Introducing the Biometrical Electronic Passport (ePass)
Transcription
Introducing the Biometrical Electronic Passport (ePass)
University of Fribourg Information Systems Research Group Seminar work on Electronic Business Module Introducing the Biometrical Electronic Passport (ePass) Students: Course Instructor: Workshop Assistant: Daniele Cavadini Lorenzo Cimasoni Prof. Dr. Andreas Meier Daniel Fasel Spring Semester 2008 2 Contents 1 Introduction 1.1 Objective and problem definition . . . . . . . . . . . . . . . . 2 Biometrics 2.1 Introduction . . . . . . . . . . . . . . 2.2 Evaluation Parameters . . . . . . . . 2.2.1 Performance Measurement . . 2.3 Physiological biometrics . . . . . . . 2.3.1 Fingerprint . . . . . . . . . . 2.3.2 Face Recognition . . . . . . . 2.3.3 Iris Recognition . . . . . . . . 2.4 Behavioural biometrics . . . . . . . . 2.4.1 Signature . . . . . . . . . . . 2.4.2 Voice . . . . . . . . . . . . . 2.5 Other biometric examples . . . . . . 2.5.1 High uniqueness biometric . . 2.5.2 Medium uniqueness biometric 2.5.3 Low uniqueness biometric . . 2.5.4 Multi-biometric verifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 3 . . . . . . . . . . . . . . . 4 4 5 5 6 6 7 8 9 9 10 10 10 12 12 12 3 Biometrical Electronic Passport 3.1 Introduction . . . . . . . . . . . . . . . 3.2 German ID strategy . . . . . . . . . . 3.2.1 Electronic Identity Card (eID) 3.2.2 Electronic Passport (ePass) . . 3.3 Swiss Passport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 13 14 16 17 18 4 Biometrics in e-Business 4.1 E-Banking . . . . . . . . . . 4.2 Digital signature . . . . . . 4.3 Other applications . . . . . 4.3.1 Walt Disney World . 4.3.2 KSS Sport & Leisure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 19 20 20 21 22 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Biometrics in e-Government 22 5.1 E-Voting case studies . . . . . . . . . . . . . . . . . . . . . . . 22 5.2 United Arab Emirates . . . . . . . . . . . . . . . . . . . . . . 23 6 Conclusions 24 6.1 Biometric weakness . . . . . . . . . . . . . . . . . . . . . . . . 24 6.2 Big brother . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 6.3 Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . 25 1 Bibliography 27 2 1 Introduction The globalization in all its aspects political, economical and technological is creating a more strong connection between countries. It increases the flow of people, goods, services and capital and it increase the spreading of information across Internet. In the other hand also new dangers are created and an increasing demand for safety and security in the public and private sectors is driving research in the field of automated recognition of individuals by using behavioral and biological characteristics. The Biometrical Electronic Passport is only one of the solutions proposed in administration and business field. 1.1 Objective and problem definition The introduction of Biometrical Electronic Passport (ePass) subject could be treated analyzing the different concepts that compose it. First of all the biometrical part will be treated in this work, analyzing the general evolution of biometrics, the main characteristics and in more detail some biometric techniques that are currently used in different domain. For example the facial recognition used in modern passport or voice recognition technique used in different commercial situations. Then the application of those biometric techniques on country’s passports will be discussed, explaining the need of this changement and how is treated internationally. A more detailed view over German Electronic Identification project and on the Swiss situation will be given. In a second part will be discussed how biometrical techniques have been and could be applied in e-Business sector, which are the practical advantages and disadvantages of this practice, and currently which kind of solution are used and proposed. Due a previous seminar work on e-Government’s theme case studies on e-Voting a part of this work will be devoted on the explanation of an eventual application of biometrics techniques in this field. The intent of this work is not to give a technical and specific documentation over biometrics but to give a wide overview in the biometric application field, analyzing how and why biometrics techniques has been introduced at the administration and business levels, which are the possible further application in those domains and which are the obstacles in all this process. 3 2 Biometrics 2.1 Introduction The word biometrics derived from bios that means life and metron that means measure; in other words is the study of methods to uniquely recognize human traits of each person. These unique characteristics can be divided in two distinct classes: • Physiological: related to the body of the person. The most famous unique trait is the fingerprint, but there are a lot more, like the shape of the hand or of the face, the iris recognition or the DNA analysis. • Behavioural: related to the behaviour of the person. In this case the well-known example is the signature, another known biometric characteristic known is the voice. There is also the keystroke dynamic or the gait (the study of locomotion). The word biometric can also be associated to a larger set of information that a person own, the three category are: Who you are, What you have and What you know (Figure 1). Figure 1: Set of information schema These characteristics can also be combined and not simply used separated. Some combinations are already used: in example Swiss Post Finance system uses a username and a password protection for the first step of identification, the second step is based on a postcard-reader (in this case what you have and what you know works together). 