1、 International Telecommunication Union ITU-T X.1086TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU Amendment 1(04/2012) SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Information and network security Telebiometrics Telebiometrics protection procedures A guideline to technical and m
2、anagerial countermeasures for biometric data security Amendment 1: Multibiometric protection procedures Recommendation ITU-T X.1086 (2008) Amendment 1 ITU-T X-SERIES RECOMMENDATIONS DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY PUBLIC DATA NETWORKS X.1X.199 OPEN SYSTEMS INTERCONNECTION X.20
3、0X.299 INTERWORKING BETWEEN NETWORKS X.300X.399 MESSAGE HANDLING SYSTEMS X.400X.499 DIRECTORY X.500X.599 OSI NETWORKING AND SYSTEM ASPECTS X.600X.699 OSI MANAGEMENT X.700X.799 SECURITY X.800X.849 OSI APPLICATIONS X.850X.899 OPEN DISTRIBUTED PROCESSING X.900X.999 INFORMATION AND NETWORK SECURITY Gene
4、ral security aspects X.1000X.1029 Network security X.1030X.1049 Security management X.1050X.1069 Telebiometrics X.1080X.1099SECURE APPLICATIONS AND SERVICES Multicast security X.1100X.1109 Home network security X.1110X.1119 Mobile security X.1120X.1139 Web security X.1140X.1149 Security protocols X.
5、1150X.1159 Peer-to-peer security X.1160X.1169 Networked ID security X.1170X.1179 IPTV security X.1180X.1199 CYBERSPACE SECURITY Cybersecurity X.1200X.1229 Countering spam X.1230X.1249 Identity management X.1250X.1279 SECURE APPLICATIONS AND SERVICES Emergency communications X.1300X.1309 Ubiquitous s
6、ensor network security X.1310X.1339 CYBERSECURITY INFORMATION EXCHANGE Overview of cybersecurity X.1500X.1519 Vulnerability/state exchange X.1520X.1539 Event/incident/heuristics exchange X.1540X.1549 Exchange of policies X.1550X.1559 Heuristics and information request X.1560X.1569 Identification and
7、 discovery X.1570X.1579 Assured exchange X.1580X.1589 For further details, please refer to the list of ITU-T Recommendations. Rec. ITU-T X.1086 (2008)/Amd.1 (04/2012) i Recommendation ITU-T X.1086 Telebiometrics protection procedures A guideline to technical and managerial countermeasures for biomet
8、ric data security Amendment 1 Multibiometric protection procedures Summary Amendment 1 updates Recommendation ITU-T X.1086 to incorporate multiple biometric information in telebiometric protection procedures by modifying the summary, keywords, scope, references, definitions, abbreviations and acrony
9、ms, and bibliography. The amendment defines new vulnerabilities and proposes guidelines for the protection of the multibiometric system at four different fusion levels: the sample-level, the feature-level, the score-level, and the decision-level. Amendment 1 adds Appendix V to describe techniques to
10、 be applied for the protection of multibiometric data. History Edition Recommendation Approval Study Group 1.0 ITU-T X.1086 2008-11-13 17 1.1 ITU-T X.1086 (2008) Amd. 1 2012-04-13 17 ii Rec. ITU-T X.1086 (2008)/Amd.1 (04/2012) FOREWORD The International Telecommunication Union (ITU) is the United Na
11、tions specialized agency in the field of telecommunications, information and communication technologies (ICTs). The ITU Telecommunication Standardization Sector (ITU-T) is a permanent organ of ITU. ITU-T is responsible for studying technical, operating and tariff questions and issuing Recommendation
12、s on them with a view to standardizing telecommunications on a worldwide basis. The World Telecommunication Standardization Assembly (WTSA), which meets every four years, establishes the topics for study by the ITU-T study groups which, in turn, produce Recommendations on these topics. The approval
13、of ITU-T Recommendations is covered by the procedure laid down in WTSA Resolution 1. In some areas of information technology which fall within ITU-Ts purview, the necessary standards are prepared on a collaborative basis with ISO and IEC. NOTE In this Recommendation, the expression “Administration“
14、is used for conciseness to indicate both a telecommunication administration and a recognized operating agency. Compliance with this Recommendation is voluntary. However, the Recommendation may contain certain mandatory provisions (to ensure, e.g., interoperability or applicability) and compliance wi
15、th the Recommendation is achieved when all of these mandatory provisions are met. The words “shall“ or some other obligatory language such as “must“ and the negative equivalents are used to express requirements. The use of such words does not suggest that compliance with the Recommendation is requir
16、ed of any party. INTELLECTUAL PROPERTY RIGHTS ITU draws attention to the possibility that the practice or implementation of this Recommendation may involve the use of a claimed Intellectual Property Right. ITU takes no position concerning the evidence, validity or applicability of claimed Intellectu
17、al Property Rights, whether asserted by ITU members or others outside of the Recommendation development process. As of the date of approval of this Recommendation, ITU had not received notice of intellectual property, protected by patents, which may be required to implement this Recommendation. Howe
