 So a key way to authenticate users is using passwords, but there are other ways. Passwords is what you know, there's also what you have. So if you have a token with you, that can be used to authenticate you. The idea is that the person who has that token is allowed to access the system. And there are different types of tokens. I think we will not talk about them so much. One that you use on a regular basis today is your mobile phone. You can think of that as a token in the case that you having it in your possession allows you to do certain things. Like when a bank, you try to do a bank transaction, the bank may send you an SMS or a message saying here's your one-time password. And you need to have your mobile phone to receive that message to get that one-time password. So that's a combination there of using passwords, but the presence of your phone is necessary for that to work. The other types of tokens, common other ones are swipe cards. Some card you swipe or holding in front of a scanner. And there are different types of cards like credit cards, ATMs. So your ATM card is a token. You need to have that to get access to your account via the ATM. Of course it comes also with PIN. So it uses password type authentication as well. There are different types of cards. Some of them are smarter than others. Some of them have an embedded processor in them so that they can do some operations. There are some cards which can be used to generate passwords. So they have a small screen on them or even a keypad on the card itself such that when you want to make a transaction with a bank then it can generate a one-time password that you use to log in and to do a particular transaction. We don't see them so often around. So there are different types of cards which are used as tokens. Another one which you may come across is the USB type tokens. So basically a USB disk and you carry it with you and you plug it into your computer and it has some software on there that the computer reads and that performs as authenticating you. If you have that USB token, the computer knows it's you. So that is a little bit more common and commonly used. Some of them implement some cryptographic techniques to do that. They use different encryption algorithms to support that authentication. But I don't want to spend too much time on tokens. One of the problems with tokens is if you must have it in your presence that if you lose it then you cannot be authenticated or if someone else gets a hold of that then they can become you. So therefore tokens are commonly used with another form of authentication as well. It's not just tokens but maybe token combined with password. And the other thing with tokens is that there needs to be usually some special hardware to read it. Whether it's a scanner to read your swipe card needs to be installed or if it's some special software to plug in your USB disk to be able to read it. So that requires some setup in advance. There are some more advanced cards which have keypads on them or displays so that they can generate values for you. Like generating random numbers where that generation is done such that it's aligned with a system that you're trying to access. And again the presence of that token allows you to learn that random number which is used really as a password to get access to the system. But tokens are a way for authenticating based on what you have. The other thing is what you do or what you are. So biometric authentication. And it works under the premise that some of your physical characteristics are unique than someone else has those physical characteristics. So if we can measure those physical characteristics as some registration phase or some enrollment phase and then when you try to access a system again those characteristics are measured and compared against the registered characteristics and if they match then you're authenticated. So what characteristics can be used? Facial characteristics, the shape, the position of your nose, your eyes and so on on your face. Fingerprints, an obvious one and we use that quite often. Here at SIT every day I scan my fingerprint when I come to work and I leave. When we access some of the rooms there's a fingerprint reader on there so that's an example that we see quite common. The shape of your hand can sometimes be used to distinguish between people. Your retina or the retinal pattern which is basically the think of the blood vessels in your eyeball can be used. Your iris, your iris is the coloured part of your eye. The signature, so the way that you sign your name we use that all the time and your voice. So the pattern of your voice can be used to try to identify a particular user. Where's my pictures? So for the iris and the retina I'll just bring up some pictures so you're clear on that. So your iris is the coloured part around your pupil and if you can see there's a lot of patterns in here and those patterns are unique to the individual. So the normal approach is a normal camera takes a photo or a video can analyse those patterns and then later when you want to access a system again the same process takes place and they compare against the patterns which are registered and those which you supply and see if there's a match. The retina, retinal scanning involves looking at the really the blood vessels on your eye. Again they form some patterns and they're unique amongst the individuals. This requires to scan the retinal scan requires a special light scan. You can't use a normal camera to scan here so it requires some special equipment to do a scan which is usually much more expensive than just a normal camera. The idea with these and also the others is that the first phase when you register same as you register your password you choose a password when you create an account we need to do some registration or sometimes called enrolment with biometric authentication so they take a photo say of your eye or you scan your fingerprint in the registration process they don't just store a copy of the photo of your eye or a copy of your fingerprint there are algorithms applied to try to extract the patterns out of that so it's important to recognize that when we use biometric authentication we don't just have a photo of the eye we actually there are algorithms that try to work out a template or some equations or some key features of the eye that make it unique to you and usually they are stored as some data points or some equations and then when you try to authenticate again another photo is taken of your eye and the software then tries to extract the key features of that second one when you authenticate and the features are compared and if the features are close enough match then you're authenticated if they're not close then