Wikileaks and biometrics

Among the cables obtained by WikiLeaks are several that point to the State Department's directive to embassy staff to collect human intelligence on foreign diplomats, including biometric information. Without knowing specifically what was asked for (I have not read the cables in question) this touches on the fear of biometric collection being done covertly potentially compromising any information.

It is important to know that many biometrics are already exposed: face, iris, DNA, fingerprints, and voice. Vein scanning and retina, which operate on information found on the inside of the body are not casually exposed.

Obviously the easiest biometric for diplomats to take would be face via simple camera snapshot. Think of all the pictures diplomats pose for. If some of the camera used were near-infrared they could also try to capture iris. Iris works best in the near infrared, which some cameras can do, but there is information that can be gleaned from the visible spectrum as well.

It would be harder but not impossible to collect fingerprint or DNA data. This type of collection would most likely be forensic in nature; capturing whatever the person of interest left behind. For example, if they used a glass to drink water from it could be dusted for fingerprints.

Individuals may wonder if similar types biometric pilfering could be used against them if a national ID was enacted. It would be highly doubtful. First the enrollment systems would capture much higher quality information from cooperative subjects than can be gleaned at a covert manner. This higher quality allows a greater threshold to be applied when distinguishing individuals. Additionally any national identity would most likely use a key binding scenario to enmesh a cryptokey with the biometric at time of enrollment. This would prevent forgeries from being used to spoof systems. These preventions along with various liveness tests, and PIN backup (to provide 3 levels of assurance) could be used to make systems secure.

Stick it in your ear

The tubular crest that runs over the top of your ear is known as the helix. It's quite distinctive, even if it doesn't posses the pointy bit that proves you're descended from a monkey (lookup Darwin's tubercle), or a Vulcan. Best of all, it doesn't change as you age, unlike the iris, which along with the face are the most popular means by which machines recognize humans.

The problem is, getting a computer to find and recognize the ear. Fortunately, researchers in the School of Electronics and Computer Science of the University of Southampton have come up with a means for identifying ears with a success rate of 99.6%

 

Iran admits its nuclear facilities are under massive cyberattack

A few months ago I commented on the need to integrate security for the home as the country moves towards a smartgrid. Iran is feeling the pressure of a cyber attack directed at its nuclear program. It would not take a leap of thought for something of this magnitude to hit either the US Grid itself, or individual homes

Iran has confirmed that 30,000 computers in the country's power stations, including the nuclear reactor in Bushehr, have been attacked by the Stuxnet worm; the Stuxnet worm is described by experts as the most complex piece of malware ever designed; once Stuxnet gains access to a plant's computers, it hunts out specific software that controls operations such as the opening and closing of valves or temperature regulation; by halting those processes it can cause extensive damage to nuclear power stations, power grids or other industrial facilities; the high number of infections in Iran have led experts to conclude that the worm may have been designed in the United States or Israel to disable Iran's controversial nuclear facilities

http://homelandsecuritynewswire.com/iran-admits-its-nuclear-facilities-are-under-massive-cyberattack

For more information on the SmartGrid you can check out the NIST Smart Grid Report: http://www.nist.gov/smartgrid/

A little more about Apple's patents for biometrics

Apple is seeking new patents for technologies that may use advanced biometrics to protect i-devices (iphone and ipad for now). Biometrics to protect laptops and phones isn’t brand new: many models use fingerprint and voice print security, and some even venture into facial or iris scanning and recognition . Apple’s future system will go steps further than that by combining several 'soft' biometrics. Essentially, if implemented on a device, the technology could use stored information about not only the authorized user’s voice print, face and fingerprints, but also usage patterns (using keystroke modalities for example) and even heartbeat. Should the system suspect that the user is not the phone’s owner, in the case of theft, the device could lock out the thief and send an e-mail with the phone’s location and the thief’s photo to the authorized user. It could also inform the owner (and credit card companies and banks) of all activity conducted on the phone by the thief via call logs and keystroke information. Finally, to prevent the thief from using any information stored on the device for nefarious purposes, the system could save data on the phone to a remote location and then wipe the device clean, rendering it secure from data theft.