18、ver, implementers are cautioned that this may not represent the latest information and are therefore strongly urged to consult the TSB patent database at http:/www.itu.int/ITU-T/ipr/. ITU 2012 All rights reserved. No part of this publication may be reproduced, by any means whatsoever, without the pr
19、ior written permission of ITU. Rec. ITU-T X.1086 (2008)/Amd.1 (04/2012) iii Table of Contents Page 1) Title . 1 2) Summary . 1 3) Keyword . 1 4) Scope 1 5) References. 2 6) Clause 3.1 . 2 7) Clause 3.2 . 2 8) Clause 4 3 9) Clause 6 3 10) New clause 19 . 6 11) Clause I.2.1 Protection items at the cli
20、ent . 9 12) New Appendix V 10 13) Bibliography . 12 Rec. ITU-T X.1086 (2008)/Amd.1 (04/2012) 1 Recommendation ITU-T X.1086 Telebiometrics protection procedures A guideline to technical and managerial countermeasures for biometric data security Amendment 1 Multibiometric protection procedures 1) Titl
21、e Change the title as follows: Telebiometrics protection procedures: A guideline to technical and managerial countermeasures for biometric data security. 2) Summary Replace the summary with the following new text: Recommendation ITU-T X.1086 defines the requirements of a guideline to provide securit
22、y countermeasures for telebiometrics and tele-multibiometrics protection procedures. This Recommendation defines the vulnerabilities and threats in operating telebiometric and tele-multibiometric systems, and proposes a general guideline for security countermeasures, from both the technical and mana
23、gerial perspectives, in order to establish a safe environment for the use of telebiometric systems and the protection of individual privacy. In particular, this Recommendation focuses on the vulnerabilities and countermeasures in the process of combining multibiometrics data or information by four d
24、ifferent fusion schemes: sample-level, feature-level, score-level, and decision-level. This Recommendation describes countermeasures that allow the protection of biometric devices as related to their installation, removal, and delivery. Countermeasures are proposed for the protection of biometric sy
25、stems as related to their operational procedures, as well as the roles and responsibilities of personnel involved in system design. It is expected that the proposed countermeasures will ensure the security and reliability of the flow of single and multiple biometric information in a telecommunicatio
26、ns environment. 3) Keyword Replace the keywords as follows: Multibiometrics, telebiometrics authentication models, telebiometrics countermeasures, telebiometrics protection guideline, telebiometrics vulnerabilities, tele-multibiometrics. 4) Scope Replace the scope with the following new text: Recomm
27、endation ITU-T X.1086 proposes a general guideline for security countermeasures, from both a technical and a managerial perspective, which would enable the protection of single and multiple biometric systems against various threats (e.g., hijacking, modification, illegal access, etc.) in the entire
28、operation of telebiometrics, from the creation to the disposal of multibiometric data or information. Furthermore, this Recommendation describes the vulnerabilities and proposes 2 Rec. ITU-T X.1086 (2008)/Amd.1 (04/2012) countermeasures in the process of combining multibiometric data or information
29、by four different fusion schemes: sample-level, feature-level, score-level, and decision-level. From a technical point of view, this Recommendation proposes the countermeasures to ensure data integrity, mutual authentication, and confidentiality. From a managerial perspective, it describes the count
30、ermeasures for the protection of telebiometric systems during their installation, removal, and delivery. Recommendation ITU-T X.1086 does not cover the security requirements for biometric data, biometric security algorithms or multibiometric systems. 5) References Add the following references to the
31、 existing list of references: ITU-T X.1082 Recommendation ITU-T X.1082 (2008), Telebiometrics related to human physiology. ISO/IEC 19792 ISO/IEC 19792 (2009), Information technology Security techniques Security evaluation of biometrics. 6) Clause 3.1 Add the following sub-clauses to clause 3.1 in al
32、phabetic order: biometric features b-SC37SD2: Output of a completed biometric feature extraction process. biometric fusion b-TR24722: Combination of information from multiple sources: i.e., sensors, modalities, algorithms, instances or presentations. biometric modality b-TR24722: Biometric character
33、istic used in a biometric process. multi-algorithmic b-TR24722: Use of multiple algorithms for processing the same biometric sample. multibiometrics b-TR24722: Automated recognition of individuals based on their biological or behavioural characteristics and involving the use of biometric fusion. mul
