Information Technology Reference
In-Depth Information
2 Securing the Biometric Enrollment
Biometric authentication is defined as the automated identification or verifica-
tion of a person using behavioral or physiological characteristics such as finger-
print, palmprint or keystroke dynamics [15]. Basic requisition for an effective
biometric authentication is (besides the security and performance of the bio-
metric authentication) a secure prior enrollment [8,9]. Enrollment describes the
process where an individual's biometric feature is registered in form of a digi-
tal template with the biometric system [15]. After the enrollment is successfully
completed the biometric system can be run in two different modes, verification
or identification, to authenticate an enrolled user [9]. In verification mode, a
user provides his claimed identity and a biometric sample, which is then checked
against the corresponding biometric profile stored at the system (1:1 compari-
son). When operating in identification mode, a user only provides a biometric
sample and the biometric system determines the corresponding digital identity
based on all available templates (1:n comparison). Compared to traditional au-
thentication techniques based on knowledge (passwords) or tokens, biometric
features are inherently and naturally bound to a person. This implicates poten-
tial increases regarding both the practicability and nonrepudiation of an authen-
tication [15]. Especially in cases where a person's digital identity is involved in
legally binding transactions, a proofable binding between digital identity and
the corresponding natural person reduces the risk of fraudulent behavior such as
identity theft. To ensure the authenticity of a biometric profile, a trusted entity
verifies a natural person's identity by specified means (e.g. identification docu-
ment) and supervises this person's enrollment process afterward. The observer
confirms the enrollment's correct (and secure) accomplishment by authenticating
to the biometric system with his own biometric sample.
3 Trust and Trust Models
At first, this section introduces the notion and characteristics of trust. Then
some trust models, especially the Web of Trust, are introduced.
3.1 Defining Trust
The notion of trust is a topic that has been discussed in research for years.
Although trust has already been analyzed in detail in various disciplines there
is no generally accepted definition [13]. This is on the one hand due to the fact
that trust is often associated with terms like credibility, reliability or confidence
[21]. On the other hand, trust can be contemplated in a cognitive, emotional
and behavioral dimension [21]. Oxford Dictionary defines trust as “firm belief in
the reliability, truth, or ability of someone or something” [19]. This definition is
very close to the definition of “reliability trust”, which can be found in literature
regarding online trust and reputation systems (e.g. eBay) [17]. Moreover, trust
has several characteristics. The following list shows some properties that are
important in respect of this work [6,14]:
