Biometric Security: Biometric Benefits and Problems - Assignment Example

Computer Security Analysis Name : Student # : Tutor : Word Count : Analysis 1- 1,122 Analysis 2- 1, 114 Analysis 3- 1, 172 TABLE OF CONTENTS 1. Analysis 1 – Biometric Security: Biometric Benefits and Problems - 3 a. References - 7 b. Appendix - 7 2. Analysis 2 – Internet Security Analysis: SPAM Prevention and Technique - 8 a. Fighting SPAM with ISP - 8 b. Website Level Protection - 9 c. Individual Protection and Technique - 10 d. SPAM Protection in Development - 10 e. References - 12 f. Appendix - 12 3. Analysis 3 – Network Security: Security Implications of Honeypots - 13 a. Physical and Virtual Honeypot - 13 b. Types of Data Capture - 14 c. Importance of Data Analysis - 15 d. Other Views and Possibilities - 15 e. References - 18 f. Appendix - 18 1. Analysis 1 Biometric Security: Biometric Benefits and Problems Identification verification is a common task that has numerous “real life applications such as access control, transaction authentication in banking, and networking” (Marcel and Bengio, 2003, p.1). Biometrics is a method designed to recognize or authenticate individual using their physical distinctiveness such as handwriting, fingerprint, iris, voice, and other unique characteristic a human possess (Kang and Weimin, 2002, p.1). This is more secure since biometric data remains the same over the course of a person’s life (Technovelgy-Article 16, n.d., p.1). It is like using your body as a “digital key” to enter a secured environment to acquire needed services and data (Grijpink, 2003, p.1). Similar to other existing security systems, Biometrics security also entails some social issues that need to be address. Biometrics provides high level of protection against malicious attacks and identity fraud. One of the major benefits of Biometrics against other security systems is the capture of biometric data into digital form. Digital is convenient, fast, easily shared, and provides boundless possibilities. The biometric technology provides a better alternative to passwords or PIN which can be stolen, guessed, lost, and usually forgotten. Ensures accountability since it is link to identity and not to something you learn or have knowledge of and most of all reduced paper works, convenience, and much greater control (Maxine, 2002, p.5). However, some people are reluctant to accept the idea believing there maybe security holes that may compromise their privacy. The possibility of an attack on the system to steal the captured data and use it to access that person’s account is a big concern. Another is database management and sharing which are also vulnerable to manipulation and theft (Kang and Weimin, p.4-5) The standardization of the Biometric Systems level procedures particularly database structure, is another issue that must be solve. The data processing methods used in Biometric data capture are difficult to standardize since they normally differ for each company. This will cause interoperability problems when data is shared across different systems. Standard biometric testing and procedures are critical since they will provide people with much better perception of the biometric system and help them pick the own preference (Kang and Weimin, 2002, p.6). Biometric systems according to Grijpink (2003) are susceptible to fraud. This means not specifically issues on equipments alone but on society and methods too. He added that biometric readings do not guarantee precise images and therefore there is no assurance of accuracy. This is because the quality of biometric testing only depends on the suitability of certain parameters set to measure allowable discrepancies that can be still use to successfully identify the right person. This means the less accurate the configuration, the more likely the system identifies somebody else (p.3). Biometric details like any other personal identification cards or number requires submission of identity documents which cause us to instinctively trust that person even though their details are unverifiable personal information. This is also happening with biometric systems where devices are just following what is stored on a database regardless of the truthfulness of the accompanying personal documents submitted by a person when he enrolled with the system. We are unknowingly receiving false details but confidently storing them all into the biometric database. This is the reason why most identity fraud succeeds by way of simply allowing submission of unverified identity of a person. In biometric for instance, a person can be accurately identified as the right person regardless of who he is (Grijpink, 2003, p.12). The fact that most security systems are concentrating more and giving more emphasis on the identity aspects of security, they tend to forget that verifying their personal details beforehand are also very important. In the social implication of Biometric, Human Rights advocates insist that the very act of fingerprinting violates the right to privacy. They added that the very fist step in Biometric data gathering (“enrolment”1) for administrative use alone is an infringement of physical integrity and privacy. Aside from the absence of firm standards, biometric technology