160 likes | 294 Views
Executive Post Graduate Programme in e-Governance (EPGP-EG), 2013-14 Identity Management. Cyber Security Through Biometrics in e-Gov Projects. Presented by. GROUP # 2 Pravin Kolhe M. Jyothi Rani Sanjay Singh Vivek Srivastava Chandan Kumar Jha. July-2013, IIM Indore.
E N D
Executive Post Graduate Programme in e-Governance (EPGP-EG), 2013-14 Identity Management Cyber Security Through Biometrics in e-Gov Projects Presented by GROUP # 2 PravinKolhe M. JyothiRani Sanjay Singh VivekSrivastava Chandan Kumar Jha July-2013, IIM Indore
On Internet, nobody knows who you are… • A terrorist… or a student… or a spy…?
Issues in Cyber security in eGov Projects • Compromised Digital Certificate • Denial of Service • Data Leakage • Malware • Hacking • Cyber Squatting • Phishing • Vishing • Identity Theft • Cyber Terrorism
Cyber crime in India • The majority of cybercrimes are cantered on forgery, fraud and Phishing, • India is the third-most targeted country for Phishing attacks after the US and the UK • Social networks as well as ecommerce/govsites are major targets • 6.9 million bot-infected systems in 2011 • 14,348 website defacements in 2011 • 6,850 .in and 4,150 .com domains were defaced during 2011 • 15,000 sites hacked in 2011 • India is the number 1 country in the world for generating spam.
How Biometrics can help? • A single identity is associated with each individual and is fixed in time. • Individuals are not on a list of known criminals or terrorists. • Individuals have not been previously excluded (e.g., are ineligible for services, have been deported, etc.). • The claimed identity may be verified (i.e., at a point of service). • Cyber Security is about establishing trust in entities accessing your networks and ensuring that they perform functions consistent with the role you define for them. • The fundamental capability necessary for any cyber security solution is Identity Management. • Biometrics is a key enabling technology in the fight to strengthen the security of systems against cyber crime. • “Automated measurement of Physiological and/or behavioural characteristics to determine or authenticate identity” • Biometrics provide a clear benefit to counteracting cyber security threats.
RECOMMENDED STANDARDS & DESIGN • ISO/IEC JTC 1 SC 37 • ISO/IEC JTC 1 SC 27 • ISO/IEC 24761:2009, Information technology - Security techniques - Authentication context for biometrics (ACBio) • ISO/IEC 19792:2009, Information technology - Security techniques - Security evaluation of biometrics • ISO/IEC 24745 - Information technology - Security techniques - Biometric template protection • ISO/IEC 24760, Information technology - Security techniques - A Framework for Identity Management • ISO TC 68
Identification Authentication It determines the identity of the person. It determines whether the person is indeed who he claims to be. No identity claim Many-to-one mapping. Cost of computation number of record of users. Identity claim from the user One-to-one mapping. The cost of computation is independent of the number of records of users. Captured biometric signatures come from a set of known biometric feature stored in the system. Captured biometric signatures may be unknown to the system. Identification vs. Authentication
PHYSIOLOGICAL IDENTIFICATION Biological/chemical based • Finger prints • Iris, Retinal scanning • Hand shape geometry • blood vessel/vein pattern • Facial recognition • ear image • DNA
BEHAVIOURAL IDENTIFICATION A reflection of an individual’s Psychology • Hand written signatures • Voice pattern • Mouse movement dynamics • Gait (way of walking) • Keystroke dynamics
Why biometric? • Eliminate memorization – • Users don’t have to memorize features of their voice, face, eyes, or fingerprints • Eliminate misplaced tokens – • Users won’t forget to bring fingerprints to work • Can’t be delegated – • Users can’t lend fingers or faces to someone else • Often unique – • Save money and maintain database integrity by eliminating duplicate enrolments • Liveliness detection & multimodal systems to combat spoofing. • Data signing, time stamp and session token mechanisms for minimizing hacking. • Coarse scoring, trusted sensors and secured channel for Denial of service.
authentication framework for data security • Securely manage sensitive biometric data. • Ensuring the privacy of users’ personal (e.g. biometric) data. • Resisting attacks launched by insiders/outsiders. • Providing for non-repudiation of activities. • Integrating with 3rd party applications. • Scaling enterprise-wide deployments.
Disadvantages of biometric • Expensive • Change with Age • Privacy Concerns • Hygiene perception • False Reading& copying • Reliability Issues
conclusion • Biometrics offer the ability to both improve security and increase higher degrees of convenience. • Biometrics can supplement existing authentication mechanisms such as tokens and passwords. • ROI on eGov Projects may not show an picture as it is still in its infancy.
Contact: - Pravin Kolhe, Executive Engineer Water Resources Department, Government of Maharashtra Email:- pravinkolhe82@gmail.com www.pravinkolhe.com PPT downloaded from www.pravinkolhe.com
Thank You…! GROUP # 2, EPGP-EG, IIM Indore, 2013-14