Are Biometric Web Services a Reality? - A Best Practice Analysis for Telebiometric Deployment in Open Networks

Dustin van der Haar, Basie von Solms

2013

Abstract

With the growth of biometric system complexity and the resources required for these systems, newer biometric systems are increasingly becoming more distributed to deal with accessibility and computation demand. These telebiometric systems introduce additional problems, which are outside of the scope of traditional biometric standards. Best practices have been published that address problems in these distributed systems, by outlining service-based approaches that provision typical biometric operations through the use of telecommunication standards, such as SOAP. In this paper, 2 families of best practices for telebiometric-based systems (the ITU-T X.1080 family of recommendations and the BIAS family of standards) are reviewed and assessed according to their current deployment potential within an online context. Recommendations are then presented and a verdict is given that shows current best practice provides adequate guidance for the building of large-scale telebiometric systems that utilise web-based biometric services.

References

  1. ANSI/INCITS (2002). Ansi/incits 358 - the bioapi specification. Technical report, American National Standard for Information Technology.
  2. ANSI/INCITS (2010). Information technology - biometric identity assurance services (bias). ANSI INCITS 442- 2010.
  3. Buhan, I. and Hartel, P. (2005). The state of the art in abuse of biometrics.
  4. ITU-T (2007). Itu-t recommendation x.1083 : Information technology - biometrics - bioapi internetworking protocol. Technical report, International Telecommunication Union.
  5. ITU-T (2008a). Itu-t recommendation x.1084 : Telebiometrics system mechanism part 1: General biometric authentication protocol and system model profiles for telecommunications systems. Technical report, International Telecommunication Union.
  6. ITU-T (2008b). Itu-t recommendation x.1086 : Telebiometrics protection procedures - part 1: A guideline to technical and managerial countermeasures for biometric data security. Technical report, International Telecommunication Union.
  7. ITU-T (2008c). Itu-t recommendation x.1089 : Telebiometrics authentication infrastructure (tai). Technical report, International Telecommunication Union.
  8. ITU-T (2011). Itu-t recommendation x.1081 : The telebiometric multimodal model - a framework for the specification of security and safety aspects of telebiometrics. Technical report, International Telecommunication Union.
  9. Jain, A. and Kumar, A. (2010). Biometrics of Next Generation: An Overview. Springer.
  10. Jsang, A., Ismail, R., and Boyd, C. (2007). A survey of trust and reputation systems for online service provision. Decision Support Systems, 43(2):618 - 644. Emerging Issues in Collaborative Commerce.
  11. Kelly, F., Drygajlo, A., and Harte, N. (2012).
  12. Speaker verification with long-term ageing data. In Biometrics (ICB), 2012 5th IAPR International Conference on, pages 478 -483.
  13. Micheals, R. J., Mangold, K. C., Aronoff, M. L., Kwong, K., and Marshall, K. (2012). Specification for wsbiometric devices (ws-bd). NIST SP - 500-288. http:// bws.nist.gov (Last Accessed 16/12/2012).
  14. NIST (2008). Usability & biometrics - ensuring successful biometric systems. Technical report, National Institute of Standards and Technology. http://zing.ncsl.nist.gov/biousa/ (Last Accessed 19/12/2012).
  15. NIST (2013). Nist 500-288: Biometric web services. National Insitute of Standards and Technology (NIST).
  16. OASIS (2012). Biometric identity assurance services (bias) soap profile version 1.0. OASIS Standard. http://docs.oasis-open.org/bias/ soap-profile/v1.0/os/biasprofile-v1.0-os.html (Last Accessed 18/12/2012).
  17. O'Gorman, L. (2003). Comparing passwords, tokens, and biometrics for user authentication. Proceedings of the IEEE, 91(12):2021 - 2040.
  18. Otero-Muras, E., González-Agulla, E., Alba-Castro, J., García-Mateo, C., and MÍ rquez-Flórez, O. (2007). An open framework for distributed biometric authentication in a web environment. Annales Des Télécommunications, 62:177-192.
  19. Sarkar, I., Alisherov, F., hoon Kim, T., and Bhattacharyya, D. (2010). Palm vein authentication system: A review. International Journal of Control and Automation, 3(1):27-34.
  20. Shen, C., Cai, Z., Guan, X., and Wang, J. (2012). On the effectiveness and applicability of mouse dynamics biometric for static authentication: A benchmark study. In Biometrics (ICB), 2012 5th IAPR International Conference on, pages 378 -383.
  21. Teoh, A., Goh, A., and Ngo, D. (2006). Random multispace quantization as an analytic mechanism for biohashing of biometric and random identity inputs. Pattern Analysis and Machine Intelligence, IEEE Transactions on, 28(12):1892 -1901.
  22. Woodward, J. and Corporation., R. (2003). Biometrics : A Look at Facial Recognition. RAND, Santa Monica, Calif.
  23. Woodward, J., Orlans, N., and Higgins, P. (2003). Biometrics. Rsa Press Series. McGraw-Hill/Osborne.
  24. Zhou, J. and Gollman, D. (1996). A fair non-repudiation protocol. In Security and Privacy, 1996. Proceedings., 1996 IEEE Symposium on, pages 55 -61.
Download


Paper Citation


in Harvard Style

van der Haar D. and von Solms B. (2013). Are Biometric Web Services a Reality? - A Best Practice Analysis for Telebiometric Deployment in Open Networks . In Proceedings of the 10th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2013) ISBN 978-989-8565-73-0, pages 494-499. DOI: 10.5220/0004521704940499


in Bibtex Style

@conference{secrypt13,
author={Dustin van der Haar and Basie von Solms},
title={Are Biometric Web Services a Reality? - A Best Practice Analysis for Telebiometric Deployment in Open Networks},
booktitle={Proceedings of the 10th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2013)},
year={2013},
pages={494-499},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004521704940499},
isbn={978-989-8565-73-0},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 10th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2013)
TI - Are Biometric Web Services a Reality? - A Best Practice Analysis for Telebiometric Deployment in Open Networks
SN - 978-989-8565-73-0
AU - van der Haar D.
AU - von Solms B.
PY - 2013
SP - 494
EP - 499
DO - 10.5220/0004521704940499