4 2.2 Evaluation Parameters To classify and better evaluate the various systems based on biometric characteristics is enough to explain the power or the weakness of the following parameters for every characteristic: • Uniqueness: an higher value indicates that every person can be separated from another. • Permanence: measures how well a characteristic resists ageing. • Collectability: the easiness to measure the biometric characteristic. • Performance: speed, robustness and accuracy. • Acceptability: degree of approval of a technology. • Circumvention: easiness of use of a substitute. 2.2.1 Performance Measurement The performance parameter is a little bit more complicated than the others. In this case we have to define different kinds of error or mistake that a biometric characteristic can perform during the recording phase or during the recognizance phase. In fact, every biometric characteristic (physiological or behavioural) has to be firstly recorded into a database (or a RFID chip) and then, when needed, the data have to be verified and evaluated to check that the physical person owner of data is effectively the person recorded previously. • The first possibility is the FA error (False Accept): the system incorrectly declares a successful match between the input and a random non-matching pattern in the database. This error leads to calculate a FAR (False Accept Rate) that is a percent of these invalidity matches. • Another common rate to calculate is the FRR (False Reject Rate): in this case the input do not match with its corresponding pattern. • The EER (Equal Error Rate) is the error when both accept and reject rate are equal. More the EER value is then more accurate the system is. • FTE or FER (Failure to Enrol) is the percent of data that fails inserting into the system (poor or invalid quality of the data used as input). • FTC (Failure To Capture): this error happens when, in automatic system the biometric characteristics are presented correctly but the system was unable to detect them or capture them correctly. 5 • Template Capacity: is the maximum capacity of the system. This small introduction about biometric procedures and measurements was useful to better comprehend the following examples of biometrics. The description will be deeper for some biometric (like fingerprint, face recognition, ...) because of the relation to the ePassport and eBusiness. Other biometrics will be described shortly (like iris recognition or voice analysis). 2.3 2.3.1 Physiological biometrics Fingerprint Figure 2: Fingerprint example The main characteristics of the fingerprint biometric are: uniqueness, permanence and performance. In fact the fingerprint is unique; this means that every person has his personal fingerprint. It is permanent, because growing a person always keeps the same fingerprint and the performance analysis is high: the time to a nalyze an input with a pattern is pretty fast and the FRR and FAR are low. The fingerprint biometric become wildly used since lasts years; actually we can find the fingerprint reader over almost every notebook in commerce. For this reason the use of the fingerprint as biometric identification becomes every year more accepted and the population understand better the necessity to introduce a biometric system in passports or ID cards too. Figure 3: Fingerprint reader example 6 This biometric has some weakness too. One of them is that the fingerprint protection can be easily bypassed and in this case all security measure becomes useless. To clearly explain how a fingerprint reader works we need first know what kind of fingerprint there are; basically there are 3 kinds of fingerprints: arch, loop and whorl. • The arc fingerprints are formed by lines that enter from the left side, they form an arc in the middle of the pattern and then they exit to the right side. • The loop fingerprints are formed by lines that enter from one side of the pattern, then they form a curve and they exit to the same side. • In the whorl fingerprint there is a central point around it the lines turn around. The fingerprint sensor simply reads these lines and creates a pattern that can be stored into a database or in another storage support. When the pattern is created there are some algorithms that can be used to compare the input with all the entry into the database. One of these algorithms is the Minutia-Based algorithm which use some minutia-points (like bifurcations, ridge ending and short ridge) to create some hotspots that can be used like referring-point when an input is compared with the patterns into the database. In each image can be from 10 to 100 minutia points and with a match of 7-20 of them the pattern surely match. 2.3.2 Face Recognition The biometric face recognition becomes more and more popular and used. In fact it is not intrusive (do not need to touch anything during the scan to produce the input), it is fast but the main weakness is that about 10% of cases are False Rejected. Its principal robustness is the fast collectability. It is easy to collect data and store them into the database, for this reason the people accept that technology more than an intrusive one (like the DNA scan or the iris scan). The principal weakness is that uniqueness of individuals is not so precise; two people can be alike and the input can be accepted even if there is not a pattern of that specific person, but just a pattern of a similar one. If this problem is added to the high FRR then the result is that the system is fast and non-intrusive but there is a good probability to do not have an exact match for every measurement. This system is not used just in airport or in according to the ePassport, but it was used for the surveillance too. To mention some example: 7 • In 2001 was used the biometric face recognition for the Super Bowl 35, in Tampa Bay, Florida. During that event it recognized 19 people with pending arrest warrants. • In the 2000 presidential election the Mexican government used this system to prevent the multi-voting. Some individual were recognized, they tried to vote twice using different names. The face recognition algorithm is similar to the fingerprint one. It uses some unique landmarks like the distance between the eyes, the width of the nose, the