http://www.tmcnet.com/biomag/articles/96251-apple-filing-james-bond-style-biometricsecurity- applications.htm

Apple patent purchase points to possible biometric functionality

A new patent purchased by technology company Apple from three engineers in Oregon may point to a possibility of biometric capabilities in future devices from the company, according to a Macgasm article. The patent deals with utilizing fingerprint sensors embedded into flat-panel displays for authenticating identity. Such technology could lead to sensors being placed underneath the touch-screens that have become staples of Apples most prevalent devices.


There is a documented need to make collection devices simpler and less expensive while being lightweight and field ready. Many federal defense and law enforcement agencies have similar documented portable collection device requirements with slightly nuanced differences for various operational environments.  Additionally, the high training costs for current field equipment, as documented by US Customs and Border Protection, represent a significant hurdle for fielding devices effectively. It would be preferable if a ubiquitous device, already familiar to government agents, was leveraged to cut down on equipment and training costs.


Of course this leads to leveraging the iPhone as a collection device for fingerprints, through its flat screen, as well as face and iris, through the camera. In 2009, the National Institute of Standards and Technology (NIST) published guidance and operational requirements for Mobile ID devices that can be used for enrollment, identification and verification functions.  NIST also developed a prototype software interface application for the iPhone demonstrating how biometric services could be achieved.


With luck having Apple becoming involved with biometric collection will lead to a host of intuitive and easy to use equipment being fielded.


For more information please follow the link:http://www.thirdfactor.com/2010/08/12/apple-patent-purchase-points-to-possible-biometricfunctionality

Biometrics and Cloud computing

Booz Allen has done an expose of my work so far in leveraging cloud computing for biometrics databases. Try this link

or cut and past the below address

http://docs.google.com/fileview?id=0B1WbvgQfrYzaNzQxYTg2ZWUtY2I5ZS00NjBjLTkzYzAtNGYwNmI0ZGVkMjUy&hl=en

Presentation at West Virginia University

On April 12th I had the great pleasure of presenting to the Lane Department of Computer Science and Electrical Engineering (LCSEE) at West Virginia University (WVU).

Our discussion topic was the use of biometric systems by the federal government.

An excerpt of my presentation is hosted by Google Documents here PRESENTATION

Comments on the article "The right way to mend immigration"

My comments on the article "The right way to mend immigration" by Senators Charles E. Schumer and Lindsey O. Graham
Friday, March 19, 2010
You can read the article here:
http://www.washingtonpost.com/wp-dyn/content/article/2010/03/17/AR2010031703115.html?hpid=opinionsbox1

Biometrically the crux of the article focuses on the following paragraph "We would require all U.S. citizens and legal immigrants who want jobs to obtain a high-tech, fraud-proof Social Security card. Each card's unique biometric identifier would be stored only on the card; no government database would house everyone's information. The cards would not contain any private information, medical information or tracking devices. The card would be a high-tech version of the Social Security card that citizens already have. "

Upgrading the Social Security card is a wonderful idea. Too many illegal immigrants use existing numbers to falsify their identity and mask as legitimate workers. While public opinion may be out on the immigrant trying to earn a living (albeit being in the country illegally) the true owner of the Social Security number can be penalized by having their identity compromised, needing to pay taxes on behalf of the other worker, not to mention having utilities, credit cards, and other services opened to a false identity. This form of identity theft can be quite damaging to the victim.

I applaud the efforts recognizing that it is too easy to learn the 8 digit code, a social security number, that unlocks a world of services within the United States.

The Senators are not aware of the conditions of establishing a unique biometric identifier. It needs to be collected, enrolled, validated and generated somewhere: i.e. a database. Not allowing the government to store in a secure database would cause the necessary information to be kept on commercial enterprises which are going to be less secure. Authenticating only to the card would trigger a great production of counterfeit cards that would send back a positive match; which would certainly raise the bar for fraudulent documents but not eliminate it.

