The Third Working Draft Study Report on Biometrics in E-Authentication of the INCITS M1.4 Ad Hoc Group on Biometrics and E-Authentication (AHGBEA) is available in pdf format - 117 pages - can be found here. Comments should be addressed to Cathy Tilton, (Cathy.Tilton@daon.com) the Ad Hoc Group chair, on or before August 29, 2006. The Group hopes to submit its work for M1 approval in October, w006.

The Table of Contents is appended to the end of this posting.

The brief executive summary states:

Executive Summary
Biometrics-based authentication offers several advantages over other authentication methods,
prompting a significant surge in the use of biometrics for user authentication in recent years. It is
important that such biometrics-based authentication systems be designed to withstand attacks
when used in a remote e-authentication environment. This document outlines inherent strengths
of biometrics-based authentication, identifies weak links in systems employing biometrics-based
authentication, and presents solutions for eliminating these weak links. Further, this document is
intended to show how biometrics can and should be used in the four (4) assurance levels of OMB
M04-04 and NIST SP 800-63.

Henry J. Boitel
Biometric Bits - The Key to Identity Managment Information
=============================================
Table of Contents
Table of Contents.......................................... .................................................. .. 2
List of Figures .................................................. ................................................. 5
List of Tables .................................................. .................................................. . 5
Executive Summary .................................................. ........................................ 6
1 Introduction...................................... .................................................. ...............6
1.1 Background........................................ .................................................. ........ 6
1.2 Scope............................................. .................................................. .............6
1.3 Purpose........................................... .................................................. ............6
1.4 Overview.......................................... .................................................. ............7
1.4.1 Assumptions....................................... .................................................. .....7
1.4.2 Premise........................................... .................................................. ........ 7
1.5 Policy Boundaries .................................................. .....................................7
2 Study Methodology....................................... .................................................. .8
2.1 Current Guidance – Section 3 .................................................. .................8
2.2 Frame the Problem – Section 3................................................. ................ 8
2.3 Previous Work – Section 4 .................................................. ...................... 8
2.4 Identify Architectures – Section 5 .................................................. ............. 8
2.5 Critiques – Section 6................................................. ....................................8
2.6 Define Threats/Analyze Architectures – Section 7......................................8
2.7 Recommend Guidance – Section 8................................................. ............. 8
2.8 Future Work – Section 9 .................................................. .............................8
3 Statement of the Problem........................................... ...................................... 9
3.1 The Problem........................................... .................................................. ........ 9
3.2 Office of Management and Budget (OMB), M-04-04...................................9
3.3 NIST SP800-63................................................ ................................................10
3.3.1 Relevant terms and definitions....................................... ..............................10
3.3.2 Statements related to biometrics .................................................. ..............10
3.3.3 Characterization of Assurance Levels from NIST SP 800-63 ..................11
4 References........................................ .................................................. ..................14
4.1 Reference Documents .................................................. ...................................14
4.2 Baseline Standards......................................... .................................................. . 14
4.3 Common Terms .................................................. ................................................14
5 Biometric Authentication Concepts and Architectures..................................... .. 15
5.1 Conventional Authentication Mechanisms .................................................. .......15
5.2 Biometric Systems .................................................. .............................................17
5.2.1 Conceptual Diagrams.......................................... ............................................ 17
5.2.2 Biometric Functions......................................... .................................................. 19
5.2.3 Biometric Algorithm......................................... .................................................. ..22
5.2.4 Biometric Subsystems........................................ ................................................22
5.2.5 Secure Biometric System............................................ .......................................24
5.2.6 Biometrics and authorization .................................................. ...........................25
5.3 Architecture Comparison .................................................. .....................................28
5.3.1 Storage Locations......................................... .................................................. .....35
5.3.2 Matching Locations .................................................. ...........................................36
Study Report on Biometrics in E-Authentication 8/21/2006
Ver 0.5
3
5.4 Architecture Alternatives .................................................. .......................................37