depth of the eyes socket, the shape of the cheekbones and the length of the jaw line (Figure 4). These nodal points are measured creating a numerical code, called faceprint, representing the face in the database. When an input is inserted to be checked the program create a new faceprint number and check if into the database there is another similar number. There is a threshold that can be modified: more this value is high, more the program will generate False Repentance. Figure 4: Face recognition example 2.3.3 Iris Recognition The iris (Figure 5) has a lot of good aspect, but also some disadvantage too. One of the more robust characteristic of the iris is his uniqueness (for the fingerprint was the same); every person has his own iris and it is impossible that two people has the same (the twins do not have the same iris as well). Another good aspect of the iris is the permanence; everyone has always the same iris. The performance is another good aspect; the algorithm is fast and the FFR and FAR are very low because the scan is very accurate. The iris is an internal organ, so it is protected against damage (more than fingerprints). There is a new algorithm (developed by John Daugman) 8 that has a FRR of about 10−11 . The texture remains the same during all the life (some surgical operation can modify the colour of the eye, but not the pattern). One weakness of iris recognition is clearly its invasive nature; because of this reason the acceptability is very low (even if with modern technology an iris could be photographed from 10cm to a few meters away). Other disadvantages are that if a person does not want to cooperate the iris reading procedure becomes very difficult or that the image quality influences the FRR. Figure 5: Iris target example 2.4 2.4.1 Behavioural biometrics Signature The signature is clearly a behavioural biometric characteristic (Figure 6). The only positive characteristics are the collectability and acceptability; everyone can have a personal signature in less than one second, because it is enough to put a sign over a paper to confirm two fundamental things: • The provenience of the document. • The intention of an individual with regard to that document. The signature has clearly a lot of weakness in a biometric domain, first of all the uniqueness; someone could have the same signature of another. The permanence is another bad aspect for signature; until a person does not learn to write cannot have a signature, and the signature could change growing; the signature can also being copied very easily. It is clear that the signature cannot be used as a provable biometric test to recognize a person. 9 Figure 6: Signature example 2.4.2 Voice Speaker recognition (or voice recognition) is a computing task of recognizing people from their voice. There are two main aspects of speaker recognition, the first is to identify the speaker and the second is the speaker verification. The first differs from the second because is a slower process and concern to identify a speaker from his voice searching over a database of voices. In biometrical domain is more used the second variant, a speaker have just to be verified, having just his voice as input and the pattern of his voice as verification model. The high acceptability makes the voice one of the best candidate for future implementation of biometric security systems. However the voice does not have more positive aspects; one of the weakest points is the uniqueness, a voice can easily being copied by another person. In addition the voice is not permanent; so a person growing can change his tone and his voice can become completely different from the voice previously recorded to identify him. This aspect touches also the performance aspect. The voice recognition’s security measures are various, one of them is provided by the system that randomly asks the user one question and the user must provide the correct answer. Another option is to ask the user to repeat a sentence that the system randomly chose. The text-independent system is often used to speaker identification because in this case just a small piece of speech is enough to find the most probable speaker inside the database. 2.5 Other biometric examples Some biometric recognition system have to be at least mentioned because in that way the research is spending a lot of time in lasts years. The following examples are sorted by uniqueness, because the uniqueness is one of the more important characteristic that a biometric should have. 2.5.1 High uniqueness biometric • Retinal Scan: it is very difficult to copy but it is very intrusive. The collectability is difficult growing the structure change a little bit 10 Figure 7: Voice pattern example (Figure 8). • Facial Thermograph: the collectability is very easy to do so the acceptability is very high too. The facial thermograph has the same problem of retinal scan, growing the structure change. • Odor: the only positive aspect is that the permanence is very high, but because of the weirdness the acceptance is low. Two other negative aspects are the collectability (difficult) and the performance (low). • DNA: the only negative aspects are the collectability (difficult) and the acceptability (felt like very intrusive procedure to get it). The other aspects are all very high; the permanence is assured and does not change growing. The uniqueness is granted and the performance is high. Figure 8: Retina pattern example 11 2.5.2 Medium uniqueness biometric • Hand Geometry: the only good aspect of this biometric is that the collectability is very easily done. This biometric does not have very negative aspects, but is not enough to define this as a very good biometric. • Hand Veins: this biometric is similar to hand geometric, but the collectability is a little bit more difficult to perform (Figure 9). • Ear Canal: the only remark to do about this biometric is that the permanence is very high. Figure 9: Hand veins example 2.5.3 Low uniqueness biometric • Keystrokes: similar to the signature biometric. The keystroke change very easily growing. • Gait: similar to keystrokes and signature. The gait can change regularly and it is easy to copy. 2.5.4 Multi-biometric verifications Some companies approached the biometric recognition in different ways, but one of the securest ways is to utilize two or three biometric verification simultaneously, in example voice and facial or signature and voice. 