Authentication

Authentication is the process by which a user, platform, service or software establishes its identity with another agent. Authentication of services (e.g., e-commerce web sites) is typically done by the public key of the service, certified by a certificate authority. Authentication of downloaded software (e.g. by Microsoft authenticode) is typically done by signing (a hash of) the software with, again, a certified key. In the case of user-to-machine authentication, typical methods include passwords, bank card PINs, smart cards, and RSA-type key fobs.

Authentication of users

This lecture focusses on authentication of users. Authentication methods should be

Accurate: the autheiticating user is correctly identified
Reliable: the user succeeds in offering her identity
Non-transferable: a user cannot accidentally or deliberately give her credentials to another user.

Authentication and Authorisation

They are different. Authentication is about verifying the identity of the user. Authorisation is about deciding whether the user (once identified) should be granted access to particular resources. This lecture is just about authentication. Later, we look at authorsation.

Methods of authentication

Authentication may be based on

Something that you know, e.g. password, bank PIN

It has the problem that things that you know can be accidentally or deliberately passed to someone else. The potential damage of such transfer may be limited by the possibility of rendering the transferred knowledge useless by changing the password, PIN etc.

Something that you have, e.g., smart card, bank card, RSA-type key fob.

Again, it may accidentally or deliberately be transferred. Again, the damage done by such transfer can be remedied by cancelling the device, or physically recovering it.

Something that you are, e.g., your fingerprints, iris, voice. This is so-called biometric authentication.

This cannot easily be transferred to someone else, so in theory it is the ideal means of authentication. It has some other problems, however.

Since these modes of authentication each have advantages and disadvantages, in some situations one may use "two factor" or "multi-factor" authentication. For example, for withdrawing money you use your bank card (something that you have), and your PIN (something that you know). If an attacker has only one of these, he cannot withdraw money from your account.

Passwords

Passwords are by far the most common means of authentication in computing, because they require no special hardware. But they have many disadvantages.

Humans often pick weak passwords, vulnerable to dictionary attacks.

E.g., attacker can try all 10,000 possibilities on your bank card.

To avoid this possbility, bank machine will typically disallow more than 3 attempts.

E.g., attacker can try all 20,000 commonly-used passwords, writing a program to automate the attack.

Unix machines typically delay 1 second before allowing password retry. Other systems may lock out users that make too many false attempts (resulting, of course, in more calls to the helpdesk), or present users with CAPTCHAs to slow the user down.

If forced to pick stronger passwords (e.g. by systems which insist on a mix of alpha, numeric and punctuation symbols), people may have difficulty remembering their password and need to write it down. The cliche is that they will put it on a post-it sticker on their computer screen. Thus, attempting to achieve greater security can actually result in worse security.
Passwords may subject to eaves-dropping: network intermediaries that transmit the password can steal it.

E.g., the password you use to maintain your web pages may be sent in the clear, if your system uses ftp. Telnet is another (old) program that sends passwords in the clear. Better systems encrypt the password during transmission, as done e.g. by SSL (https) and ssh.

A user should not use the same password for different services, because in doing so she enables each service to authenticate as her to another one.

E.g., if you use the same password on hotmail as you do for your bank account, then a hotmail employee can authenticate as you to your bank.

Passwords can be stolen by one system masquerading as another.

Hence, it is important to authentice the service requesting your password.

They can also be stolen by keyloggers (whether hardware or software), or malware.

One way to mitigate this is with keypads that appear on the screen with random ordering of the numbers.

Challenge-response systems

They are like passwords, but better because they address the problems of eaves-dropping, and masquerading, and password theft. They work as follows. At registration time,

User initialises her passphrase, e.g., "MakePovertyHistory"

At login time,

System picks some random numbers between 1 and the length of the passphrase, e.g., 5, 6, 17, and invites the user to cite the corresponding characters of the passphrase.
User cites the corresponding characters, in this example "P", "o", "r".

