Herald âIn Australia alone the proceeds of identity theft, still one of the largest sources of fraud, are ... Many secure areas use a card or a secret code for access.
Development of Digital Environment IdentiTY (DEITY) System for Online Access Johnson I Agbinya, Rumana Islam and Chandra Kwok Faculty of Engineering, University of Technology, Sydney, Australia French South African Technical Institute in Electronics (F’SATIE), Tshwane University of Technology, Pretoria, South Africa
Abstract This paper is a study of digital identity management system with specific emphasis on its implementation using a set of credentials. In our study we propose a credentials attributes mapping technique, the so-called common attributes mapping (CaMa) which facilitates the extraction of useful features to be represented in composing an identity. The study also groups credentials of similar types and information from them are fused and used as the set of discriminators which facilitate online identity of users. Using artificial neural networks, face recognition and fingerprint recognition, a digital environment identity (DEITY) is developed in .NET and tested. The system is effective in providing both the identities of the person and the equipment being used for online access.
Introduction Due to the unrestrictive nature of the Internet, without proper identification and authentication, users are becoming more vulnerable to identity fraud and theft. Identity crimes cause users to be increasingly more hesitant in providing their personal information online. More users are using the Internet for everyday tasks. The number of accounts and passwords a user has to remember, the different methods of authentication and the amount of information the user has to provide on the internet has resulted in the internet itself to become more complex and hence dangerous [2]. Online identity theft, fraud, and privacy concerns have become a huge issue now. Identity theft is big business. In 2003, Barker wrote in the Sydney Morning Herald “In Australia alone the proceeds of identity theft, still one of the largest sources of fraud, are estimated to be nearly $6 billion a year” [14]. This figure has risen since then. The root of these problems is that the Internet was initially designed without much knowledge of digital identity. Identity theft and fraud has is the major security concern facing most organizations today as they relate to problems like terrorism, financial crime and weapons smuggling [9]. Identity crimes have become a major concern and can be directly related to problems such as terrorism, financial crime, drug trafficking and weapons smuggling, emerging security concerns in the areas of immigration, border crossings and airline passengers [1]. For users and businesses alike, the Internet continues to be used by people for everyday tasks, from shopping, banking, and paying bills to consuming media and entertainment. E-commerce is growing, with businesses delivering more services and content across the Internet [2]. Most online services mentioned simply require a pin and password. Many secure areas use a card or a secret code for access. This has lead to identity theft and fraud because these attributes are easy for hackers to guess and forge and get hold of, in case of a card. Identity theft is one of the fastest growing crimes in the world. Each year more than 10 million people fall victim to identity theft, and many do not discover the crime until it is too late [3]. Digital identity is the method by which you identify yourself to a Web site, Web service, network or another user online [4]. This definition is however restrictive as it ignores how access devices identify themselves to networks. Hence, digital identity is the method by which people and devices identify themselves to a web site, network, web service or another online user. A Digital identity Management System (DIMS) using multi-modal authentication would play a very big role in reducing cases of identity theft and fraud on online services. The system will incorporate the use of physical metrics (eg. full name, passport number and race) pseudo metrics (password), device metrics (eg. IP and MAC address) and biometrics (eg. fingerprint and face recognition) when authenticating a user. These credential attributes are then combined using an artificial intelligent technology to derive the overall combined weight of all the submitted credentials. With this combination of credentials, the aim is to make
it potentially difficult for hackers to guess or forge the combined set of the submitted credential attributes thus reducing cases of identity fraud and theft seen on most online services today. It is difficult to formally define identity. In practical terms, the essential and unique characteristics of an entity are what identify it. In other words, according to Abelson and Lessig [5] identity is a unique collection of characteristics associated with an entity which are either inherent or are assigned by another. These characteristics might include the physical traits of the person, his preferences or other people's perceptions of the individual's personality. These traits of an individual that reflect someone else's perceptions are not fixed. No two identities of a person are the same. Two people may share some of the same characteristics, but that does not mean that they have the same identity. Identity also evolves over time, with more characteristics becoming evident every day. Other characteristics may change their state. Thus, in practice there is a degree of vagueness to the definition of an entity's identity and to how it is perceived by others [5]. Figure 1 gives a visual representation of how a person’s identity varies depending on the situation. A person using a government service has to be fully authenticated with name, address, phone etc whereas a person when shopping does not need to provide all details. These changes of identity depending on the situation are represented by partial identities [6].