12 3 3.1 Biometrical Electronic Passport Introduction A Biometrical Electronic Passport, sometimes simply called Electronic Passport or ePass, is a combined paper and electronic identity document that uses biometrics in order to authenticate the identity of travellers. In the actual standardized passport all information are stored on a passive Radio-Frequency Identification (RFID) chip using recommended files formats and communication protocols established by the International Civil Aviation Organisation (ICAO). The chip holds the same information’s that are printed on the passport’s data page: the holder’s name, date of birth, and other biographic information. An ePass also contains some biometrics identifier depending on the different countries choice and technical evolution. The ICAO defines the biometric identification as a verification of human identity through the measurement of distinguishing physiological or behavioural characteristics. The ICAO only considers three types of biometrics: facial recognition, fingerprint and iris scan. Actually only facial recognition is compulsory. From 2001, after terroristic attacks in USA, a higher level of security became a priority in order to prevent any passport forgery and fraudulent identification papers. An international pressure has been conducted by the US Government with a reform of their Visa Waiver Program (VWP). All foreigners that want to enter the US visa-free under the VWP must bear a machine-readable passport which complies with international standards. If a foreign passport was issued on or after October 2006 that passport must be a biometric passport. Under those conditions several countries created their ePass projects following the international standards directives. The European Union Council Regulation on standards for security features and biometrics in EU citizens’ passport, defined in 2004 the timeline for introducing digital face and fingerprint images in all European passport. This regulation implemented the technical specifications established by the ICAO. EU member states decided to use fingerprints as the second biometric identifier because fingerprint capture and reading systems have proved convenient in practice. In addition, two different biometric features increase the flexibility of controls and also the security with a cross check. Depending on the situation, inspectors will be able to choose to check only the photo or also the fingerprint during biometric controls. There are some technical difficulties that are delaying biometric integration into passport in the United States and in the European Union. These difficulties include compatibility of reading devices, information formatting 13 Figure 10: Example composition of an Electronic Passport according to GmbH and the nature of content. For example the US currently expects to use only image data, whereas the EU intends to use fingerprint and image data in their passport. The controls with the e-Passport will change but not drastically, biometric verification methods will not replace but will be a complement in traditional border controls. In a first step, personal and biometric data will be read and verified electronically and the digital photo will be used for a visual check. In the second step the photo and/or the fingerprints taken at the checkpoint will be compared with the data on the e-Passport chip. During this process, theoretically, no data will be stored. 3.2 German ID strategy Germany is one of the most advanced countries in the development of new generation of identification methods. The German governmental project is not limited on Passport changes but also integrate other identity cards, for example the national ID card for all German citizens (eID Card) and European eResidence Card for foreign 14 residents, the eHealth card and others, all in a comprehensive identification strategy (Figure 11). Figure 11: Comprehensive German Identification Strategy according to bund.de The objective is not merging all electronic cards into one but to introduce a common standard for market participants, ensuring the interoperability and the security of the system. This strategy is an integral part of a German Administration program, called eGovernment 2.0, originated from the implementation of the BundOnline 2005 and Deutschland-Online initiatives. This plan has the objective to promote the modernisation process in all public administrations and a connection with business under 4 key points: • Portfolio: enhancement of the federal eGovernement services in terms of quantity and quality • Process chains: establishing of electronic between the public administration and the business community utilizing common business process chains • Identification: Introduction of an electronic Identity Card (eID Card) and development of electronic Identification concepts • Communication: development of secure communication infrastructure for citizens, business and public administrations According to this program, Internet has to become the major communication and distribution channel for public administration services. The 15 collaboration between businesses and administration could lead to an integration of the systems. The security in internet transaction in the area of electronic business and e-Government could be realized and facilitated though the utilisation of eID cards and certificated portals as platform. 