a joint letter sent to the White House urging the abandonment of the reforms and characterising the introduction of biometric ID cards as an invasion of privacy and a worrying extension of government powers, as well as being risky and expensive. It calculated the cost at $285bn. “A National ID would not only violate privacy by helping to consolidate data and facilitate tracking of individuals,” said the letter, “it would bring government into the very center of our lives by serving as a government permission slip needed by everyone in order to work.” The bill is still in the draft stages and is likely to run into opposition at many levels. For example, it supports the Immigration and Customs Enforcement (ICE) programme, used by police forces to check the fingerprints of anyone they arrest against a central database to check the person’s immigration status. ICE has come in for a lot of criticism even as it is being rapidly adopted by an increasing number of police departments. Immigration reform was always bound to be a touchy subject. But it seems that the introduction of biometrics into the debate has significantly increased the ferocity of the argument. Steve Mansfield-Devine

May 2010