Figure 1: Identity and Partial Identity [7] A digital identity therefore consists of two parts, whom the person or entity is and the attributes associated or owned by the entity (credentials and their attributes). These credentials define a digital identity and are varied, of widely differing values and have many different uses. In general digital identities can be considered and defined in terms of identity space, which can be categorised as Real-space and Cyber-space. In real-space, a person’s identity is constantly challenged and is requested to provide some form of credentials that support the identity claim. Examples of real-space identities are the conventional paperbased, physical identity credentials such as birth certificates, passports and driving licenses. In cyber-space, when a person is interacting with another machine or person, the digital identity is usually a combination of many attributes that help to identify the other person’s association. Cyber space identities include the attributes such as usernames, passwords and IP addresses.
Identification with a social group has become a basic human behaviour, and it is often signified by a token or artefact authorized by a group authority [8]. A uniform can be an identity credential which links a person to a particular group [8]. In recent years, identity credentials are produced by computers and stored electronically in databases. During the process of establishing a person’s identity, often more than one credential is required to achieve a higher level of trust. Hence nowadays portable electronic devices have emerged that can store one-to-many credentials in electronic form. These range from devices as small as a credit card to mobile-phone-sized devices or even semi-mobile laptop and desktop computers.
Identity Space Birth Certificate Driving License Passport Citizenship Certificate
Real Space Identity
Username Password IP address MAC Address
Cyber Space Identity
Figure 2: Identity Space Online, the analysis of digital identities is based on TCP/IP (Transmission Control Protocol/Internet Protocol). This analysis can be determined by how one Internet User can identify who is on the other side of the network session. There are two ways to identifying the individual on the other side of the network session: explicit or implicit identification [1]. Explicit identification relates to processes, in which the person is aware or even participates in the identification process by being prompted to submit a username and password, this is so the server can authenticate the users identity (this is a shared secret) [9]. The server will then check its database to see if the username and password that the user entered was correct, if the password is correct then the user is authenticated if the right identity is supplied. Once the identity is authenticated, there should be a mechanism to reliably track the session activity to maintain access control based on the user’s privileges. When considering the World Wide Web as an example the hyper text is stateless it will not be possible for the HTTP protocol to track the subsequent interaction following the authentication session [9]. Possible solutions a website might utilize for this problem are cookies, URL-rewriting, or HTML hidden form fields. In any one of these situations, following a logon session the URL, HTML hidden form field or the embedded token in the cookie will be used as a digital identity for that user during the session. Once the session is terminated by the user, association with the token is destroyed. Implicit identification is when the user is not aware that their information is being used to authenticate them by obtaining identity information via log files, IP number of the person and visual appearance [6]. To analyse this implicit way of composing digital identities in the Internet, a bottom to top approach of the layered internet protocol architecture is considered [9]. The Digital Identity Management System implemented in this paper uses implicit identification.
Developing A Digital Environment Identity System Developing a highly reliable and secure digital identity system requires the combination of many credentials and attributes. Unfortunately credentials can vary depending on the circumstances, location, reason of use and many more factors. Using a mean opinion score approach, a set of properties have been selected which applies to most situations. The following properties have been used to analyse and model the effectiveness of the digital identity management credential used for the implementation. Five properties are defined for the broad spectrum of credentials as in Table 1.
Property Consistency Persistent Trust
Uniqueness Verifiability
Definition Consistency means that the way the credential is interpreted will be the same by everyone else. Persistence means that the information obtained from the credential is sufficiently invariant, that is, remains contain at all times. Trust is the ability of a particular identity to withstand a challenge as to its validity. Uniqueness in regards to digital identity means the credential is unique to a particular person and is not used by anyone else. Verifiability` means that when an individual presents a credential, it should be easy to
verify the individual’s association to the credential. Table 1: Desirable Properties of Digital Identity Despite the fact that the strength of a digital identity system is increased by using biometrics, the application of biometric is not yet popular in many online digital identity systems. Five properties are also used to assess the viability and usefulness of biometric credentials for identity as shown in Table 2. Property
Distinctiveness
Definition Circumvention refers to the ease at which the trait of an individual can be imitated using artefacts. Distinctiveness means the characteristic is sufficiently different across individuals.