still gets a “bum rap2” from end users because they feel violated by these methods (O’Shea and Lee, 1999, p.1). This is quite common because some cultures may find it significantly sensitive in the process by which information are obtained like the disgrace of criminal activity traditionally attached to fingerprinting. Another related issue is the obscure nature of some biometrics gadgets like the contact-less RFID chips found in US passports consist of biometric details readable through a person pocket, bags, wallet, etc. as far away as 20 meters by immigration officers. This process is called skimming or processes of reading identity information in advance that is already a controversial issue in major airports of the world implementing advanced passenger screening programs (Thomas, 2005, 12-13). An added downside to biometrics global application is the authority over the data once it is transferred to another location (Thomas, 2005, 12-13). A good example of this is the US-Europol agreement of 2001 to exchange of information and personal data among law enforcement agencies. These exchanges should be regulated in a way both parties should be responsible for the “unofficial” use of these critical data to protect the rights of every citizen of both countries (Thomas, 2005, 12-13). Similarly, various ethical concerns involving biometric identification methods were expressed by the majority of users. They believe the some methods like retina scan is quite agitating and some are usually related with criminal activities like fingerprinting. Other ethical concerns involve the very people acquiring biometric information because this is normally being done by the military and the police. People feel loss of dignity when the military or police are handling the biometric information gathering and they are likewise humiliated when unexpectedly discarded by a public electronic sensor. On the other hand, questions such as how these data will be handled and who will access this information are also ethical threats that need to be addressed (Technovelgy-Article 15, n.d., p.3.). These issues are mostly invasive in nature and research is being done on non-invasive multi-modal biometric authentication using voice or face recognition such as Text-independent speaker verification and face localization (IDIAP, 2004, p.1). After all, according to Kang and Weimin (2002), government will ultimately respond to the growing number of consumer concerns about privacy and ethics and enact a strict privacy law that would put the accountability to the company acquiring this personal information (p.1). However, there is really not enough reason for people to ignore the importance of biometrics because it is the simplest and more reliable network security and authentication method (O’Shea and Lee, 1999, p.2). In the future, biometrics maybe included in large scale integrated public safety and in commercial enterprises (Maxine, 2002, p.10). a. References Grijpink John, 2003, “Two Barriers to Realizing the Benefits of Biometrics”, Strategy Development Department, Ministry of Justice, Netherlands IDIAP, 2005, “Biometric Authentication Introduction, IDIAP Research Institute, Dale Molle Foundation, Switzerland Kang and Weimin, 2002, “Opportunities and Benefits: Vision of the Biometrics Working Group”, Security and Privacy Standards Technical Committee, Kent Ridge Digital Lab, Singapore Marcel and Bengio, 2003, “Improving Face Verification Using Skin Color Information”, Dalle Mole Institute for Perceptual Artificial Intelligence, Switzerland Maxine C., 2002, “What Biometrics Can Do For You”, BiometriTech, Acuity Market Intelligence, New York City, Available online thru www.acuity-mi.com O’Shea and Lee, 1999, “Biometric Authentication Management”, Network Computing for IT, CMP Media LLC, [online], Date of Access: 04/30/07, http://www.networkcomputing.com/1026/1026f2.html Technolvelgy-Article 16, n.d., “Biometric Authentication: What Method Work Best?”, Technovelgy LLC, [online], Date of Access: 04/30/07, http://www.technovelgy.com/ct/Technology-Article.asp?ArtNum=16 Technolvelgy-Article 15, n.d., “Biometric Security and Business Ethics”, Technovelgy LLC, [online], Date of Access: 04/30/07, http://www.technovelgy.com/ct/Technology-Article.asp?ArtNum=15 Thomas Rebekah, 2005, “Biometrics, International Migrant and Human Rights”, Global Migration Perspectives No. 17 2005, Global Commission on International Migration, Geneva, Switzerland b. Appendix 1Biometric “enrolment” is the process of collecting individual data and fingerprint. 2”bum rap” is a term use by O’Shea and Lee (1999) to indicate dissatisfaction to the biometric system by the majority of the community. 