Most importantly the Senators seems to overlook an important fact: If we suspect that 11 million immigrants are already in this country working illegally (let’s assume all of them have jobs) we are still talking about less than 3% of the working population. Burdening 97% may be too much for the public to bear.

Personally I favor national biometric identity cards; but let's plan for that being what it is and what it could do in terms of replacing many of the existing state and federal breeder documents such as Social Security Cards, Driver's Licenses, Sheriff's IDs, and a host of others. Creating something that would enable more services, rather than restrict for a few, is the right way to go and gain public acceptance. Dare I say, even enthusiasm.

Fake fingers from China

These images are from internet-based businesses in China. They are advertising a series of finger attachments complete with random fingerprints. The purpose is to provide people with a method of defeating fingerprint identification ranging from time/attendance to border access. The price is $15 US per unit.


I have no idea what level of sales have been achieved or what level of usage is occurring. It’s interesting that the average person on the street can obtain the product. It makes me wonder how far state-sponsored efforts have progressed.


The image of the simpler wrap shows a method that claims to pass liveness testing. I cannot be for certain if any of the products would spoof modern readers although that is clearly the intent. A person could slip on the fingers and then use a fingerless-glove, bandages, or something else to hide the prosthetic.


Like pirating, we are starting to see the escalation between security and countermeasures.

New Hampshire bill would ban biometrics in ID cards

Acting out of concerns for residents' privacy, the New Hampshire Legislature is considering a bill that would ban the use of biometrics data in identification cards. But at least two trade groups oppose the legislation, saying biometrics technology has a number of security benefits, namely around ID management. The bill would prohibit biometrics data, including fingerprints, retinal scans and DNA, from being used in state or privately issued ID cards, except for employee ID cards. In addition, it would ban the use of ID devices or systems that require the collection or retention of an individual's biometric data. Under the bill, biometric data would also include palm prints, facial feature patterns, handwritten signature characteristics, voice data, iris recognition, keystroke dynamics and hand characteristics.

http://www.scmagazineus.com/new-hampshire-bill-would-ban-biometrics-in-id-cards/article/163509/

Denying an entire technology, even a disruptive one, seems a little draconian. I agree that any biometric implementation should have privacy concerns woven in from the start. Perhaps the legislation should focus on assuring protection, rather than prohibiting technology. I am sure that many of the residence of New Hampshire would want a new Passport (with biometric enabled microchip) or perhaps those who have trouble remembering their bank PINS could use an alternative (biometric). 

Tapes used to spoof fingerprint readers. Need for film detection for fingerprint readers

Tapes used to spoof fingerprint readers. Need for film detection for fingerprint readers

Two South Korean women have managed to fool Japan’s expensive biometric border-control system by using special tapes on their fingers; the invisible tape carries the finger prints of another person, and the South Korean broker who supplied the tape also provided false passports to go with it.

You can read about the incident here: http://homelandsecuritynewswire.com/japanese-biometric-border-fooled-tape

Many fingerprint readers now have some liveliness testing incorporated. In its simplest form this would be an observer confirming that the presented finger belongs to the applicant. There are electronic liveliness checks as well such as detection of blood vessels, temperature, and even perspiration changes along the fingerprint ridges.

Much has already been done for counterfeit iris detection based on texture analysis to detect when individuals are wearing contact lenses. In summary the 'ridge' of the lens is detected; although there are many ways to find this including the use of the infrared spectrum.

Links on iris detection are as follows:

1) figment.csee.usf.edu/~sfefilat/data/papers/TuBT6.1.pdf
2) www.nd.edu/~kwb/RingBowyerBTAS_2008.pdf

It seems that similar research needs to be incorporated into fingerprint scanners, to deter the circumvention by use of tapes. Tape ridges, or their material, could be detected through an application of additional spectrum analysis instead of pure pressure sensors currently available in most fingerprint reader models.