Performance
Performance refers to the achievable accuracy and speed.
Permanence
Permanence means the attribute is sufficiently time invariant
Universality
Universality in regards to biometric digital identity means every individual should possess the same trait. Table 2: Desirable Properties of Biometric Credentials
Circumvention
DEITY Credentials Credentials are often presented as evidence of identity. Credentials consist of one or more attributes. Attributes are the constituent components of credentials. DEITY uses credentials of four different types and the credentials attributes mapping (CaMa) technique introduced in [1 and 9] by the author to segment the space of credentials into four different groups which are pseudo metrics, physical metrics, biometric and device metrics. Physical metrics refers to something you acquire from birth as a user. It generally refers to the personal attributes of a user. Physical metrics include name, address, eye/hair colour, height, date of birth etc. Other examples are passport, a driver license or a credit card which the user carries in order to access online services. Most users are familiar with these attributes hence it is easier for the user to understand during authentication however this can also be a disadvantage as it is difficult to prove online whether the person is whom he or she claims to be. Hence other metrics are usually combined with physical metrics to obtain more robust user digital identity [1, 9, 10]. Pseudo metrics is the most common form of credentials used to authenticate a user online. It refers to something the user knows which is a secret code shared between the service provider and the user. Pseudo metrics are used on almost all operating systems and many applications. Examples of pseudo metrics include password and personal identity number (pin). Most users use memorized passwords to authenticate themselves as they are simpler to implement and remember. However the fact that users tend to choose easy to remember passwords makes it simple for hackers to guess and enable them to guess, share or copy and use without the knowledge of the user. Biometrics refers to a users identity based on their biological, physiological and/ behavioural characteristics [11]. Examples of biometrics in use today include iris scan, face recognition, finger print, hand geometry, voice recognition, digital signature and retina recognition. The main advantage of the biometric identification system over the traditional physical metrics (something you posses) or pseudo metrics (something that you know) methods of identification is that a biometric element cannot be misplaced, forgotten or stolen because it is derived from “something you are”. However one of the major issues is that
biometric information can be duplicated and unlike pseudo metrics or physical metrics, once a user’s biometric information is duplicated, it cannot be replaced by different information. Biometrics when combined with other methods of identification provides very powerful tools for applications requiring positive identification. Biometric recognition is essentially a pattern matching and recognition process and offers identity management systems a natural solution to recognize individuals based on their inherent physical and/or behavioural characteristics such as fingerprints, face recognition, voice patterns and hand measurements. Behavioural biometrics is generally used for verification whereas physical biometrics can be used for either verification or identification. Biometric systems operate by acquiring biometric data from an individual, using signal processing techniques to extract a feature set from the acquired data, comparing this feature set against stored template set in the database and finally executing an action based on the result of the comparison. In practice, this approach means that the recognition rates could be less than a 100% and usually they are. Device metrics refers to the device used by a person to access a service. This is something on a device used by a user for online access. Examples of device metrics used for identification is based on the device type/mode. For mobile phones, the International Mobile Equipment Identifier (IMEI), International Mobile Subscriber Identity (IMSI), the SIM serial number and the Mobile Station ISDN Number (the number dialed) can be used. For computer terminals, the Media Access Control Address (MAC) and the Internet Protocol (IP) is important. For card based credential tokens, name of user, card identification number, expiration date of the card and the type of card it is can be used [14]. The main advantage of the device identification is to ensure and keep track of what devices are being used and from where. This prevents any unauthorized devices to be used to access the system. Depending on how the system is implemented device metrics can be used to block certain devices from accessing the service.