2. Analysis 2 Internet Security Analysis: SPAM Prevention and Technique Not so long ago, SPAM was considered a minor nuisance but as the Internet became very common, the size and consequence of these unwanted mails can no longer be considered simple nuisance but a large scale network epidemic. Although there are lot definitions of SPAM, it is in general an unwanted or unsolicited email mostly commercial in nature. They are “emails that you received but never asked for” (Elliot, 2003, p.4). The volume of SPAM in 2002 was just 10% of inbound traffic but after a year it has reached an average of 60% (Judge, 2003, p.1). In a research, SPAM was found to be representing over 100 billion pieces of email yearly with 253 million users worldwide in 2003. At the current rate, the growth of SPAM is estimated to reach 2.1 Trillion pieces of email yearly in 2010 for 750 million users worldwide (Elliot, 2003, p.6) and doubling every “five months” (Wijayatunga, 2006, p.5). SPAM is causing businesses over $10 billion annually and degrading resources through abuse of medium of communication (Elliot, 2003, p.4). SPAM has to be prevented and stopped and there are available technical solutions to fight spam. a. Fighting SPAM with your ISP The local Internet Service Provider can help fight SPAM by restricting mass mailing capabilities of their clients. When spammers could not use their accounts or connections to send SPAM then the level of unsolicited mails will drop dramatically. ISP can also block inbound SPAM by monitoring their origin and method of sending and respond to suspected SPAM attacks. They can employ various filtering tools, SPAM heuristics, tarpits, and allowing their client to set their own detailed rules at the server level. Typically, mail servers contains list of IP addresses, “Blacklist” and “Whitelist”. Blacklisted IP addresses are not allowed to send mail through the mail server or incoming IP’s listed with bad reputation or unresolved complaints about spamming. Whitelist are IP addresses that has been approved and given free access to and from the mail server. IP’s listed in this list are usually not tested and do not have to pass anti-spam filters in mail servers. There is different software available to filter SPAM such SpamActive®, Hotmail, Brightmail, Earthlink, EACH, etc. promising effective SPAM blocking capabilities. Other method of preventing SPAM is to require user authentication, tarpitting and IP exclusions, insistent follow up on all SPAM dispute, and strict SPAM policy (Elliot,2003,p.10-11). b. Website Level Protection Actions can be taken from the website itself to prevent crawlers1 from harvesting email addresses. To prevent this from happening, website owners or organizations should employ some practical solutions such as concealing contact information. Never expose your email address or use it as a link. Use form based contact forms for you client where they can send their inquiries without exposing their email address and yours. The information submitted by your client is processed through a script2 that nobody can see and automatically sends the data direct to your email address. More importantly, do not use auto responders otherwise the whole thing is worthless because responding to an unverified inquiry will only give spammers a chance to see your suppose “hidden” email address. If there is really a need to expose your email address for your clients easy access or for some other legitimate business reason, present your email address as an image but don’t put a link on it. Crawlers cannot read images and therefore cannot see your address (Elliot, 2003, p.16). c. Individual Prevention and Technique For individual users, there are many ways to prevent SPAM. One technique is to guard your primary email address (Wijayatunga, 2006, p.10) and use a disposal email address whenever you want to sign-up and try some good offers on the net. Next is to be careful as regards to who and when to give out your real email address. Always read the privacy statement of the site you are about to join. Spend sometime with your inbox to set rules3 and save time deleting SPAM whenever checking your mails. Latest mail servers normally contain content based and Bayesian Spam Filters which users can set to suit their needs (Faltemier and Jain, 2004, p.5). Filters try to recognize spam by checking irregularities in the header and characteristics of the text (Arrison, 2004, p.14). Constantly protect your email accounts and employ some of the best available antivirus software like Norton and McAfee’s Security Pack, Free AVG Antivirus, and Zone Alarm firewall. Furthermore, never directly open attachments from your friends especially from people or company you don’t know. Make it a habit to scan them first for viruses. d. SPAM Detection in Development In a research conducted by Wu et. al. (2005), traditional SPAM filtering uses text classification or categorization to solve the problem and they achieve considerable success. However, there are a few limitations to the text based filtering method since spammers are using numerous technique or tricks to confuse these filters such as word insertion etc.. In addition, the Internet grows progressively and more diverse information is coming in through email. The usual texts are now replaced by multimedia-enriched messages that usual SPAM filtering could no longer hold (p.1). Since the visual or multimedia information is becoming more widespread in emails, a need to improve SPAM filtering is unavoidable to achieve accuracy of detection. To enable detection of text in images, Wu et.al (2005) developed a “text-in-images” detector to scan text regions in images. Since SPAM emails mostly advertising banners and computer generated graphics, the detector extract the ratio of the quantity of images to the sum of