Fun news for fingerprinting

Priest checks fingerprints for mass attendance
Reuters Fri Jan 29, 11:46 am ET

WARSAW (Reuters) – A Polish priest has installed an electronic reader in his church for schoolchildren to leave their fingerprints in order to monitor their attendance at mass, the Gazeta Wyborcza daily said on Friday.

The pupils will mark their fingerprints every time they go to church over three years and if they attend 200 masses they will be freed from the obligation of having to pass an exam prior to their confirmation, the paper said.

The pupils in the southern town of Gryfow Slaski told the daily they liked the idea and also the priest, Grzegorz Sowa, who invented it.

"This is comfortable. We don't have to stand in a line to get the priest's signature (confirming our presence at the mass) in our confirmation notebooks," said one pupil, who gave her name as Karolina.

Poland is perhaps the most devoutly Roman Catholic country in Europe today and churches are regularly packed on Sundays.

(Reporting by Kuba Jaworowski, editing by Paul Casciato)

Secure Credentialing in Concert with RFID

Secure personal identification combined with the tracking capabilities of RFID will soon transform secure shipping and cargo transport. Through the use of secure and speedy authentication, organizations can add extra layers of security that overcome the current holes in RFID implementations, and allow a greater acceptance from the public for implementation. Coupling cargo tracked with RFID and the capabilities of a credential with Secure ID capabilities will mean that all cargo and all personnel are accounted for and linked together in real time. Administrators will know the last authorized handler of each piece of cargo, where the cargo is in real time, detect deviations en route, and be assured that only those people who are authorized can access sensitive freight, tracking people’s actions and cargo location together.
Shared technologies will allow:
Data Privacy Protection:

• Users can have differentiated access to read the information on the RFID tag based on privileges held in their card. RFID tags created according to scramble number schemes can be used in concert with smart card capabilities; only those tags to which users have been given “rights” will be seen, added to cargo lists, or be shipped to certain geographic locations.  This allows individuals to control data collection and sharing while preventing covert tracking and profiling applications based on package content.  

Linking People to Cargo

• Cards used for access to vehicles or facilities can be matched against cargo RFID to automatically reconcile cargo itineraries against known cargo and personnel movements.  By linking people’s locations with RFID cargo locations, administrators can reduce fraud and determine the who, when and where if any package loss occurs.

 Local Authorization for Inventory Movements:

• Smart cards can act as secure, digital lists of instructions, inventory, and package recipients, allowing people who sign for packages to be verified through the use of PKI, biometrics and other digital means.  If RFID packages are moved by an unauthorized person, future privileges of that user can be locked, and flags can be raised to administration.

Package- and User-based Physical Access:

• Biometric IDs, RFID and GPS position transmitters will work together to allow secure access only to authorized persons with authorized cargo at only intended destinations.  Through biometric authentication to truck ignition systems, administrators will be assured that trucks stay within specified corridors on their way to the cargo’s intended destination, know who is driving, and even remotely disable and lock trucks that deviate, have wrong users or wrong cargo

Scenarios where this combination of technologies may soon be applied include HAZMAT drivers, weapons transport, banking records and even passports. Credentialing systems are already underway for the major ports of the world and will be used to link card to identity to ship to cargo, where cargo is monitored already with RFID.

In the future, the drivers can also be linked to the truck, and the truck to the cargo. All this can be tracked through GPS vehicle tracking. The future world of secure shipping will allow owners of cargo to track in real time the exact location of crate, each driver, each truck, and be sure that they are all supposed to be traveling together.

Haiti, Hurricane Katrina, and Identity Management

The tragedies of Haiti have me pulling up an article I wrote regarding identifying those affected by crisis. Originally published as part of the BearingPoint "IDM Insider" July, 2006

KATRINA AND IDENTITY MANAGEMENT

As documented by the Washington Post, over $1.4 Billion was provided in assistance to fraudulent Hurricane Katrina victims. While it is imperative to provide people with assistance as quickly as possible during a crisis, this must be balanced by assuring that support is properly disseminated among the true victims and proper oversight of taxpayer dollars are performed. Such control is needed because frequently the damage caused by malfeasance is far greater than the cost of implementation.