It is a bit more complicated for the user, but has the advantage than an eavesdropper or keylogger would take many sessions to find out the whole pass phrase.

Competition

Suppose the passphrase has 20 characters, and the system asks for three randomly chosen characters each time, as in this example. How many sessions must an attacker observe in order to have a 50% chance of having obtained the full password?

Smart cards

Smart cards are tamper-resistant devices with a small amount of memory. Usually they also have a processor, and are capable of carrying out computations, such as encryption/decryption and digital signing. Smart cards are designed to be impossible to duplicate. They're a good way of autheiticating users, provided you are happy with their transferability. Of course they can be used in conjunction with PINs or passwords to reduce their transferability.

Although bank cash point cards are typically smart cards, the authentication to cash point machines is typically done using the magnetic strip rather than the smart card. This is much less secure; the magnetic strip can easily be copied.
Credit cards are typically smart cards, and the authentication is usually done via the smart card. The smart card processor knows your PIN. The terminal asks for your PIN, and sends it to the card. The card verifies whether the PIN is correct.
MIFARE cards (made by NXP Semiconductors) are contactless (wireless) smart cards that are widely used to authenticate users. For example:

The London Underground Oyster Card is a MIFARE Classic card. Many other transportation cards are also MIFARE Classic, e.g.the OV-Chipkaart in the Netherlands.
The id cards at Uni of Birmingham are wireless smart cards that also have a magnetic strip.

Magnetic strip used sometimes, e.g. building entry
Smart card used sometimes, e.g. payment.

NXP claims 500 million cards and 5 million readers sold worldwide.
The MIFARE Classic has recently been shown to have vulnerabilities, which can be exploited on the Dutch and London transport systems.

RSA key fobs

They are battery powered and display a sequence of numbers, typically 6 digits in length, changing every 10 seconds. When you authenticate to a remote server, you type the number currently displayed on the keyfob. The server is generating the same sequence of numbers, synchronised with the key fob. Usually, typing the previously displayed number or the next number is accepted, to allow for the fob and the server getting out of synch. The server may try to compensate (slow down or speed up the sequence for a user) if the fob is going too slow or too fast. Useful if presence of a smart card reader can't be assumed, e.g., authenticating from an internet cafe.

Key fobs work by displaying a substring of H(i), then of H(H(i)), then of H(H(H(i))), . . ., and so on, where i is some initial value and H a secure hash function. The initial value of i should be kept secret. Only a substring of the output of the hash value should be displayed, to avoid an attacker generating the sequence by applying H successively to the number displayed.

Biometric authentication

Biometrics Biometrics at disney

(ancient Greek: bios ="life", metron ="measure") is the study of automated methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioural traits. In contrast with probably every other method of authentication, biometric authentication aims to be completely non-transferable.

Examples of physical characteristics include fingerprints, eye retinas and irises, facial patterns and hand measurements, while examples of mostly behavioural characteristics include signature, gait and typing patterns. Voice is considered a mix of both physical and behavioural characteristics.

Operation

Enrollment: a user registers with the system when one or more measurements of her biometric data are obtained. Each such measurement is then processed by some algorithm to obtain a "template", and stored in a database.
Authentication: a user first identifies herself to the system, and again the biometric data of the user is captured again, and processed into a digital template. That template is then compared to those existing in the database to determine a match. This matching process is approximate. If the biometric data presented matches one of the stored ones, the user is allowed access.

As mentioned, during authentication the user usually declares her identity, and the system verifies it. This is called verification. One can use biometrics to perform identification instead of just verification, but this is computationally much more expensive because the matching algorithm (which is costly) has to be run much more often.

The matching algorithm is typically complicated, and inexact. No two measurements of a person's biometric data will match exactly. To address this problem

At enrollment time, multiple measurements are taken and transformed into templates, and a match with any of them is considered a success.
Some tolerance is built in to the matching algorithm, but of course it is quite difficult to know how much.