all images and the ratio of graphic images to the overall. The technique simply isolates the number of actual images in the email to the number of external images link (p.2). Banner and Graphic extraction is another way to detect SPAM. Since banners contain geometric patterns, a simple rule-based detector is used to find the size and the aspect ratio of the image and then calculate it against the number of detected banner images. In computer generated graphics, since they don’t contain textures in fine resolution, the technique is to find homogenous color patterns and applying wavelet transformation to input images to extract their features in three orientation vertical, diagonal, and horizontal. If the extracted features fall way below a certain threshold then this image is likely computer generated (Wu et. al., 2005, p.2) In the future, as expected, spammers will find a way to dodge these image filters and new technologies will be born to fight SPAM. However, the technique and preventive measures presented in this paper is enough to hold them back for now. e. References Arrison Sonia, 2004, “Canning Spam: An Economic Solution to Unwanted Email”, Pacific Research Institute, San Francisco, California 94111, www.pacificresearch.org Judge Paul, 2003, “The State of the Spam Problem”, New Horizons, Educause Review September/October 2003 Elliot Rob, 2003, “Understanding and Preventing Spam”, EACH Inc., Asherboro-Randolph Chamber of Commerce, Internet Workgroup of the Business and Industry Committee, Asheboro, NC 27203 Faltemier and Jain, 2004, “Email Security and Spam Prevention”, Electrical and Computer Engineering, Texas A&M University, Texas, U.S.A, [online], Date of Access, 05/4/07, www.ece.tamu.edu/~reddy/ee689_04/pres_saurabh_tim.pdf Wijayatunga Champika, 2006, “Best Current Practice on Spam Prevention”, Asia Pacific Network Information Center (APNIC), Beijing China Wu et. al., 2005, “Using Visual Features for Ant-Spam Filtering, VIMA Technologies, Inc. and University of California, Santa Barbara, CA, USA f. Appendix 1Crawlers are robots use by search engines to index keywords on websites. Other crawlers simply slide to one site after another just to look for email address. 2Scripts are programming codes such as PHP and Java to create advance functions for web pages. 3Rules are set of criteria to filter or isolate emails and direct them to a specified folder. 3. Analysis 3 Network Security Analysis: Security Use and Implications of Honeypot As more businesses are conducted through computer networks, security has become the primary concern of every company to protect their valuable data from exploits and fraud. Although a lot of research have been devoted to enhance the security capabilities of our computer network today, it is still not enough to overcome the ever-increasing threats and sophisticated attacks. One way to counter these attacks is to learn the ways and means of our enemies by monitoring computer systems that we believe is vulnerable to attacks. The machines or systems that we use as a decoy are called Honeypot. This way we can monitor and log every move of suspected hackers and discover the hidden vulnerabilities of the system. This is a research type Honeypot according to Ranum (2002, p5). A low interacting Honeypot only simulate a particular part of a host like TCP/IP services etc. while a higher interacting Honeypot in a larger scope simulates all the function of the operating system. a. Physical and Virtual Honeypot Honeypot is designed to ward off hackers from reaching a more valuable machine in the network. A Honeypot is capable of providing early warning signal on newer type of exploitation and allow thorough investigation of the hacker’s behavior and keystrokes during and after the attack. A physical Honeypot is a real machine with own IP address while a virtual Honeypot simulates a live machine responding to network traffic. The physical Honeypot is high-interacting machine alleged by many as easily compromised and can be use to launch extended attacks or “jump-off point” (Ranum, 2002, p.11) to other part of the network when a hacker gains complete control over it (Bednarski and Branson, 2004, p.3-4). Capturing details of the attack on a Honeypot machine requires careful inconspicuous monitoring of activity. There are different capturing points host-based, network-based and router or gateway-based with each are said to have their own benefits and disadvantage. b. Types of Data Capture Host-based capture has the most advantage to log hacking activities but more hazardous because an intruder at least by instinct (to avoid detection) will try to find the operating systems logs and other intrusion detection tools to disable it. If this happens, the experiment will fail and logs of all modifications done are tainted. The Network-based capture logs the intruder’s activities and sends it to a secured remote machine in the network. Using a third party utility like Sebek1, the data capture activity on the Honeypot is hidden from the intruder. Sebek records the activity and sends them via UDP to gateway in the local network or to another place on the internet. The Router/Gateway-based capture is the most common technique used to collect data right in the gateway