5.4.1 Architecture A – Store on Server, Match on Server ..........................................38
5.4.2 Architecture B – Store on Client, Match on Client............................................ ..38
5.4.3 Architecture C – Store on Device, Match on Device..........................................38
5.4.4 Architecture D – Store on Token, Match on Server ...........................................39
5.4.5 Architecture E – Store on Token, Match on Device............................................ 39
5.4.6 Architecture F – Store on Token, Match on Token .............................................39
5.5 Biometric Authentication Concepts................................
5.5.1 Human issues .................................................. ......
5.5.2 Assumptions....................................... .....................
5.6 Properties of Dynamic Biometric Technologies............
5.6.1 General........................................... .........................
5.6.2 Two Factor Authentication in One .........................
5.6.3 Privacy – Increased Security with Privacy .............
5.6.4 Revocation of the Dynamic Biometric Template ...
5.6.5 Dealing with the Sample Variability in Dynamic Biometrics ....
5.6.6 Use of Dynamic Biometrics in Open Networks ....
5.6.7 Releasing the Secure Password Using Biometrics..
6 Challenges & Risks............................................. ....................
6.1 Compromise........................................ .................................................. .................40
6.1.1 Can there be a compromise without an attack? ............................................ 41
6.1.2 Are compromises permanent?........................................ .................................. 41
6.2 Revocation of Biometric Identifier .................................................. ....................... 42
6.2.1 Potential issues of revoking compromised biometric data .............................42
6.2.2 Possible revocation solutions......................................... .....................................44
6.2.3 ‘Cancellable’ Biometrics .................................................. ...................................46
6.2.4 SC27 Work on Template Protection .................................................. ............... 46
6.3 System Spoofing .................................................. .................................................. . 46
6.3.1 Spoofing Techniques .................................................. ..........................................46
6.3.2 Liveness Detection......................................... .................................................. .....47
6.4 Entropy / Strength of Function .................................................. ...............................48
6.5 Integrity v. Secrecy .................................................. .................................................. 52
6.5.1 Biometric reference integrity .................................................. ..............................52
6.5.2 Biometric Identification Record Protection .................................................. ...... 53
6.5.3 Key Management .................................................. ................................................56
6.6 Peer Review Methods for Biometrics .................................................. ................... 56
6.7 Privacy .................................................. .................................................. ....................60
7 Threats, Vulnerabilities, and Models............................................ ................................ 61
7.1 Biometric Attacks .................................................. .................................................. .. 61
7.1.1 Enrollment Attacks .................................................. .............................................61
7.1.2 Input Level Attacks........................................... .................................................. ..62
7.1.3 Processing and Transmission Level Attacks........................................... ..........63
7.1.4 Back-end Attacks .................................................. ................................................64
7.2 Threat Modeling.......................................... .................................................. .............65
7.2.1 Vulnerable points of a biometric system .................................................. .......... 65
Study Report on Biometrics in E-Authentication 8/21/2006
Ver 0.5
4
7.2.2 Threats and Countermeasures .................................................. ........................ 66
7.2.3 Enrollment Threats........................................... .................................................. ...69
7.2.4 Employing Countermeasures .................................................. ............................71
7.2.5 Mapping of Threats to Security Levels............................................ ................... 71
7.3 Analysis of Architectures..................................... .................................................. .. 72
7.3.1 Architecture Components .................................................. ...................................73
7.3.2 Store on Server (A) .................................................. ............................................. 74
7.3.3 Store on Client (B)............................................... ................................................. 76
7.3.4 Store on Device (C) .................................................. ............................................ 78
7.3.5 Store on Physical Token (D-F) .................................................. ........................... 81
7.3.6 Architecture Applicability to Security Levels .................................................. .......... 88
7.4 Considerations.................................... .................................................. ......................... 89
7.4.1 Trust............................................. .................................................. ....................... 89
7.4.2 Multi-factor authentication .................................................. .................................89
7.4.3 Multi-Biometric authentication.................................... .........................................91
7.5 Alternative Approaches Using PIN plus Secret-Based Dynamic Biometric Sample ... 92
7.5.1 Mobile Device Applications .................................................. ............................... 92
8 Recommendations................................... .................................................. .................... 94
9 Future Work.............................................. .................................................. .....................96
Annex A: Bibliography...................................... .................................................. ................97
A.1 Subject References........................................ .................................................. ...........97
Annex B: Contributors...................................... .................................................. ................100
B.1 Technical Editing Team .................................................. ...........................................100
B.2 Contributors...................................... .................................................. ..........................100
B.3 Committee Members/Participants .................................................. ..........................101
Annex C: Role of Standards .................................................. ............................................102
C.1 Standards Organizations and Activities .................................................. ..................102
C.1.1 Standards Organizations of Interest .................................................. .....................102
C.1.2 Relevant initiatives within other organizations..................................... ...................103
C.1.3 Existing Biometric Standards......................................... ..........................................103
C.2 Encoding schemes of ASN.1............................................. ...........................................107
C.3 XCBF data structure......................................... .................................................. ......... 108
C.3.1 Biometric Header .................................................. .................................................. .. 108
C.3.2 Biometric Object .................................................. .................................................. ... 108
C.3.3 Integrity Object .................................................. .................................................. ..... 109
C.3.4 Privacy Object .................................................. .................................................. ....... 110
C.3.5 Integrity and Privacy Object .................................................. ................................... 111
Annex D: Cryptographic/Biometric Comparison .........................