you're not allowed in and importantly in most of the cases there's not an exact match because of the inaccuracies of collecting the data so when you register your eye then the system records that but then when you come to access the system it takes another photo the photo may have some inaccuracies in that it may be a different position as to where you're first registered slightly off the center of your eye there may be a different orientation, different lighting there may be some dirt in some cases so it won't be exactly the same photo and the features that it recognizes will not be exactly the same as those that are registered so the system must find a match which is close enough it's not an exact match and that leads to some problems same with fingerprint and all the other biometric systems that it's... when we try to check if this is the right person it's not an exact match it's saying alright enough parts of a match therefore we'll let them in but that can lead to inaccuracies in the authentication so the next few slides just show some of the trade-offs between the different physical characteristics and we'll discuss some of them and this issue that the match is not exact compared to passwords and tokens they usually require much more complex techniques to work they usually require some special hardware maybe a camera or a fingerprint reader so more expensive to set up so that's one of the trade-offs in some cases they can be quite accurate but in some cases their accuracy can be cause issues that is they cannot authenticate the person correctly and we define that so which one's better? which one's more accurate? well a rough comparison is shown here amongst those different physical characteristics of cost versus accuracy cost is how much a cost to use or to buy the equipment to do this accuracy is how good it authenticates or finds the correct person and we'll define it a little bit more later but it's showing in this plot that the worst accuracy the ones on the left voice, face, signature and hand meaning maybe that someone can masquerade as you, pretend to be you if they can use those they may copy your signature copy your face, well no but they may have a face or adjust their characteristics such that when the system compares theirs with what's stored in the database it may be a close enough match to someone else that the system accepts it the definition of that accuracy in a moment the best is the iris scanning so taking a photo of your iris but the most expensive is iris scanning retina is also expensive I think iris is coming down a bit but it's still, even though you knew it's a normal camera it still needs to be quite accurate and stable photo to do that so a rough comparison or trade off between cost and accuracy so which one's best, there's no one best solution it depends on how much you're willing to spend and how accurate you want and actually there's two main levels or two main measures of accuracy which we'll see in a moment the general approach for each of them there are three steps usually we use enrollment sometimes we call that registration same when you've set up your account you register your username and password when we set up our system we enroll the user and that involves we need some physical user interface if it's fingerprint scanning we need the fingerprint scanner and enrollment may involve scanning the fingerprint the user supplying their name or some ID pin in this case maybe a name and password depending on the system the sensor senses your physical characteristics and converts it into a set of features so it doesn't just take a photo of your fingerprint it doesn't take a photo of your eye it takes that photo or that image and then does some pattern matching or pattern recognition on that to try and extract some key features from that image and those features are stored on the system in the same way that one user registers their username and password the username and password are stored in a database here the features and the name of the user are stored in a database on the system this is the enrollment phase so the features say in a fingerprint maybe some unique points that identify that fingerprint so they do analysis and try and identify some unique points there or some unique changes in the curves of your fingerprints that identify you those features then once you're enrolled so you register, you supply your name and your features of your physical characteristics are stored in the database then there are two things that we can use biometric authentication for verification and identification slightly different and slightly different in terms of the difficulty in doing it first verification this is a user comes to the system they've already enrolled they supply say their fingerprint they also supply their name PIN or ID so they supply their identifier saying I am Steve and here is my fingerprint and what the system does it senses your fingerprint it extracts the key features from that sensed fingerprint and then since you supplied your name the system looks up in the database and finds the recorded values from the enrollment so when you enrolled your features were stored and your features they say we store them in a template so it's again not the exact photo of your eye or your fingerprint it's a set of key features which is called a template for you so since you supplied your name the template for you is extracted from the database and the features from your fingerprint are compared to the features in that template if they are close enough there's a true answer returned you're authenticated if they're not close enough you're not authenticated you're not allowed in so the feature matcher in this case just compares your template your features which were obtained from enrollment with those obtained when you scan your finger to try to access and if it's true then you're verified the system verifies this is Steve because the fingerprint supplied matches that which was enrolled the other process is identification and if you see people walk into SIT or leave it in the afternoon you'll see that they scan their fingerprint and that's performing identification we don't type in our name or ID we just scan the fingerprint what happens you scan your finger the sensor gets the data it identifies or extracts some features from that and now the features extracted have to be compared against all of the templates stored in the database that is for SIT all of the faculty and staff members have their features stored from the enrollment procedure in the database the end templates and the one that was sensed is compared against that and if you find one of them is a close match and we'll have some threshold where all of the others are not a close