Physical Metrics
Biometrics
Pseudo Metrics
DEITY Credential s
Device Metrics
Something on device you use Figure 3: DEITY Credential Groups Using Common Attribute Mapping (CaMa) Device identities can also be used by businesses to define access control policies and control how their resources can be accessed. Authentications and authorization access rights may simply involve allowing or disallowing particular operations such as read, write, execute or include more complex policy constraints [10]. A device can be classified as known device and unknown device based on whether the user’s identity is known and mapped to the device or unknown if it is not mapped to the user. Access control on resources can be expressed by keeping track of either the user’s identity or device identity. This allows administrators to represent devices in the context of (known, unknown) users. In the context of network devices, the identity of mobile network nodes attached to subnets and mapped to be in use by a subscriber provides a level of confidence particularly if the use of the device in the first place requires security protection to start or plug it to the network. The Digital Identity Management System being implemented is a web-based system that will be accessed via an internet terminal using a network interface card. Hence in this case to identify a user accessing the system the two device identity attributes that have been chosen are the Media
Access Control (MAC) Address and Internet Protocol (IP) Address. Figure 3 shows how DEITY composes and segments credentials. The strength of a digital identity system increases with the number of credentials and more so with inclusion of new attributes which provide extra recognition and/or identification of a person more uniquely. Hence the use of physical metrics only provides the weakest identity mechanism. Combining it with pseudo metrics and/or device metrics increases the security level. Including biometric provides much stronger identity. DEITY has used attributes from the four metrics. Some of the credentials share common attributes. For example, the names and addresses of a person are often found in both physical and pseudo metric credentials. When that happens, mapping uses only one of the credentials for representing the shared attributes. How to select the attributes to create a secure and reliable digital identity system remains an area for research. In this paper we have proposed the use of mean opinion scores in deciding which attributes and credentials should be selected as a way of reducing the subjectivity in deciding the attributes to be used.
Table 3: MOS (Physical and Pseudo Metrics)
Mean Opinion Scores To select optimum credentials and attributes that also provide the best public acceptance, an online and offline questionnaire was prepared to analyse the current identity documents in use today and to select the best set of credentials for the system. The responders were requested to grade identity documents and identity attributes out of five. A credential therefore received a grade of five if the respondent thought it was extremely important to the responder and a one if it was not important or useful. The responders were also requested to add any five credentials they used or encountered. A web based questionnaire was also prepared to encourage un-influenced response. The results obtained from the paper based and web based questionnaires were consolidated to obtain the final scores. The MOS for physical and pseudo metrics are given in Table 3.
Device Metrics 3.13
3.39
3.27
2.31
3.18
3.63 3.54
3.03 3.42
3.00 3.34
2.88 2.95
3.05 2.91
3.69 3.38 4.21 2.71 2.39 2.47
3.29 3.20 3.49 2.88 2.88 2.79
2.31 3.15 3.31 2.86 2.79 2.79
3.03 2.80 3.28 2.90 2.46 2.36
2.86 2.72 3.32 2.74 2.53 2.42
Internet Protocol (IP) Address Media Access Control (MAC) Address International Mobile Equipment Identifier (IMEI) SIM Serial Number (SSN) Mobile Station ISDN No (Dialled No.) Unique Card ID Number Name of User of Card Expiry Date of Card Type of Card
Table 4: MOS (Device Metrics) The MOS scores for the device metrics are given in Table 4. Table 5 provides a similar result for biometrics.
Table 5: MOS (Biometrics) From the MOS respondents ranked the physical metrics the passport number and email address highest score with the five desirable properties. In a related survey conducted by Jackson Phiri [10], the National ID scored the highest out of all the physical metrics credentials. However the National ID number does not exist in all countries hence it did not result in a high score in Australia. It was decided not to use the passport number as it is uncommon for everyone to have a passport number. Future versions of DEITY will
use this. The email address was used as the primary identifier as the chances of an online user having an email address is higher. Full name, residential address, date of birth, city of birth, country of birth, race, mother’s full name, father’s full name and citizenship were also selected to be included in a user’s profile. Among the pseudo metric credentials between a password and a PIN, a PIN received a higher score across the five properties. For the system a password was used, to be consistent with the email address.
