Computer Security Reading Group

The Computer Security Reading Group (CSRG) is an unscheduled course in computer security.

Purpose

The goal of the Computer Security Reading Group is to provide an informal atmophere where students can meet and discuss advanced topics related to compuer security. Participation in the CSRG should be a reward in itself, but student who wish to do an extra effort, e.g., by writing a small report on one of the topics covered by the reading group, will be able to earn study credits for that effort.

Operational Goals

The operational goals of the Computer Security Reading Group are:

Educational Through the discussion of scientific papers, members of the reading group will reach a deeper understanding of complex issues relating to computer security. Papers discussed by the CSRG will generally cover current topics in computer security, this includes new exciting research results and computer security related topics currently mentioned by the media.
Political In order to provide politicians and citizens objective, non partisan information about technological aspects of computer security, the knowledge assembled by the reading group should be documented and made available to others. Members of the reading group who wish to obtain course credits from their participation will generally be required to produce material that can be published, either on the web, in daily news media or in popular science magazines.
Social The reading group will be conducted in an informal and fun atmosphere that will allow students to interact socially in a technological context. Although some of the study credit giving activities may be limited to a smaller number of students, reading group meetings will generally be open, especially to alumni who may wish to maintain a link to academic research or who wish use the reading group to look for new employees for their current employer.

Reading Group Format

The reading group will meet to discuss papers every week in the semester. Members of the reading group are expected to propose relevant research papers for discussion and participate in the selection of the research paper to be discussed at the next meeting. Each paper will be presented by one student, normally the student who proposes the paper, and two to three other members of the reading group will be elected to raise questions (roughly three questions each) designed to help start the discussion. These questions may address some of the theory or technology developed in the presented paper, some of the underlying assumptions made in the paper or some of the possible consequences of applying the technology developed in the paper. All members of the reading group are expected to have read the paper before the meeting.

The above format is not fixed and it is expected that the format will evolve to accommodate the wishes of the members of the reading group. However, in order to ensure depth in the discussion, it is expected that the reading group will target no more than a few topics each semester, so that consecutive meetings in the reading group will generally discuss papers with a similar topic.

CSRG Spring 2005

In the spring 2005, the activities of the CSRG will focus on the different proposals to improve the security of personal identification documents through the use of biometrics. Since participation in the first instance of the reading group will be strongly linked to the course credit earning activities, participation will be limited to 20 participants.

In the spring 2005, the reading group will meet on Wednesday from 15 to 17 in Building 322, room 030. Students who wish to participate in the reading group should indicate their interest by sending an email to csrg@imm.dtu.dk before Friday 14 January. The email should have the text "CSRG" in the subject and the name and student number of the interested student(s) in the body of the email. Sending this email is not required toparticipate in the reading group, but it helps plan the course and the limited places will be allocated on a "first come first served" basis.

NB! Meeting room for the CSRG, spring 2005, is Building 322, room 030.

The use of Biometrics in Identification Systems

Traditional security systems are based on the ability to identify and authenticate principals who request access to protected resources. Biometrics has been proposed as a convenient and secure way to authenticate human principals, and through identity management to transfer the rights of the human user to any software agent acting on her behalf. Moreover, the ability of biometrics to identify humans means that they are being proposed as an appropriate mechanism to identify humans in traditional offline applications, e.g., in ID-cards or passports. In the spring 2005, the CSRG will examine the appropriateness of biometrics for this use. The reading group will examine the biometrics themselves, the machine readable identity documents and accompanying technologies. The reading group will produce a series of articles that reflect the discussions in the reading group and present any conclusions that may be drawn from these discussions. The articles should be in a format that is easily understood by a layman, so that the series can be brought in a daily news paper or in a special issue of a popular science magazine.

The following topics for writing papers have been identified. Papers selected for discussion by CSRG in spring 2005 should generally be directly relevant to one of these topics.