match then that one is the user which is identified if there are multiple which are a close match then we don't identify the user because it could be one of several or if none of them are a close match again we haven't identified the user so the result here is that the user is identified or not slight difference which ones easier to implement verification or identification from the the system implementation which ones easier to do verify user or identify user wrong not identify anyone else want to guess quick anyone verify good why well it's to do with the feature matcher it's easier to implement the feature matcher because with verification all we're doing really is fingerprint for example we get some features from that some key points on the fingerprint that the algorithm detects and we extract from the database the features from the user who entered their name and compare them if they're close close enough match true whereas with identification we supply a fingerprint we get some features and we have to compare that with all of the possible fingerprint features for every user so the comparison is harder that's all here we just compare with one here we have to compare with all in the system may take more time especially if there's a large number of users in the system like millions for example with respect to the matching we will not look at any of the algorithms for how they track features or how they do the matching but the idea is that the algorithm compares the features extracted for the against say one of the templates and determines a score gives a score as to how close it is to match what's the closeness between the supplied one and the enrolled one and if the score is above some threshold they are authenticated now that leads to some problems if the match is not exact then we may get errors and this picture tries to describe what can happen let's have a look on the horizontal axis is a matching score and the idea of this picture is that a normal user say a genuine user when you compare their supplied values against the registered values the matching score sometimes will be very high a high matching score means it's very very near almost exact so it can be as we go right further it means it's very high but we may have some average value on average we're very close and that's acceptable the average matching of a normal user but sometimes I may try to scan my fingerprint and the system compares against my registered one and maybe I didn't put my finger on the right orientation maybe there's dirt or moisture on my finger and therefore I'm the genuine user but the system comes up with a lower matching score it's not a close match so sometimes we may get a lower matching score and this bell curve here for the genuine user tries to illustrate that in most cases we'll have a close match but sometimes we'll have a low matching score and that's this left hand tail of the bell curve here and what we do in the system is we set up a threshold a decision threshold and we say if the matching score is above the threshold they pass if below they don't get in if we set the threshold high if we increase the threshold then if we have a low score maybe my finger is dirty or has moisture on it I may not be accepted into the system the systems may see I have a low score below the threshold then I am rejected I'm not authenticated and we can say that's a false non-match so it's a non-match the system said this one does not match you are not Steve but that was wrong I was okay so we call that a false non-match or a false negative is another name you'll hear it was the correct user but the system returned no it's not the correct user so we've made a mistake we're inaccurate it's false and it's a negative it's returned no correct user or non-match we don't want that case to happen we don't want the system to say when I scan my finger downstairs they know you are not Steve well it's possible because inaccuracies in the measurement in the sensing now from another perspective someone who's not me so I've registered someone who's not me maybe trying to pretend to be me they may have a profile of their fingerprint or their physical characteristics and in most cases their profile will give a low score it will not match mine compared to my fingerprint the score for someone else should be quite low but there may be chances that a game because of inaccuracies when I registered my fingerprint there may be chances that the system when someone else scans their fingerprint the system thinks it's me and that's so this second bell curve tries to illustrate there's a probability that the matching score that this imposter user gets may be high enough such that it exceeds the decision threshold what that means is if if the imposter is lucky or if the system is set up so the threshold is quite low then the imposter scans their finger the system says they have a high score it's above the threshold so this imposter is accepted in as me this is called a false match it has matched me when it's not me so false again it's an error and it's a match that the system has returned successful when it should not have also called a false positive the system returns positive but it was a mistake so we talk about false negatives and false positives or false non-matches and false matches both of them we don't want both of them are errors or what we say inaccuracies of the system but generally it's a tradeoff between the two if we want to reduce the number of false non-matches the times when it rejects me the normal user we set the threshold to be high sorry hang on if we we set the threshold to be low if we want the system not to reject me then I set the threshold to be low we move the threshold to the left but the problem what happens then is that the system may accept someone else's me so if I want to reduce the false non-matches I may increase the false matches or the other way I don't want anyone else to be able to access as me the imposter to be get access so I set the threshold to be very high meaning if the match is not very very close they will not get in but that may mean more times I'm rejected so it's a tradeoff between those two the false positives and false negatives and most or all the biometric systems have to deal with this tradeoff some have better tradeoffs than others this tries to illustrate that the tradeoff between the false match rate and the false non-match rate in a general system let's say just for system B we have some system and it's really showing that you either get a low false non-match rate say at this point on the curve a low false non-match but you get a high false match rate or you can have a low false match rate but a high false non-match rate or somewhere in the middle that's the idea