Cryptographic and Biometric Community Evaluation Comparison........
Annex E: Implementation Examples .................................................. ................................. 112
D.1 VoiceXML/WebServices Example........................................... ....................................112
D.2Methodology Detail based on Combination of PIN and Secret-Based Dynamic Biometric
Sample............................................ .................................................. ...................................... 112
Study Report on Biometrics in E-Authentication 8/21/2006
Ver 0.5
5
List of Figures
Figure 1 - ANSI X9.84-2003 Generalized Biometric Model .............................................18
Figure 2 - ISO SC37 SD11 Concept Diagram........................................... ....................... 19
Figure 3 - Enrollment Process Model .................................................. ...............................20
Figure 4 - Verification Process Model............................................. .....................................21
Figure 5 - Identification Process Model............................................. ...................................22
Figure 6 - Biometric and Security System Relationship...................................... ................25
Figure 7 - Entropy and Strength of Function Comparison .................................................. 51
Figure 8 - Biometric Identification Record............................................ ................................. 54
Figure 9 - Biometric Identification Record Integrity......................................... ......................55
Figure 10 - Biometric Identification Record Confidentiality ................................................55
Figure 11 - Biometric System Threat Model .................................................. ......................66
Figure 12 - Store on Server Match on Server Architecture .................................................7 5
Figure 13 - Store on Client Match on Client Architecture...................................... ................77
Figure 14 - Store on Device Match on Device Architecture .................................................7 9
Figure 15 - Store on Token Match on Server Architecture .................................................. . 84
Figure 17 - Store on Token Match on Token Architecture...................................... ...............86
Figure 18 - Serial Multi-factor Authentication .................................................. ........................90
Figure 19 - Parallel Multi-factor Authentication .................................................. .....................90
Figure 20 - XCBF Biometric Header............................................ ............................................108
Figure 21 - XCBF Biometric Object............................................ .............................................109
Figure 22 - XCBF Biometric Integrity Object............................................ ................................ 110
Figure 23 - XCBF Privacy Object .................................................. ............................................ 110
Figure 24 - XCBF Integrity and Privacy Object............................................ ............................. 111
Figure 25 - Generic VoiceXML SIV Architecture .................................................. ................... 112
List of Tables
Table 1 - OMB M-04-04 Maximum Potential Impacts for Each Assurance Level.................. 9
Table 2 - OMB M-04-04 Assurance Level Examples .................................................. .............10
Table 3 - SP800-63 Token Mappings to OMB M-04-04 Assurance Levels ............................11
Table 4 - Authentication Mechanism Cross-Comparison........................................ .................. 16
Table 5 - Biometric Storage and Matching Locations .................................................. .............. 35
Table 6 - Biometric Storage and Matching Location Matrix............................................ .......... 38
Table 7 - Entropy and Strength of Function Description....................................... ...................... 50
Table 8 - Biometric Strength of Function .................................................. ................................... 52
Table 9 - Biometric System Threat Locations and Countermeasures................................... .... 68
Table 10 - Threats Addressed at Assurance Levels .................................................. ................. 72
Table 11 - FMR Addressed at Assurance Levels............................................ .............................72
Table 12 - Selected Biometric Architectures .................................................. .............................. 72
Table 13 - Biometric Architecture Data Transfer .................................................. ....................... 74
Table 14 - Biometric Architectures and Assurance Level Capabilities...................................... 89
Table 15 - Cryptographic and Biometric Evaluation Comparison