Chapter 4 - 02 - Discuss Identity and Access Management (IAM) - 05_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Exam 212-82 Identification, Authentication, and Authorization Types of _ Authentication: /O Biometrics refers to the Biometric based on their physical characteristics Authentication Biometric Fingerprint Scanning Identification O= Compares two fingerprints for verification and identification on the basis of the patterns on the finger m 1 —_— Retinal Scanning /—A\\ /\ \.\ Iris Scanning o \\—/\ S/ Analyzes the colored part of the eye suspended behind the cornea A echniques Analyzes the layer of blood vessels at the back of their eyes to identify aperson Vein Structure Recognition v Analyzes thickness and location of veins to identify a person 4 D ——— Types of Authentication: Biometric Authentication (Cont’d) @ Face Gait analysis Recognition Uses faci to identify or verify a person A Module 04 Page 482 4 Uses voice patterns to identify or Uses exhibited by moving limbs while walking or running are different among different individuals Copyright © by EE-Councl Al Rights Reserved. Reproductionis Srctly Prohbited. | Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Identification, Authentication, and Authorization —_— Types of Authentication: Biometric Authentication (Cont’d) ____Performance Metricsof BiometricSystems | Depends on technical components, devices used to capture samples, algorithms used to compare with references, and the environment in which the biometric sensor operates | False Acceptance Rate (FAR) Percentage of identification occurrences in which an unauthorized user gains access to the oot § FalseRejectionRate (FRR) ' The value of the false rejection rate and false acceptance rate when sensitivity is configured such that FRR and FAR are equal Receiver Operating Characteristic Visual characterization plot of the trade-off between FAR and FRR Failure To Capture (FTC) ‘ Percentage of identification occurrences in which an authorized user is denied access to the Croescuee Rrvox Mot {EER) % Matching Speed | Time taken to authenticate an individual Ratio of the number of times the system does not capture the samples presented to it to the total number of samples presented Fallure to Enroll (FTE) Ratio of the number of users that are not enrolled in the system to the total number of users presented to the system Throughput Total time taken to enroll the biometric of a user and authenticate the user | Copyright © by EC- AL All Rights Reserved. Reproductions Strictly Prohibited. Types of Authentication: Biometric Authentication Biometrics is a technology which identifies human characteristics for authenticating people. The most commonly used biometrics are fingerprint scanner, retina scanner, facial recognition, DNA, and voice recognition. Biometric authentication involves the following steps: The reader scans the biometric data A software converts the scanned information into a digital form and compares it against the biometric data stored in the database If both data match, then it confirms the authenticity of the user and allows permission. The different types of identification techniques used in biometrics are as follows: Fingerprint scanning: Compares two fingerprints for verification and identification on the basis of the patterns on the finger. The patterns depend on the ridges and minutia points that differentiate each user’s fingerprints. Retinal scanning: Compares and identifies a user on the basis of the distinctive patterns of the retina blood vessels. Iris scanning: Compares and identifies the images of the iris of one or both eyes of a user. The iris pattern differs from one person to another. Vein structure recognition: Compares and identifies the patterns produced by a user’s veins. Each person has a different pattern depending on the flow of blood. Face recognition: Compares and identifies a person on the basis of the facial features from an image or a video source. Module 04 Page 483 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Identification, Authentication, and Authorization = Voice recognition: Compares and identifies a person on the basis of the voice patterns or speech patterns. = @Gait analysis: The patterns of locomotion exhibited by moving limbs while walking or running are different among different individuals. In authentication based on gait analysis, these movements are captured using various methods and compared to the authentic pattern stored in the database. If the pattern matches, the user is authenticated. Advantages of biometrics: = |t is difficult to tamper biometric details such as a password or a username. They cannot be shared or stolen using social engineering techniques. Biometric authentication requires the presence of the user which reduces the chances unauthorized access. Disadvantages of biometrics: = |tis difficult to change the biometric factors if this information has been compromised. = Retinal scan and vein structure scanning can create privacy issues. Both retinal scan and vein structure scan information may inadvertently disclose a medical condition. Performance Metrics of Biometric Systems The performance of biometric security systems, applications, or solutions can be assessed using different error rates or performance metrics. Some of the performance metrics are discussed below. = Efficacy rates: The efficacy rates of biometrics depend on technical components such as the devices used to capture samples, algorithms used to compare with the references, application design, and environment in which the biometric sensor operates. = False acceptance False rejection * rates (FAR): FAR in authentication refers to the percentage of percentage of identification occurrences in which an unauthorized user gains access to the resources. A low FAR value indicates better performance of a system. rate (FRR): FRR in authentication refers to the identification occurrences in which an authorized user is denied access to the resources. A lower FRR value indicates better performance of a system. = Crossover error rate (CER): CER is the value of false reject rate and false accept rate when sensitivity is configured such that FRR and FAR are equal. It is also known as the equal error rate and represents the overall accuracy of a biometric system. = Receiver operating characteristic: It is a visual characterization between FAR and FRR. = Matching speed: The matching speed is defined as the time taken to authenticate an plot of the trade-off individual. * Genuine accept rate (GAR): GAR is defined as the ratio of the authentic samples to the total number of positive samples. Module 04 Page 484 number of proper Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Identification, Authentication, and Authorization = Genuine reject rate (GRR): GRR is defined as the ratio of the number of input samples that are correctly categorized as unauthorized to the total number of unauthorized input samples. = Failure to capture (FTC): FTC is the ratio of the number of times the system does not capture the samples presented to it to the total number of samples presented. = Failure to enroll (FTE): FTE is the ratio of the number of users that are not enrolled in *= the system to the overall number of users presented to the system. Throughput: It is the authenticate the user. Module 04 Page 485 overall time taken to enroll the biometric of a user and Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.