Biometric systems work best in supervised situations, e.g., airports, retail, where the possibilities of defeating the system by misusing it are reduced. The challenge of using biometrics in unsupervised situations, e.g. authentication over the internet, has not really been addressed.

Kinds of biometric systems

Fingerprints

Fingerprints are converted into a template by identifying the relative positions of minutiae, which are the ridge-endings and ridge-bifurcations (and perhaps other identifiable detail, such as deltas). In UK, fingerprints are required to match on 16 points (minutiae), and a UK police expert estimated that this will happen by chance only between one in 4bn and one in 10bn matches. Greece attempts 10 matching minutiae, Turkey 8.

But fingerprints wear out with age, especially for manual workers, and some (quite rare) people simply don't have them. They can also change, e.g. through injury.

Iris codes

Like fingerprints, the pattern on people's irises are apparently unique to every individual, and because they are protected by the eye's cornea, they don't wear out with age. A signal processing technique (called Gabor filters) has been found which extracts the information from an image of the iris to a 256-byte code. It involves a circular wavelet transform taken at a number of concentric rings. Two codes computed from the same iris will typically match in 90% of their bits. The number of equal bits is easily computed: just xor the codes together and count the number of zero bits. Iris false accept rates are very low; 0 in tests by the US Department of Energy [1].

Some systems that don't really work (yet?)

Voice recognition is hard because there are filters which can make a female voice seem male (useful for dealing with harassment calls), etc. In fact these could eventually be used by call centres to have the same "person" greet you every time you phone.
Face recognition currently has error rates that are too high.
Typing patterns, walking patterns ("gait"), etc.

Performance

In context, the performance of a biometric measure is usually defined in terms of

the false accept rate (FAR), or fraud rate: what percentage of times an invalid user is accepted by the system.
the false rejection rate (FRR) or insult rate: the percentage of times a valid user is rejected by the system
the failure to enroll rate (FTE or FER).

In real-world biometric systems the Biometric error rate tradeoff

FAR and FRR can typically be traded off against each other by changing some parameters. One of the most common measures of real-world biometric systems is the rate at which both accept and reject errors are equal: the equal error rate (EER). The lower the EER, the more accurate the system is considered to be.

Stated error rates sometimes involve idiosyncratic or subjective elements. For example, one biometrics vendor set the acceptance threshold high, to minimize false accepts. In the trial, three attempts were allowed, and so a false reject was counted only if all three attempts failed. At the same time, when measuring performance biometrics (e.g. writing, speech etc.), opinions may differ on what constitutes a false reject. If a signature verification system is trained with an initial and a surname, can a false reject be legitimately claimed when it then rejects the signature incorporating a full first name?

Some statistics scattered in [1, Chapter 13] (seems very hard to make direct comparisons):

	FAR	FRR	EER	Chance match
Fingerprint				1 in 4bn or 10bn
Iris codes	"0"		1 in 1M
Iris codes	1 in 1 trillion	1 in 10K
Facial features			10% or 20%
Hand geometry			0.1%-0.2%
UK bank target	1%	0.01%

A comparison of biometrics

The figure from Yun [2] compares several biometrics with each other against seven criteria. Comparison of biometrics

Universality describes how commonly a biometric is found in each individual.
Uniqueness is how well the biometric separates one individual from another.
Permanence measures how well a biometric resists aging.
Collectability explains how easy it is to acquire a biometric for measurement.
Performance indicates the accuracy, speed, and robustness of the system capturing the biometric.
Acceptability indicates the degree of approval of a technology by the public in everyday life.
Circumvention is how easy it is to fool the authentication system.

Yun ranks each biometric based on the categories as being either low, medium, or high. A low ranking indicates poor performance in the evaluation criterion whereas a high ranking indicates a very good performance.

Is biometric data secret?