Through the use of common credentialing and identification techniques, much of the fraud that occurred during Hurricane Katrina could have been avoided. For example, debit cards issued to hurricane victims could have been activated only after individuals had passed an identity authentication and verification of ownership and occupancy process. The identity solutions should take care not to cause undo intrusion to the participants, but yet be complete enough to verify their identity and link with adjudication for assistance decisions. Such a solution would be upgraded from each deployment so that there would be consistent improvement between deployments.

Below is a list of common fraud scenarios identified by the GAO, and the corresponding IdM solutions that could be implemented to deter, identify and counteract such behavior.

• Fraud Committed: Use of different Social Security numbers for the same person - Identity Management Redress: Many social security validation programs exist and could be incorporated for validity of issuance and ownership as well as single use within the program. A more intricate program could compare biometric information for uniqueness of the registered individuals such as done through systems that incorporate 1:N matching.

• Fraud Committed: Identity theft of others, specifically those in prison - Identity Management Redress: Since the crisis was localized, each State could have provided a “qualification” list from their local DVMs as an initial method for address verification and acquiring a picture ID. Since state and federal prisoners’ data was stolen and used to apply for assistance, it is reasonable to check future crisis registrants against such data for exclusion.

• Fraud Committed: Addresses outside of assistance area, and bogus address used - Identity Management Redress: Combining a mapping software with location tabs to verify physical location of the damaged address would provide the needed geography and legitimacy assistance. Such software is easily found and integrated with, Google maps is an excellent example.

• Fraud Committed: Registrants not occupying provided address - Identity Management Redress: Address Verification System are commonly used for credit and finance applications that can be integrated as part of a verification system.

Happy Data Privacy Day

How fortuitous, my blog on identity management starts on an auspicious occasion.

 

Happy Data Privacy Day!

 

http://dataprivacyday2010.org/

Background Information

Everybody likes to know a little about the author. Below is a summary of my expertise and activities.

Experience Summary

An Associate with Booz Allen Hamilton, Mr. Sussman is an experienced information technology professional with over 15 years in the industry, to include extensive knowledge of identity management, biometric technologies, and project management. Mr. Sussman works on the Booz Allen Global IT team delivering information assurance and identity management solutions to clients, especially through biometric development strategies, privacy protection and associated policy development.

Mr Sussman has held leadership positions with the following Identity Management projects:

• Reviewing technically challenging biometric requirements of various programs at the Department of Homeland Security (DHS) to recommend where DHS Science and Technology should focus investment to meet national security needs.

• Supported the efforts of the Department of Veteran’s Affairs (VA) efforts to continually evolve their enterprise identity management capabilities. Mr. Sussman contributes thought leadership to the Virtual Lifetime Electronic Record (VLER) project which will implement overarching Identity Services across VA administrations and Lines of Business (LOB).

• Developed processes for the Department of Defense (DoD) to assure compliance to federal Homeland Security Presidential Directive – 12 (HSPD-12) and Federal Information Processing Standards 201 (FIPS 201) guidelines. This effort included managing an effort to investigate the background investigation completed on all military, civilian and contractor personnel.

• Served as a key architect for the General Services Administration (GSA) Shared Services identity card program which served to produce the Personal Identity Verification (PIV) cards for GSA’s HSPD-12 project management office.

• Develop the detailed functional design of the Transportation Worker Identity Credential (TWIC) solution. He assisted in the original design of the prototype system, specifically ensuring that best practices associated with privacy were built into the solution, provided ongoing operational support to system and users, developed user training; including specific modules biometric collection and supported the alignment of the solution with FIPS 201.

Mr. Sussman is an experienced leader in improving operations and increasing efficiencies through information technology solutions integration. Mr. Sussman has a technical background tempered with corporate and federal government environments. He is highly skilled in using information systems to innovate, improve and re-engineer government, military, and commercial business processes.


Education

• BS, Computer Science, State University of New York at Binghamton 1994

• Masters Business Administration, State University of New York at Albany 1996

• Executive Leadership, Yale, 2009