You are here: Resources > FIDIS Deliverables > HighTechID > D3.2: A study on PKI and biometrics > 

D3.2: A study on PKI and biometrics

Introduction  Title:
 Document Scope and Content


The Importance of the Authentication Process

The process of authentication consists of establishing a link between a physical person and a corresponding digital identity. In the physical world, this link is often established through the use of an official document, such as a passport, established by a government entity. With a passport, the link between the physical person and the digital data entered in the passport (for example name, date of birth or nationality) is established with the help of a photograph and occasionally a signature or as is the cases in Portugal, a fingerprint. 


Figure 2‑: Authentication is a process used to link a physical person with a chosen identity


With the advent of computer systems and the need for heightened measures to fight criminal activity, new methods for authentication have been required to provide means to authenticate a person remotely (to log in remotely to a computer for example), and make it more difficult to forge an identity. However, the worthiness of the authentication document is directly related to the trust in the body that created the document, and the process used to establish a match with the physical person.

Authentication is today performed using a combination of methods, but has largely remained unchanged despite the availability of technology to strengthen the process. Recent developments, such as the terrorist attacks in September 2001, Internet-based financial scams and identity fraud have shed new light on the weaknesses in the systems currently in place and generated an overall push for increased levels of authentication security. 


PKI as a Logical Basis for a Secure Authentication Infrastructure

Authentication has two facets. On one side authentication mechanisms serve to establish secure and authentic communication links between hardware components of a network. On the other side authentication should also guarantee that only authorised persons get access to certain resources.  

For the machine authentication tasks, cryptographic secured protocols for all kinds of communication channels and network architectures have been developed. A public key infrastructure (PKI) provides the necessary mechanism and instances of trust for establishing a secure, efficient and auditable management of keys for the establishment of the cryptographic secured communication links. If applied and implemented in a proper way, a PKI and the related mechanisms provide strong protection against intruders. 



Figure 2‑: The process of authenticating an individual is typically the weakest part of the system


The Weak Link in the Authentication & Verification Chain

Much less obvious is the secure authentication of persons. Persons will not accept complicated protocols and cannot perform in a cryptographic dialog. Until recently, the problem has been circumvented by asking for the knowledge of a secret password or PIN-code from a person on the request to become an authorised user. However, it is a well-known fact that people neither choose strong passwords nor treat passwords as highly valuable secrets. The average user will always optimise ergonomic convenience regardless of security considerations. The result is an unbalanced security situation with a clear weak spot at the point where a physical person is linked to her digital identity. Social engineering attacks make this weakness obvious, with phishing being the best known but not by far the only such threat. Any form of masquerading or man-in-the-middle attacks may break the fragile chain of trust between a physical person and their identity credentials.

Solutions exist today to provide authentication of persons at much higher security levels. However, the hard problem in all security, and especially in all authentication schemes, is the integration of the human user in the security chain. Organisations need highly secure and user friendly authentication with no compromise on privacy, mobility or cost efficiency. The use of PKI to secure digital identity credentials and strong links of these credentials, based on biometrics and other authentication methods, to the physical person can potentially provide a solution to the problem. 



Introduction  fidis-wp3-del3.2.study_on_PKI_and_biometrics_03.sxw  Document Scope and Content
Denis Royer 4 / 40