or firewall area of the network. This approach is hardware intensive for it requires a server to simulate a gateway machine and is more risky than the Sebek supported data capture since the gateway is normally visible in the network and may become the target of an attack. In addition, a typical gateway does not offer noteworthy logging capabilities and without strong data capture method the data integrity is greatly reduced (Bednarski and Branson, 2004, p.4-5). c. Importance of Data Analysis One of the main objectives of defensive information warfare is to fully comprehend your adversaries and gathering and analyzing these data is paramount to the success of these objectives. Honeypots are exceptionally good in monitoring and capturing intruder’s activity and these data should be converted to useful tools to deter malicious actions against computer networks. There many ways to analyzed inbound and outbound connections from a Honeypot machines such as Firewall logs, Intrusion Detection Sytems (Snorts etc.), Operating Systems Logs, and Forensics (Bednarski and Branson, 2004, p.6-7). Significant data needed for analysis according to the observation of Bednarski and Branson (2004) are the time and type of compromise. To many IT professionals, the timing and duration of the attack is very important since it will tell us how long it takes to compromise a network host. Ranum (2002) reveals that the shortest time a Honeypot was attacked and compromised is 17 seconds by a worm2 from the Internet (p.3). Experts can use this information to design tools to counter intrusion within the average time frame based on the analysis. The general types of compromise are worms, network topology scanners, and malevolent individuals trying to enter a domain. Honeypots are effective tools in determining vulnerabilities in these types of intrusion (p.12). d. Other Views and Possibilities However, according to Donkers (2002), there are different views of the situation and one of them suggests that Honeypot is not that effective or usable. In his assessment, a true hacker is not the one who point and click and unaware of the system he is hacking. The real hacker is someone seasoned enough to detect a fake and not easily fooled by a decoy like a Honeypot. What’s more interesting is that these genuine hackers are capable of using the Honeypot as a springboard to harm other parts of the network. In addition, using a Honeypot as an advanced Intrusion Detection System is quite peculiar because you cannot lure a real hacker to these simple traps. Furthermore, assuming a hacker really sinks his teeth into the bait and the network gets attacked, there is a great possibility that the Honeypot is also included in the mix and it’s maybe too late before you realized that the entire network is already under attack (p.1). Luring a hacker is one of the many pressing issues of the Honeypot since there is no dependable method of doing it. Some says let it run on a less obscure IRC channels but probably the best way to do it is to change the actual domain and IP address to a more active spot. This way Honeypot will appear as a different system whenever it is moved. Another is the legal implications of luring somebody to a Honeypot running in a corporate environment. It appears that there is no known or straightforward solution for this (p.1) Running a Honeypot sometimes puts too many limitations to outgoing traffic giving the hacker too much frustration and leave. There is a need for finer tuning particularly on bandwidth use, connection rate and content without loosing transparency. More importantly, as mentioned earlier in IDS, it is more logical to automate the data capture and analysis than analyzing it after the intrusion happens. In addition, to serve its purpose sensibly, it is much better to use a Honeypot to detect “new exploits” that are not yet known to Snorts and other Intrusion Detection Systems rather than just repeating the analysis of an already known types of attacks. Overall, if implemented properly, Honeypot is a useful and probably a very innovative research tool to gain knowledge of the behavior and technique of different network destructive adversaries. Lastly, the data gathered or captured from Honeypot are very valuable in creating preventive tools to counter upcoming sophisticated attacks. 8. References Ranun Marcus, 2002, “A Whirlwind Introduction to Honeypots”, Tenable Security Inc., [online], Date of Access: 5/4/07, www.certconf.org presentations/2002/ Tracks2002Expert_files/HE-1&2.pdf Bednarski and Branson, 2004, “Understanding Network Threats Through Honeypot Deployment”, Information Warfare, Carnegie Mellon University Donkers Arthur, 2002, “Building Yourself a Honeypot, Some Practical Issues”, Le Reseau Security Auditing and Consulting, Netherlands, The latest version of this paper is available via http://www.reseau.nl/ 9. Appendix 1Find information about Sebek at http://project.honeynet.org/tools/sebek/ 2 A worm is a self-replicating computer program capable of sending itself to various nodes in the network and unlike a virus; it harms the network by consuming bandwidth. A worm doesn’t need a host program to live and by itself can infect other computers without any user intervention. Read More