Figure 4: Information Fusion
Figure 5: Conceptual Architecture of DEITY
DEITY System Description DEITY was developed to combine attributes from four sources using an information fusion engine implemented using Neural Networks. This paper focuses only on the implementation details without reporting fully on the NN approach. The NN functions are reported in [9, 10,12]. Figure 4 describes the information fusion process as a four layered implementation. Credentials are received as inputs and their attributes are extracted and then weighted before being used as inputs to the NN. The information fusion results to an output value which is used as an access permission level in DEITY. The conceptual architecture of DEITY is shown in Figure 5. It consists of a user interface implemented in .NET, a user profile, an integrated multi-modal authentication system, a database and a credential attributes extractor. The database holds both the physical metrics, credentials and their attributes, fingerprints and faces of subjects including the attributes extracted from them. A fingerprint scanning device is used to acquire fingerprints from the user and in conjunction with a laptop and camera unit. The two units submit sets of credentials to DEITY. The communication between the scanner/camera with the system is via USB ports. The fingerprint is processed separately from the face processing. The scanning process uses a GrFinger fingerprint SDK consisting of biometric recognition libraries supplied by Griaule. This is used for enrolment, verification, retrieval and identification of a user’s fingerprints. The SDK consists of libraries used by DEITY. • The face capturing, processing and recognition processes were supported by the FaceVacs Face Recognition SDK supplied by Cognitec. Libraries from the SDK were also used in DEITY. A secure database was developed in MySQL. It takes four user inputs from the four credential groups and stores them in a database.
Figure 6: Layered Architecture of DEITY Conceptually therefore, DEITY is developed as a three layer system consisting of Presentation layer, Application logic layer and Communication layer (Figure 6). The presentation layer consists of two components, the general user interface (UI) and the administrator user interface (AUI). It is responsible for
displaying the attributes to be submitted and the authentication details to users. It also presents the admin user with the management functionality. The application logic layer responds to requests from the UI by retrieving data from the Communication layer and performing authentication and compilation of the data supplied as well as writing the data to the database through the Communication layer. Modules within the application logic layer include the authentication of the groups of attributes and the user manager which is responsible for the enrolment. The communication layer serves three purposes. It • acts as the bridge between the Application Logic layer and the DIMS database; that is, it contains a ‘data access’ module, which reads and writes to the database • connects the attributes input modules to the authentication subsystem in the application logic layer; The input devices includes manual entry of user details, automatic detection of device details, biometric information of fingerprint and face recognition • enables a browser to call Web service methods on the server
System Prototype Several phases are involved in using the system including data acquisition, enrolment and authentication. User enrolment and admin enrolments are supported. During a user enrolment, a user connects to a host and selects enrolment in the system. The user clicks on connect and is transferred to a page that authenticates the user. A user with administrative rights can enrol an ordinary user to the system. Once connect is clicked, a page is displayed that allows authentication of the user. Admin users submit their emails, password and can use those to login. Once authenticated, the admin person also manipulates the security levels of the system and thus restricts groups of users with invalid inputs from accessing the service. The Admin enrols a general user into the system. To enrol a user the Admin needs to enter the following details, full name*, email address*, race*, password*, address*, date of birth*, city of birth*, country of birth*, father’s name*, mother’s name*, citizenship*. All fields need to be filled out. If a field is left out a pop up message is displayed asking admin user to enter the details. The system does a check against the email address to see whether the user has been enrolled before. If the email address already exists in the database a pop up message prompts user to re enter a new email address. To capture the fingerprint, Admin requests General user to press the right thumb on the fingerprint scanner.
Figure 7: View of DEITY in Operation The finger print gets captured. Any finger can be scanned, however, for consistency thumb print is taken.
To capture the face image, Admin requests a General user to position him or herself in the centre and look into the camera. The facial image gets captured by clicking ‘take picture’. It is recommended the image is taken in an environment with sufficient light. Successful enrolment is followed with a confirmation pop up window after clicking on Take Picture. There after the user connects to the host and selects verification in DEITY. The user clicks on connect and is transferred to a page that verifies the user to permit access to a service. The user wanting to gain access to the service has to verify him or herself against the details of the user already stored during the enrolment stage. The user is required to submit full name, email address, race and password. The user then scans finger and captures the image by clicking on Verify. General user clicks on verify and all user inputs are matched against the details in the database. If invalid input is entered user receives a popup message specifying which attribute is invalid / missing. Depending on the security threshold set by the admin during the enrolment stage a user will be accepted / rejected as a verified user. With the default threshold of 0.6 all details need to match with details in the database.