here which one do you want? it depends upon what your application is let's say we want a very high security system we don't want imposters to get in so we don't want anyone who's not the real user to get access so we'd like to be in this operating area that is we want a very low false match rate false match rate, false positives we don't want to allow imposters to get access so we want a false match rate to be very low but that may mean we get a high false non-match rate imposters don't get in but normal users are rejected quite often that's what may happen with high security applications and that may be reasonable okay so let's say we wanted high security on one of the rooms here we have fingerprint we could set the threshold such that it's very hard for the imposter to get in but it means quite often it rejects me the normal user another application there are forensic applications where say law enforcement need to prove that it was a particular person so here we want the opposite we want a very low false non-match rate very low false negative and we may accept a very high false match rate that is it should never reject the correct person so there's trade-offs depending on your application which operating point you want to work at the last slide I think for this shows some of those values puts values to some different applications or different physical characteristics again on the horizontal axis we have false match rate the false positives this is the system saying yes you're allowed in but in fact you're an imposter so the imposter is allowed in percentage of false match rates shown here from quite low point 0.01% up to 1% a logarithmic scale and on the vertical axis false non-match false negatives this is the percentage of time that someone has rejected when they're a normal user and it gives some data points there let's see some for example with fingerprint recognition the blue circles or the white circles in fact this line here this is showing the typical characteristics with fingerprint applications it's saying if you want a false match rate which is low very low that is never allow the imposter to get in then you've got to accept a false non-match rate in the order of close to 10% so if you want the false match rate to be low very very few imposters get in that may mean that may be up to 10% of the normal users are rejected or 10% of the times the normal users are rejected that's what the picture shows if you want a lower false match rate you have to accept a higher false a lower false non-match rate you have to accept a higher false match rate with voice recognition the black squares if you want a low false match rate you've got a very high in the order of 50 to 80% false non-match rate what that means if you want to never let the imposter in then you can set it up but maybe 50% of the times the normal user will be rejected and the last one maybe the best case the best case is the furthest to the bottom left where they're both low the worst case is the furthest to the top right where they're both high which one's furthest to the bottom left well here there's diamond the blue diamond is the iris scanning this is saying if you're using iris scanning you can get a very low false match rate that is someone says they are Steve they come up to the iris scanner it scans their eye and 0.0001% of the time it'll accept them most of the time it will identify you are not Steve so identify imposters quite well but several percent of the time it will reject me when it scans my eye and I say I'm Steve maybe a few one, two, three percent of the time it will say no you are not Steve but that's considered the best in terms of accuracy but still very expensive to do compared to the others and that is all we want to cover on these other authentication techniques in summary the user presents their ID and some authentication information and the system verifies that they authorize to access the system and that authentication information we've spent some time on it could be passwords what you know maybe today we mentioned it could be tokens something you have or it could be something about you your biometrics with respect to passwords you are going to have to implement websites applications you need to store user information and you'll always remember generate a random salt you store that and you store a hash of the password combined with the salt which hash algorithm to use is a question we didn't really talk about MD5 is not considered secure anymore SHA SHA256 SHA512 are considered secure but for storing passwords the hash algorithm we would like an algorithm which is what fast or slow we want a fast or slow hash algorithm hands up for fast for security to stop the attacker we want a slow hash algorithm to stop the attacker at least remember what the attacker does is they calculate hashes on many possible passwords the slower the algorithm the longer it will take them so from that perspective we'd say we'd like a slow algorithm what's the problem with a slow hash algorithm well when a normal user goes to log in your system needs to calculate the hash if it takes 10 seconds to calculate the hash of one password that's good from the perspective of stopping an attack but when I try to log in I supply my password the system takes 10 seconds to respond you're logged in so we need a trade off there it needs to be slow so it's hard for the attacker to try many passwords but fast enough such that the system responds to the normal user there are some algorithms hash algorithms designed to be configurable in terms of the speed so there are different algorithms recommended for storing for using hashing of passwords I think some are called sCrypt and bCrypt and there may be a couple of others as well with respect to choosing passwords an important thing for a large system is to make users aware of how to choose good passwords and the benefits of choosing good passwords it's not so good in practice to force them to use particular types of passwords because they will either forget them and not access your system or write them down and release them through other plans tokens and biometrics can increase the security but they often come at an extra cost and more inconvenience for users so passwords are still widely spread getting users to choose passwords in a good way is still hard and leads to security issues and still many people have accounts that they can get into where someone guesses their password and can do something with it multi factor authentication comes into play a lot where we don't just depend upon one authentication technique we combine it with another build up the security there are many other things with user authentication which we don't cover some of them are listed there