Some authors express the concern that once a fingerprint or other biometric source has been compromised, it is compromised for life, because users can never change their fingerprints or other biometric data. This appears to be based on the misconception that biometric data should be considered secret, like a password, and therefore capable of being compromised. Biometric data is not secret, since everyone leaves their fingerprints on everything they touch, images of people's faces are in the public domain, etc.

Many vendors and system designers do not seem to accept this point and build systems which rely on the secrecy of biometric data.

Biometric data should not be considered secret, but devices should ensure liveness in order to guarantee against replay attacks. This can be achieved by

Supervised authentication, e.g., at airports or points of sale.
Clever engineering (e.g., fingerprint scanners that check for finger temperature, pulse, sweat etc) and trusted computing.

Other concerns

Privacy

All my transactions can be linked, e.g., my accesses to the sports centre can be lined to my banking records, to my employment records, to my email, etc. Other forms of authentication don't have this problem, because e.g. the identity I present to an email system is used only on that system. Identity theft may be enhanced by the frequent use of people's biometric identities.

Injury

Some believe this technology can cause physical harm to an individual using the methods, or that instruments used are unsanitary. Additionally, desperate criminals could kidnap or amputate fingers from individuals they wish to impersonate.

Exclusivity

Every biometric system will exclude some individuals, e.g. amputees, disabled people or people with congenital defects. Biometric engineers sometimes refer to such people as goats. But it is a serious issue, especially in politically sensitive situations. Backup systems have to be introduced, but they can also be problematic since they may cause embarassment to those having to use them, and can also be a target for villains who pretend to be disabled if the backup system is more vulnerable than the biometric one.

Remarks on probability

The Birthday "paradox" is the surprising answer to this question: how many people must I gather in a room in order to have a probability >0.5 that two of them share the same birthday? (We assume that the birthdays are distributed randomly.) The answer is lower than one might guess: 23. Compare that with this question: how many people must I gather in a room in order to have a probability >0.5 that one of them share the same birthday as me? The answer is much greater: 253.

Suppose there are N possible biometric templates, and suppose that individuals' biometric codes are randomly distributed in this space. Now take a set of n people.

How big does n have to be in order to have a probability >0.5 of someone in that set having a given template (say, the same one as me)? The answer is: n must be at least n = ln 2 / ( ln N - ln(N-1) ), which for large N is approximately N ln 2; thus, it is of order N.

How big does n have to be in order to have a probability >0.5 of two people in that set having the same template? The probability of no duplicate is

(N-1)/N * (N-2)/N * . . . * (N-n+1)/N	=	(1-(1/N)) * (1-(2/N)) * . . . * (1-((n-1)/N)
	<	e^-1/N * e^-2/N * . . . * e^-(n-1)/N
	=	e^-n(n-1)/2N

The middle inequality comes from 1-x<e^-x. Setting this to be 0.5, approximating n(n-1) as n² and solving for n gives n=sqrt(N ln 2), i.e. of order sqrt(N).

Putting this into context, suppose there are 1 billion values of a particular biometric, and suppose again that the values taken by individuals are uniformly distributed. Then n=693,147,100 to get a 0.5 chance of matching with a given individual. But n=26,327 to get a 0.5 chance of finding two matching people.

References

[1] Ross Anderson, Chapter 13 of Security Engineering. Wiley, 2001. Chapter 13 (Biometrics) [2] Yun, Yau Wei. The 123 of Biometric Technology, 2003. http://www.itsc.org.sg/synthesis/2002/biometric.pdf

Some more refs

US General Accounting Office Technology Assessment: "Using Biometrics for Border Security"
Schneier's note on biometrics
Slides from a talk by Matsumoto, "Fooling Fingerprint Sensors"
Fuzzy Extractors, Reyzin et. al
A Fuzzy Vault Scheme, Juels and Sudan
Slides from a talk by Juels, "Fuzzy Vaults: Towards Secure Client Side Matching"