3.2.1 Electronic Identity Card (eID) The introduction of the electronic Identity Card is an important step of the eGovernment 2.0 program. In addition to the traditional functions (photo ID, identification document and travel document) the card has the aim to facilitate the reciprocal identification on the Internet. Like for the passport a microchip will provide all authentication functionality, applicable to both eGovernment and eBusiness transactions (Figure 12). Figure 12: Authentication with eID card according to bund.de Electronic identity cards want to ensure a higher level of data protection by enabling access only to certain data required for the respective identification purposes. Optionally the eID card can include electronic signature functionality and in addition biometric data (the same of the passport). During this year the card will be tested and then introduced in 2009. The procedure for authenticate citizens for an online service is the following: 1. The card is introduced in a card reader connected to the computer 16 2. The client send a request to the Application Service Provider 3. The Application Service Provider send an access certificate for presentation to the citizen 4. The certificate is transferred to the card chip 5. A Basic Access Control is established with the insertion of a PIN number in a secure connection 6. An Extended Access Control establish the chip and the application authenticity 7. The data of access certificate are sent to the Application Service Provider With the increasing security level situation is possible to imagine that in the Basic Access Control a biometric control in addition or instead of the PIN could be added in the future. The important argument is that identity controls are done on the local machine and not comparing data with a remote database. The authenticating function of the eID card could be summarized as: • Optical authentication (classic function): for the government sectors is used for identification when crossing national borders, for private sectors could be used for opening a bank account or checking into a hotel. • Electronic authentication (new function): used in electronic networks (Internet or Intranet) for eGovernment applications (tax filling, applications, information request) and for eBusiness applications (ebanking, online shopping, online auctions) • Qualified signature: is planned as an optional add-on, it want to be the electronic equivalent of handwritten signature and could be used for signing contracts or others official documents. 3.2.2 Electronic Passport (ePass) In Germany the e-Passport has been introduced in November 2005, in the first phase, with the digitalisation of all biographic information and in addition a digital facial image. In the second phase, in November 2007, 2 fingerprints has been included among with all others information’s. The German ePass was the first introduced in Europe, before only the Belgian passport was released in November 2004 but it was not full conform to the European Union and international standards. 17 3.3 Swiss Passport The Swiss policy concerning the new data content of e-Passport has been to follow and analyze the international evolution and more precisely all European Union Council decision in this matter. Figure 13: Swiss Passport and passive RFID chip example The Swiss parliament in this days has to decide if agree to apply another change to the passport in order to follow all other countries. The new sophistication proposed will be the introduction of a scanned fingerprint, along with all biographic data and the digitalized picture contained in the actual e-Passport, starting from 2009. If this change will be approved, this will be the fourth generation of passport in 7 years: • In 2003 Swiss authorities creates the first version of machine-readable Passport. • In 2006 after international pressure, and also with the Shengen openborder treaty, all member of European Union and also Switzerland introduced the biometric passport with an RFID chip containing biographic data for comparison. • In 2007 a digitalized picture of the passport’s holder was included with biographic data. • In 2009 a digitalized fingerprint will be included in the chip memory. A peculiar decision that the Swiss parliament has to take is to decide if create a central database where memorize all information contained in every passport. In case of approval Switzerland will be the first European country to systematically file all citizens included all fingerprints. This proposal has been criticized in different sectors, from a part of the parliament to the head of federal data protection and transparency bureau. 18 All European authorities charged to control data protection are against the central archiving of this type of information, in particular for biometrical one. 4 Biometrics in e-Business The example of the German national biometric identity card (eID Card), and the general strategy for an implementation of electronic identification infrastructure, could be a valuable security support for governmental but also commercial needs, especially with new applications based on electronic signatures. Users could be allowed to access eGovernement, eBanking or eCommerce applications using a similar identification system and this could create a trusted domain where exchange information’s in a secure channel. For the moment the development of biometrics is concentred into the Administration-to-Citizen (A2C) relationship but the interest is growing fast and spreading in others sectors especially into Business-to-Consumer (B2C) and Business-to-Business (B2B). In similar scenario citizens, business and governments can interact using certified ID and could encourage the development of new business models and services based on trusted transactions. The application of this new kind of authentication method became relevant in some specific eBusiness and eCommerce sectors. 