34、ti-instance b-TR24722: Use of multiple biometric instances within one biometric modality. Examples: Iris (left) + Iris (right): Fingerprint (left index) + Fingerprint (right index) multi-modal b-TR24722: Use of multiple different biometric modalities. Example: Fingerprint + Face multi-presentation b
35、-TR24722: Use of either multiple presentation samples of one instance of a biometric characteristic or a single presentation that results in the capture of multiple samples. Example: Several frames from video camera capture of a face image (possibly, but not necessarily, consecutive). multi-sensoria
36、l b-TR24722: Use of multiple sensors for capturing samples of one biometric instance. 7) Clause 3.2 Add the following sub-clauses to clause 3.2 in alphabetic order: decision-level fusion: Process of combining multiple decisions resulted from individual decision rules into an aggregated decision. fea
37、ture-level fusion: Process of combining multiple biometric features produced by individual feature extraction modules into a single feature set or vector. Rec. ITU-T X.1086 (2008)/Amd.1 (04/2012) 3 sample-level fusion: Process of combining multiple biometric samples acquired by individual biometric
38、input devices into a single set of samples. score-level fusion: Process of combining multiple comparison scores produced by individual classifiers into a single score. tele-multibiometrics: Application of multibiometrics in the telecommunication environment. vulnerable point: A weak point where an a
39、ttacker can reduce the systems information assurance. 8) Clause 4 Add the following abbreviation to the list of abbreviations and acronyms: SVM Support Vector Machine 9) Clause 6 Replace clause 6 with the following new text: 6 Components and vulnerabilities of a biometric system The first step in ta
40、king technological protection measures for biometric data is to accurately identify the target and the purpose requiring protection. The second step is to establish biometric data policies. In order to reflect technological protection measures in protection policies, it is essential that technical s
41、taff who fully understand and implement the proposed policies, and decision-makers who have the authorization to execute these policies, participate in the process and work together effectively. When a biometric system is installed with the mechanism for protecting the biometric system, an authorize
42、d data auditor is designated to supervise the auditing process in order to make sure that the biometric system is under operation following the protection policies. One or more sub-processes are executed in a biometric processing unit, and one or more biometric processing units become the biometric
43、verification process. A biometric processing unit is the abstract concept of a security domain, such as a sensor, a smart card, a storage device, or software running on a personal computer. Appendix II describes the functions of five sub-processes in biometric-verification process models. Figure 1 d
44、escribes a biometric system based on a network, illustrating how a client acquires personal information and biometric data, thereafter transmitting them to an installed server. 4 Rec. ITU-T X.1086 (2008)/Amd.1 (04/2012) Figure 1 Telebiometric model Figure 2 illustrates the threats associated with th
45、e biometric component through a network in the biometric-verification process model (see Appendix II). In this model, each component sends processed biometric data to the next component (see clause 5.1 of ISO/IEC 24761). Compared to a general biometric functional model, in a telebiometric functional
46、 model, processed biometric data can be transmitted among components through telecommunications media, denoted as NW in Figure 2. Figure 2 shows that not only each component in the model, but also transmission among components, are vulnerable to outside attacks. Examples of outside attacks are the i
47、nvasion from outside when biometric data are delivered to the next step or during the modification of processed biometric data. Figure 2 Vulnerabilities in the telebiometric functional model Rec. ITU-T X.1086 (2008)/Amd.1 (04/2012) 5 The threats associated with each component and transmission in the
48、 telebiometric functional model are listed and named as follows: T1: Threat to biometric input devices T2: Threat to the process of transmitting biometric raw data to the signal processing component T3: Threat to the signal processing component T4: Threat to the process of transmitting the extracted
49、 biometric templates to the comparison component T5: Threat to the comparison component T6: Threat to the biometric storage component T7: Threat to the process of transferring biometric templates from the registration component to the storage component T8: Threat to the process of transmitting the matching score from the comparison component T9: Threat to the registration component T10: Threat to the decision component T11: Threat to the process of transmitting the stored biometric temp
