So far, this series has covered various biometric modalities that can be used with the Zero Trust Framework. This final article pulls it all together by explaining exactly how those modalities fit into the ZTF. The authors also provide a brief review of Bio Cryptography and other factors for multi-authentication in the ZTF.
So, we have now reviewed at length three distinct Biometric modalities that can now fit into the MFA model for the ZTF. (Remember, MFA was previously defined as having at least three or more layers of unique authentication mechanisms.) Remember, all of the templates (both verification and enrollment) that have been created are some type of mathematical or statistical profile. The following matrix summarizes this:
|Biometric Modality||Outputted Mathematical File|
|Fingerprint Recognition||Binary Digits|
|Iris Recognition||Iris Codes, based upon Gabor Wavelets|
|Facial Recognition||Eigenfaces, based upon Hidden Markov Models|
At this point in time, these three Biometric modalities can literally fit anywhere into the ZTF infrastructure that have been deployed. They can be used at the beginning stages, or even in the middle of the Microsegments that have been broken out. Take for example a mid-level employee, such as that of a Database Administrator. This particular individual will probably have the most interest in gaining access to one (or perhaps) more of the databases at the organization.
But before this can happen, they first must be authenticated. This can be done by a rapid-fire succession of these three modalities. Although the exact time to elapse here has not been calculated, it has been estimated that it should take no more than three minutes as these are all non-contactless technologies. This is the point where all of the verification templates will be created and compared against the enrollment templates. This part of the ZTF can be referred to as the “Point of Authentication”.
From here, the results of the authentication process will then be transferred to the lines of defense surrounding the database (whichever one the administrator wishes to access), to allow for the authorization of the shared resources to occur.
This can be referred to as the “Point of Authorization.” In this example, it has also been assumed that the principles of PAM will be followed. Because of this, there will be no need for this individual to have to go through the entire verification process across all of the three different modalities, because the results will have already been stored in the PAM Vault Box.
If access is needed to any of the other sub directories or sub shared resources in this database, the same results will also apply. The only time when this individual will have to repeat the verification scenario just described is if they need to gain access to a different server, such as an Email server. This entire process can be seen in Figure C below.
As it was also described earlier in this series, it is only the enrollment template that is actually stored into the database of any of these three Biometric modalities and even then they are simply mathematical and/or statistical files. Thus, even if a cybercriminal were to breach a company’s systems and hijack these templates, there is really nothing useful that can be done with them, as it requires a live sample for any level of authorization to take place.
This means that despite all of the lines of defenses offered up by the ZTF, there is still a potential vulnerability. Of course, this needs to be remediated with the right controls, but if the templates are also in any danger of being hijacked, then it is also best to protect them as well. This is where they can be encrypted via Bio Cryptography as a further way to fortify the overall ZTF.
A Brief Review Into Bio Cryptography
The Cipher Biometric Template
When the fingerprint/iris/facial template is encrypted, it can be viewed as the “Cipher Biometric Template”, and when it is decrypted, it can be viewed once again as the decrypted “Plaintext Biometric Template”. Besides this, Bio Cryptography also has to provide the following three functions in order for it to be truly effective:
- Authentication: The receiver of the message (or the Plaintext Biometric Template) should be able to accurately verify the origin of it.
- Integrity: The message in transit (or the Plaintext Biometric Template) should not be modified in any way or format while it is in transit (or in other words, replacing a fingerprint biometric template with an iris biometric template in order to spoof the biometric system). This is where Quantum Cryptography can contribute heavily, making use of particle photons and their polar angles.
- Nonrepudiation: The sender of the Plaintext Biometric Template should not falsely deny that they have not sent that particular template originally.
Bio Cryptography Keys
A component which is central to Bio Cryptography are what is known as “keys.” It is the key itself which is used to lock up the Plaintext Biometric Template (or encrypt it) at the point of origination, and it is also used to unlock that same Template at the receiving end.
The key itself is a series of mathematical values – the larger the value, the harder it is to break while it is in transit. The range of possible mathematical values is referred to as the “keyspace.”
There are many types of such keys used in Bio Cryptography, such as signing keys, authentication keys, data encryption keys, session keys, etc. The number of keys which are generated depends primarily upon the mathematical algorithms which are used, grouped into either symmetric and asymmetric.
To further fortify the strengths of a Bio Cryptography-based Public Key Infrastructure, mathematical hashing functions are also used to protect the integrity of the Plaintext Biometric Template. For example, when the destination party receives the Plaintext Biometric Template, the hashing function is included with it.
If the values within the hashing function have not changed after it h been computed by the receiving end, then one can be assured that the Plaintext Biometric Template has not been changed or altered in any way.
To prove the validity of the hashing functions, it should be noted that they can be calculated only in one direction (e.g., going from the sending point to the receiving point, where it is computed), but not in the other direction (e.g., going from the destination point to the origination point).
The hashing function will be reviewed again in the next section of this article. It should be noted that for purposes of this study, the ZTF methodology that we have introduced is rather simple in nature, as we have focused on solely one segment of it – namely a Database Server. So therefore, one can assume that for illustrative purposes, Symmetric Key Cryptography is used. This is where one secret key, namely the Private Key, will be used to encrypt and decrypt the template.
There are inherent risks using this approach, especially if the Private Key is given out to another party. But with the safety mechanisms already afforded by the ZTF, and the mathematical nature of the templates, this should help offset this risk. But as the ZTF gets deployed into the real world on a grander scale, it is quite conceivable that Asymmetric Key Cryptography will have to be used, which uses a combination of both Public and Private Keys, and even a Key Distribution Center (KDC).
Also, only one biometric template will truly need to be encrypted, which is the enrollment template. As described previously, this is what gets stored in the database of the biometric device and is used to confirm the authenticity of an individual.
In fact, the concepts of Bio Cryptography were first explored on a major basis by Ravi Das in his book Biometric Technology: Authentication, BioCryptography, and Cloud Based Architecture, published by CRC Press in 2015.
Conclusion: Other Factors For MFA In The ZTF
What we have proposed is a ZTF making key usage of biometrics in a full effort to eradicate the use of passwords altogether. But as also mentioned, there are other mechanisms that can be used, such as RSA tokens, smart cards, etc. Although we have outlined earlier the steps that need to be taken to have an effective ZTF methodology, there are some other factors relating to MFA that must be taken into consideration as well, specifically adaptive MFA. The decision if MFA needs to be applied at a specific time, for a specific user will depend on policies that can be static or dynamic.
Adaptative MFA is based on the simultaneous analysis of many data points (IP, location, time, device, etc.). Adaptative MFA will require authentication requirements based on the following criteria:
- Static Policies: risk levels are defined based on different data points.
- Dynamic Policies: policies change based on the analysis of users’ behavior. In this case, Machine Learning techniques can be used to optimize policies and reduce risk over time.
- Hybrid: A combination of static and dynamic policies.