4.1 E-Banking In e-Banking case for example there is a strong demand and researches for a more reliable authentication method for system operators and customers. The actual security system is usually composed by a cryptographic connection though Internet using Secure Soket Layer (SSL) cryptography, and the authentication is done using an user number ID, a password or a PIN and often a synchronized random number generator. But the increasing number of different kind of attacks, such as phishing attacks where the attacker using fake e-mails try to capture user’s financial information and account password, make all online bank systems vulnerable. Some banks already experiment a sort of biometric identification with the introduction of phone based transactions, somethimes also called vCommerce. In this domain the user is identified by his voice pattern and some others identification methods like personal code and random questions. Speaker verification is an effective way for providing a good security but remaining not intrusive, and with lower operational costs compared with others techniques. Another example is the introduction of biometric automated teller machine (ATM) in India for testing if such system is valid. The machines are 19 expected to serve about 100,000 workers who will use fingerprint scanners, rather than ATM cards and PINs, to obtain their funds. This remain an experiment due the fact that similar machines have not caught much success during trials in other part of the world. This is due to the fact that the use of only fingerprint for authentication, withouth any card or PIN code, is not considered safe enought caused by False Acceptance Rate and circumvention techniques of this biometric. 4.2 Digital signature As in others applications also in digital signature there is a growing interest for implementing a PKI (Public Key Infrastructure) with some biometric techniques. The major problem is the same as in all others aspect: data protection and the trusted identification of people involved. The aim is to compare at the same level a personal handwritten signature to a remote digital one, with the same legal and economical implications. In the German electronic national identity card there is the optional possibility to have the digital signature feature. The card is prepared and contains keys and the qualified certificate. This creates also some legal basis for electronic signature on contracts and other legal paper such as electronic employment certificate, salary statement and tax statement. The only way to identify the owner of a public key in traditional asymmetric encryption is through the correspondence justified by Certification Authorities. In current solutions an authentic digital signature proves that the signer possessed the proper secret key, however it cannot be verified whether really the rightful owner of the key used it, or someone else did. In a system constructed with keys and certificates stored on an eID card protected with PIN number or biometrics check, the security of the transaction and the identity of contractors rise considerably. But not all problems could be avoided, algorithms weakness and direct attack remain problems to be solved. 4.3 Other applications There are many others sectors that could be interested in the ePass and biometrics evolution, in first place all systems that involves payments and monetary transactions but also virtual auctions systems and digital signature for contracts. People are still less or more afraid to give personal information and credit card number over the Internet, with biometrics security techniques maybe this will change. In quite all business and governmental organisations biometrics are already used to secure physical systems and places in order to prevent unauthorized access, for example banks servers, critical structures or military facilities. In those situations the acceptance of biometrics is not relevant 20 due the fact that only few people has the right to use those systems and often are the same that work in order to deploy them. All problems and recommendations encountered during the application of biometrics methods into business are the same that could be encountered into the eBusiness world. A low acceptance of those techniques, the lack of a valid regulatory and the lack of standard data protection rules could create security problems for single users. There are also other examples of more extended and large scale use of biometrics for business and governments, is the case of ticket owner problem or border controls. In some facilities a biometric system has been deployed to ensure that the owner of the ticket is the one allowed to use it and in other cases to control immigrations. 4.3.1 Walt Disney World The interesting and discussed case of Walt Disney World in Orlando (USA) where for years the earlier system recorded onto tickets the geometry and shape of visitors’ fingers and now the system uses a geometric formula in order to create an identifying number to prevent ticket fraud or resale (Figure 14). The database where all identifying numbers are stored is maintained for 30 days and Disney claims that no fingerprint images are taken but only some measures. Figure 14: Walt Disney World ticket and fingerprint checking point Against all criticism of lack of transparency the Disney project has been followed with attention by the US government because it was the largest national single commercial application of biometrics. 21 4.3.2 KSS Sport & Leisure Another example is the case of KSS Sport & Leisure Centre in Schaffhausen where, since January 2005, a system with a central database stored all customer’s personal data and also their fingerprints in order to perform a control over season tickets that give access to the facilities for 6 or 12 month. The image of the fingerprint taken at the access barrier is compared with the reference template. The negative reaction of many customers who refuse to allow their biometric data to be stored induced some inspections. This type of use of biometric data for access control is not conform with Swiss data protection rules. Customers who do not want provide their biometric data should be offered an alternative solution and the biometric data must be recorded on a chip placed on their season ticket rather than stored on a central computer. And like for the Walt Disney case is important to delete all personal data after a certain period. 