An overview of biometrics
Biometrics records physical features of the individual and use this recorded information to recognize the individual at a later time. This requires a system that is able to enroll the individual (record her biometrics), associate the biometrics with a particular individual, store the biometrics and the identity of the individual in a secure way, measure the same feature at a later time, match the new measurement against the database of stored biometric information and retrieve the identity of the individual if a match is found. This sub-project will provide a general overview of biometrics identification systems and explain the required architecture for different uses of biometric identification, e.g., in national ID cards, travel documents or certificates of competence.
The role of biometrics in security
Biometrics are being heralded as a panacea for security problems in society, infrastructure and computer systems. The purpose of this sub-project will in greater detail examine how bometrics can be used in identification systems and identify possible limitations to the use of biometrics in personal identification.
Face recognition
As one of the two forms of biometrics required by the new EU passport standard, the use of face recognition in identification systems should be examined. At the moment, the proposed facial biometric is a simple photograph of the owner, but it is possible that future standards will require standardized machine verifiable facial biometrics. This sub-project should examine different facial biometrics recognition systems and assess their security and reliability with respect to being used in identification systems.
Fingerprint recognition
As the other form of biometrics required by the new EU passport standard, the use of fingerprint recognition systems should be investigated. This sub-project should examine different forms of fingerprint biometrics and assess their security and reliability. As there has been considerable success in defeating fingerprint identification, special attention should be made to identify and assess ways of defeating fingerprint biometrics. The impact of the relative ease with which fingerprint biometrics can be defeated on the possible use of fingerprint biometrics in identification systems should be assessed.
Other biometrics recognition systems
Any uniquely identifiable feature of the human physiology can potentially be used for biometric identification. This sub-project should identify and describe the different forms of biometric identification systems that have been proposed by research or industry. As possible alternatives (or supplements) to the already proposed biometrics in EU passports, these biometrics systems must examined and the strenght and weaknesses with respect to their use in biometrics identification systemsmust be assessed.
The use of biometrics in machine readable documents
Biometrics have been proposed as part of the national ID card in the UK and as part of new passports issued by EU member states. Moreover, The US have indicated that they will require biometric identification of everyone entering the US in the near future. This sub-topic should examine the proposed standards for biometrics identification in machine readable travel documents and assess the potential security implications of the proposed infrastructure, the security and reliability of the proposed biometrics, the security of the proposed interfaces between the biometric identification system and the machine readable travel document and the potential impact on the privacy of ordinary citizens if such systems are implemented.
Survey of Biometrics Identification Systems
As the different subprojects identify and study different biometrics identification systems, they should compile a common survey of biometrics identification systems. It is the ultimate goal that this document may be published in one of the academic journals that carry survey articles.

CSRG Reading List

The CSRG reading list contains both the papers that will be discussed at the reading group meeting as well as other material, which is relevant to the current topic of investigation.

Reading Group Papers (Spring 2005)

Date	Paper
9 Feb	1. The Economist: The Evolution of the Photofit. The Economist.com, 2 December 2004. 2. J. Bigun, K. Choy, and H. Olsson: Evidence on skill differences of women and men concerning face recognition. In J. Bigun and F. Smeraldi, editors, Audio and Video based Person Authentication - AVBPA 2001, pages 44-51. Springer, 2001. Papers presented by Jens Fagertun. Papers questioned by Simon Thyregod.
16 Feb	1. Lawrence O'Gorman: "An Overview of Fingerprinting Verification Technologies". In Elsevier Information Security Technical Report, Vol. 3, No. 1, 1998, pp. 21-32. 2. Younhee Gil et al.: Access Control System with High Level Security Using Fingerprints. In Proceedings of the 32nd Applied Imagery Pattern Recognition Workshop (AIPR'03), Washington, DC, October 15 - 17, 2003. Papers presented by Simon Thyregod. Papers questioned by Yan Hong and Xin Hu.
23 Feb	Tsutomu Matsumoto et al.: Impact of Artificial "Gummy" Fingers on Fingerprint Systems. Proceedings of SPIE Vol. #4677, Optical Security and Counterfeit Deterrence Techniques IV, Thursday-Friday 24-25 January 2002. Paper presented by Yan Hong. Papers questioned by Simon Thyregod, Simon will also repport on published FAR and FRR for fingerprint systems.
9 Mar	Papers on biometric passports, details will be available shortly. Paper presented by Xin Hu.
30 Mar	London School of Economics: The Identity Project, Interim Report and assessment of the UK Identity Cards Bill & its implications, London, March 2005. Report presented by Christian D. Jensen.
13 Apr	International Civil Aviation Organization: ICAO - Machine Readable Travel Document. No presentation will be made, instead we will construct a common mindmap of the specified requirements for the mrtd, issuing infrastructures and verification infrastructures envisaged by the ICAO proposal.

Additional Reading (Useful links)
This list is currently under construction.

Fingerprints

Marie Sandström: Liveness Detection in Fingerprint Recognition Systems. M.Sc. Thesis LITH-ISY-EX-3557-2004, Institutionen för systemteknik, Linköping University, 2004.