Page 180 - ITU KALEIDOSCOPE, ATLANTA 2019

P. 180

2019 ITU Kaleidoscope Academic Conference

5.4 Brain-actuated control authenticated key CONCLUSION
exchange
In this paper, single and multifactor identity authentication
The term 'telebiometrics' refers to the standardization of techniques based on PAKE protocols were described. The
biometric devices used in the telecommunications domain. ability to derive weak secrets from user knowledge
Recommendation ITU-T X.1081 specifies a telebiometric extracted from biometric sensors and brain-actuated control
multimodal model based on both the "interaction between a systems was highlighted. The paper discussed how derived
human being and the environment", and on the "forms of weak secrets could be converted into a format suitable for
measurement of the magnitude of physical interactions input to a PAKE protocol. The paper also illustrated how
between a person and its environment" [17]. The model new standardization efforts to revise and extend PAKE
specifies measurements of these "physical interactions", could help achieve universal access to healthcare,
and also recognizes "behavioral interactions" [17]. The telemedicine and other network services by users with
multimodal model supports the measurement of the diverse abilities, while enhancing the security of all users.
interactions between a person and a telebiometric device "in
both directions" [17]. To achieve these aims, ITU should define a standardized
ASN.1 schema for information exchange that supports all
The telebiometric multimodal model provides a common PAKE protocol versions and a BAKE extension. This
framework for the specification of "security applications schema should incorporate the NamedKeyEncryptedData
and safety aspects" [17] of telebiometrics. Though EEG cryptographic message defined in Recommendation ITU-T
data is not collected for the purpose of biometric matching, X.894. An extensible mechanism should be specified that
EEG data is similar to X.1081 telebiometric data collected makes possible the unambiguous identification of each
"by a measurement instrument recording some bio- PAKE protocol version.
phenomenon". Both non-biometric EEG data and
telebiometric data can be used to model interactions at a This mechanism should use ASN.1 information object
"layer where the human body meets electronic" devices identifiers that can be associated with the ITU-T X.894
[17]. CMS type NamedKeyEncrptedData in a message.
Standardization of a PAKE protocol message would enable
Recommendation ITU-T X.1081 enables modeling of the development of interoperable vendor solutions. These
biometric authentication in terms of the interactions of a solutions would benefit users by lowering their cost of
person with a biometric sensor. An important benefit of this gaining secure access to network delivered health services,
standard is in its aiding in the design of authentication and enhancing their security through access that provides
solutions that can preserve human "privacy and safety" by multifactor and mutual authentication.
making these interactions "explicit and engineerable" [17].
However, there is no ITU authentication standard similar to ITU should standardize a common ASN.1 payload type for
Recommendation ITU-T X.1081 for using non-biometric the content encrypted for exchange between users and
devices that interact with people and telecommunication servers during PAKE operations. An optional component of
devices used to deliver healthcare. this ASN.1 type should allow a BAKE extension to be used
to provide strong, multifactor user authentication. Another
As BAC devices become more integrated with mobile optional payload component should support a user proof-of-
technologies for edge computing and part of the Internet of possession authentication factor, a registered object known
things (IoT), their users will gain greater access to in-home to the server.
healthcare monitoring and other healthcare services
delivered remotely. This connectivity gain will also make An integer version component should be included to allow
them more vulnerable to attack. The ITU-T X.1080.0 [18] future changes to the payload to be detected by deployed
telebiometric data protection Recommendation specifies implementations. Optional server challenge and response
use of the SignedData and EnvelopedData CMS types for components should be defined as opaque strings to support
authentication and data confidentiality, but does not allow any type of data in any format required by vendors. These
PAKE or its extensions. optional components should be constrained so that at least
one component is present in a message, so that the same
Both of these CMS types rely on the use of certificates payload type can be used by both communicating parties.
supported by a PKI. Given an environment that involves a
user's "brain signals to make decisions, control objects and An optional authenticated attributes component should also
communicate" [14], identity authentication is an important be included. This payload component should be specified
security control. The potential for risk inherent in systems with ITU-T X.894 CMS type AuthAttributes to provide
that might provide feedback to the user makes mutual extensibility and to support the use of the schema in other
authentication an important consideration for both security standards, protocols and applications. An authenticated
and user safety. The CMS SignedData message does not attribute should be defined to support biometric matching
provide mutual authentication, multifactor authentication of on a separate system. This attribute should allow a user to
the user, or the convenience of password authentication. All specify the location of a biometric service provider (BSP)
of these capabilities can be provided by an extended PAKE. that offers a remote matching service, the user biometric

– 160 –

175 176 177 178 179 180 181 182 183 184 185