5 5.1 Biometrics in e-Government E-Voting case studies In a previous seminar work in eGovernments the case studies in e-Voting has been treated and the final discussion concerns were quite all about the identification of the voter. Figure 15: Geneva voting card 22 In the actual e-Voting systems tested in Switzerland (Geneva, Neuchâtel and Zurich) the identity of the voter is verified generally only by some information printed on the voting card that is sent at home (Figure 15) and some biographic data. This authentication method create the possibility, for everyone that can take the voting card and know some biographic data of the citizen, of what is called a ”family vote” or even create a market for selling votes. The conclusion was that the actual security measures are no sufficient for protecting the e-Voting system and a possible solution for verify the identity of the voter is to introduce a biometric checking component. The German eID strategy could give an important development instrument to add some further applications in order to allow a secure identification. Another possibility in Switzerland is to use the actual discussed and discussed central database that will be created in 2009 with the introduction of fingerprints into the ePass but a system that not relies to a remote database is preferable. In any case an improvement of identification security must be considered for an extended phase of the e-Voting pilot projects. 5.2 United Arab Emirates Figure 16: United Arab Emirates Iris checking point Starting from 2001, in the largest national deployment of iris recognition to date, the United Arab Emirates (UAE) Ministry of Interior requires iris recognition tests on all passengers entering UAE from all air, land, and sea ports (Figure 16). Through Internet each passenger is compared against each of 313,000 iris patterns of foreign nationals who were expelled for various 23 violations, whose IrisCodes were registered in a central database before the expulsion. The time required for a search through the database is in average 2 seconds. Each day in average, 6,000 arriving passengers are compared against the entire watch list of 313,000 patterns stored in the database; this is about 2 billion comparisons per day. A total of 4,387 matches have so far been found against persons in the watch list by these iris algorithms. According to the UAE Ministry of Interior, none of these matches have been disputed, and all have ultimately been confirmed by other records. 6 6.1 Conclusions Biometric weakness The risk of all biometrics is that there is a possibility that can be forged. For example fingerprints with a small kit consisting of commonly available products, from just dome glue to photographic technology, can be easily duplicated and applied over another fingerprint. Biometrics could be a potential danger as well as every technology if used with illegal intents. The biometric sector is pretty new and in constant evolution, also attacks evolve with. The biometric technology is considered young and with a large margin of evolution and amelioration. There will be further evolution every year, with new idea and system ameliorations. 6.2 Big brother People acceptance in biometrics depend on different factors, from the society where they live to the personal perception of what is considered intrusive, the big brother problematic is well know with the increasing number of video surveillance. The introduction of biometrics techniques in a too fast and uncontrolled way could lead to a reject of those technologies. For example taking the fingerprint image for the major part of citizens is strictly connected to crime and police investigations like for DNA. The introduction of biometrics reading devices in common used electronics devices, such as fingerprint readers for computers, could help to change the mind of simple users about the use of biometrics features. But there are also differences between biometrics, people are less threatened to use voice or facial recognition, rather than iris and fingerprint, because the human normal behaviour is to identify other persons by the face and the voice and other behavioural and physical details that are saw by everyone. Latest events where biometrics, like face recognition, has been used and tested in public places in order to identify people could create in one hand 24 a more secure environment but in other hand could increase the perception of being controlled all the time. In actual news a similar system that has been used in USA during the Super Bowl will be probably deployed in train station and the entrance of all stadiums for the European Football competition 2008 in Switzerland and Austria. The aim of the system is to identify and stop all filed hooligans that could create problems during or after football matches. The problem remain to find the border between privacy and security measures, how many individual privacy could be sacrificed in order to maintain an acceptable security level? 