Discussion and Conclusions A digital Identity Management system using a multimodal authenticating system was developed to address the issue of identity fraud and theft seen on most online services today. The multi-modal authentication technology can also be broadly applicable to physical access control systems in buildings, information security systems such as the Internet and intranets. Most online services like internet banking, school records systems, travel ticket booking all depend on a simple pin or password. The DIMS has been designed to request for a combination of credentials. This should make it difficult, if not prevent identify thieves to forge all the combination of credentials thus reducing cases of identity fraud on online services [9]. Commonly available computer hardware is not capable of reading fingerprints or capturing face images hence the solution might not seem practical. However laptops nowadays come with built in biometric features and in time most computers will have similar more advanced features of biometrics installed. For the purpose of the digital management identity system finger and face recognition was chosen because of the high scores obtained during the survey in the research phase. So an assumption for this system to work would be to have a camera and finger scanner available. An application similar to the one implemented to be used in the practical world may initially be faced with some resistance. Traditionally the general public have been hesitant in providing personal data especially with huge increases in identity theft and fraud. There are issues such as cultures, racial profiling and basic discomfort that may result in people resisting a multimodal authenticating system. Political opposition may also be an issue. For the digital identity management system to be used by people it is important to educate them in the field of biometrics and how having multiple identity credentials being verified will reduce identity crimes. Further development of the Digital Identity Management System may include locating a capturing faces from a video, meaning in an uncontrolled environment. This current DEITY system does verification future work on this project could be implementing identification feature where a search is done within the database to find the closest match. Other artificial technologies such as Genetic Algorithm or Bayesian method can be used to develop the information engine. In the future additional attributes can be added to the current system however that rises social/privacy factors because more information are being collected from the user. Alternatively other combinations of credentials can be used to implement the system. The aim of the DEITY will be to provide accurate and efficient identification of individuals under a nonintrusive and uncontrolled environment. This thesis provides the foundation for such a system that will in co operate new concepts, methods and technologies to build a future that is digitally secure. Successful verification of the user when the security level was set to 0.6 was demonstrated. Hence a multimodal authenticating system was successfully implemented.
References [1] Subenthiran, Sittampalam, “Digital Identity Modelling and Management”, MEng Research Thesis, Faculty of Engineering, University of Technology, Sydney Australia, 2005
[2] Microsoft’s Vision for an Identity. [Online] May 2005. [Cited: August 14, 2007.] [3] Ledford, Jerri. 2006. Social security numbers are not the problem. [Online] May 2006. [Cited: September 15, 2007] http://blogs.computerworld.com/node/2533. [4] Redmond, Wash. Digital Identity and the Future of the Internet. [Online] September 16, 2002. [5] Abelson, Hal. “Digital Identity in Cyberspace”, [Online] December 10, 1998. [Cited: November 10, 2007.] http://www-swiss.ai.mit.edu/6805/student-papers/fall98papers/identity/linked-white-paper.html. [6] Fidis, “Overview on IMS” [Online] 2001. [Cited: November 20, 2007.] http://www.fidis.net/resources/deliverables/hightechid/int-d3100/doc/16/. [7] Rooy, Dirk van, “The role of biometrics in a digitally networked society”, [Online] October 2, 2007. [8] MacGregor William, Dutcher William and Khan, Jamil, “Ontology of Identity Credentials”, National Institute of Standards and Technology Special Publication, 2006. [9] Phiri, Jackson, “Digital Identity Management System”, South Africa, University of Western Cape, 2007. [10] Phiri, Jackson and Agbinya, Johnson I; “Modelling and Information fussion in digital identity management systems”, in Proc. IEEE 5th International Conference on Networking, ICN'06, Mauritius, Apr. 23 – 28, 2006 [11] Jain, Anil K and Ross, Arun A., Multibiometric Systems. [Online] January 2004. http://biometrics.cse.msu.edu/Publications/Multibiometrics/JainRoss_Multibiometrics_C ACM04.pdf. [12] Rumana Islam, Digital Identity Modelling and Analysis, Capstone Project Report, Faculty of Engineering, University of Technology, Sydney, Australia, November 2007. [13] Barker, Garry; “Identity theft a $100-billion industry”, July 7, 2003. [14] Kwok, C., “Digital Identity Management System”, Faculty of Engineering, University of Technology, Sydney, Australia, 2007.