6.3 Considerations Biometrics, in essence ’what you are’, are not destined to replace ’what you know’ items such as PIN numbers, and ’what you have’ forms of identification such as ID cards, in short time. The most probable situation is the use of those three kinds of identification methods in combination or at least a mix of biometrics and ID card, which is the case of Biometrical Electronic Passport. The application of biometrics in eBusiness will expand every year thanks to the technology evolution, but the best way to follow is to create a common framework with eGovernment initiatives in order to have a common base that could be better accepted by users. On the side of computer producers the introduction of technological components that are usable for biometric identification, actually microphones, webcams and fingerprint readers, help the introduction, the development and the experimentations of biometric applications for different purposes and in different field from academic to industry. There is an international interest from industries and governments around all pilot projects that are running today, from Walt Disney to ATM, from electronic biometrical passport to national ID card. Those tests are an initial experimentation of biometric in large scale with millions of potential user or customers. Another important subjet treated is the storage of biometrics data, a general concern from users is the memorisation of, for example, fingerprints records or voice patterns in potentially unsecure database online. Actually the international recommendations on this subject are to avoid that kind of database and to limit biometric data stored on personal cards and documents. Personal cards provide a convenient method for storing biometrics template, also biometrics can be used to protect access to the information stored in the card or used in combination to give access to network applications and services. In conclusion the importance of biometrics will certain grow during next years and will interest all kind of field, from economical to juridical and ethi25 cal, involving industry, governments and academic sectors, in order to create and improve security standards. This process will of course also involve the world of Internet in all his dimension, to create a more secure virtual environment where the exchange of critical data will be better protected than today. 26 References [Backer 2003] Stephen Baker, Biometrics Meets E-Commerce, News Analysis, June 2003, available: http://www.businessweek.com/ technology/content/jun2003/tc20030620_3373_tc119.htm, accessed 03th of May 2008. [Bechelli 2002] Luca Bechelli, Stefano Bistarelli, Fabio Martinelli, Marinella Petrocchi and Anna Vaccarelli, Integrating Biometric Techniques with an Electronic Signature for Remote Authentication, IIT-CNR, 2002, available: http://www.ercim.org/publication/Ercim_News/enw49/ bechelli.html, accessed 02nd of May 2008. [Busch 2005] Christoph Busch, Biometrics and Secure Travel Documents, Fraunhofer-IGD, Darmstadt, 2005, available: http://www.embo.org/ scisoc/busch.pdf, accessed 11th of March 2008. [Busch 2006] Christoph Busch, Facing the future of biometrics, European Molecular Biology Organisation, Darmstadt, 2006, available: http://www.3dface.org/files/papers/ busch-embo2006-face-recognition-overview.pdf, accessed 11th of March 2008. [Daugman 2006] John Daugman, Probing the uniqueness and randomness of IrisCodes: Results from 200 billion iris pair comparisons, Proceedings of the IEEE, 2006, available: http://www.cl.cam.ac.uk/users/ jgd1000/ProcIEEEnov2006Daugman.pdf, accessed 05th of May 2008. [Epractice 2008] Epractice, eGovernement in Germany, eGovernement Factsheets, January 2008, available: http://www.epractice.eu/ resource/737, accessed 10th of April 2008. [E-Voting 2007] Daniele Cavadini, Lorenzo Cimasoni, Case Studies on EVoting, Seminar Work on E-Government, Information Systems Research Group, University of Fribourg, Autumn Semester 2007. [FDPIC 2007] Federal Data Protection and Information Commissioner, Biometric access control to sport and leisure centres, Annual Reports, July 2007, available: http://www.edoeb.admin.ch/dokumentation/ 00445/00509/01130/01140/index.html?lang=en#, accessed 2nd of May 2008. [Federal 2007] Federal Ministry of the Interior Germany, Discover Germany Electronic Passport, Office of the Chief Information Officer, November 2007, available: http://www.bmi.bund.de, accessed 10th of April 2008. 27 [Gildas 2004] Gildas Avoine, Kassem Kalach, Jean-Jacques Quisquater, Belgian Biometric Passport does not get a pass..., UCL Crypto Group, Louvain-la-Neuve, April 2004, available: http://www.dice.ucl.ac. be/crypto/passport/index.html, accessed 22nd of April 2008. [Harmel 2006] Karen Harmel, Walt Disney World: The Government’s Tomorrowland?, September 2006, available: http://newsinitiative. org/story/2006/09/01/walt_disney_world_the_governments, accessed 2nd of May 2008. [Hennebert 2008] Jean Hennebert, La reconnaissance du locuteur, Traitement de la Parole course, Sping Semester 2008, available: http:// moodle.unifr.ch/course/view.php?id=2085, accessed 24th of April 2008. [Meier 2008] Andreas Meier, Henrik Stormer eBusiness & eCommerce Managing the Digital Value, Springer, Berlin, 2008. [Möller 2007] Jan Möller, eID developments in Germany, Federal Ministry of the Interior Germany, Coimbra, May 2007, available: http://www.ama.pt/porvoo/apresentacoes/25_manha/ porvoo11_jeanmoller.pdf, accessed 11th of March 2008. [Mombelli 2008] Armando Mombelli, La Svizzera, un paese di banche.. dati, In: Swissinfo News, March 2008, available: http://www.swissinfo. ch/ita/swissinfo.html?siteSect=43&sid=8881783, accessed 4th of April 2008. [Reisen 2006] Andreas Reisen, Electronic Passport and National e-ID Card in Germany, Federal Ministry of the Interior Germany, October 2006, available: http://www.teletrust.de/fileadmin/files/isse/ vortr_reisen.pdf, accessed 11th of March 2008. [Schmidt 2005] Albrecht Schmidt, German e-Card Strategy: The National ID-Card, Federal Ministry of the Interior, October 2005, available: http://www.porvoo8.rrn.fgov.be/porvoo8/doc13/14_ porvoo8_2005-10-11_porvoo\%208cu_germany.ppt, accessed 10th of April 2008. [Schmitz 2006] Patrice-Emmanuel Schmitz, Biometrics in Europe, European Biometrics Portal, June 2006, available: http: //www.libertysecurity.org/img/pdf/trend_report_2006.pdf, accessed 10th of April 2008. [Schwarz 2006] Sylvia Schwarz, Pilot project fot biometric passport in Switzerland, Siemens Corporate Press, Austria, September 2006, available: http://www.cognitec-system.de/press-releases/ pm-epassschweiz-0906.pdf, accessed 11th of March 2008. 28 [Zhang 2002] David D. Zhang, Biometrics Solutions For Authentication In An E-World, Kluwer Academic Publisher, Massachussets, 2002. 29