1 / 25

Biometrics -- Using Fingerprints for Authentication

Biometrics -- Using Fingerprints for Authentication. Todd Andel & Cyndi Roberts CIS 5370 – Computer Security Spring 2005 10 March 2014. Overview. Authentication Overview Passwords, biometrics Fingerprints for authentication Features & matching Live-scanning of fingerprints Attacks

Albert_Lan
Download Presentation

Biometrics -- Using Fingerprints for Authentication

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Biometrics -- Using Fingerprints for Authentication Todd Andel & Cyndi Roberts CIS 5370 – Computer Security Spring 2005 10 March 2014

  2. Overview • Authentication Overview • Passwords, biometrics • Fingerprints for authentication • Features & matching • Live-scanning of fingerprints • Attacks • Disadvantages of fingerprint authentication • Fake finger, Trojan horse, replay, coercion

  3. Authentication Overview • Authentication: • Process of verifying identity • Supports both the confidentiality & integrity of the CIA model Confidentiality Integrity Ref: class notes

  4. Authentication Overview • Passwords • Most common • In theory strong: (e.g. 268 aprrox 2*1011) • In practice weak: (e.g. dictionary words, related words)

  5. Authentication Overview • Biometrics • Physiological • Iris • Fingerprint (including nail) • Hand (including knuckle, palm, vascular) • Face • Voice • Retina • DNA • Even Odor, Earlobe, Sweat pore, Lips • Behavioral (patterns) • Signature • Keystroke • Voice • Gait Ref: DoD Biometrics Management Office

  6. Fingerprints for Authentication • Two premises for fingerprint identification • Fingerprint details are permanent • Fingerprints are unique • Recent challenges to this claim Ref: On the Individuality of Fingerprints

  7. Features & Matching • Matching Techniques • Correlation based • Ridge feature based • Minutiae based • Features of a fingerprint Ref: On the Individuality of Fingerprints

  8. Features & Matching • Minutiae matching • Probability that two different fingerprints will share 12 of 36 minutiae points: 6.1 x 10-8 • Quality of automated matching • Based on number of matches:  • verification vs. identification • False positive: imposter matches >  • False negative: valid user matches < 

  9. Features & Matching • a: valid match • 39 points left • 42 points right • 36 matches • b: false positive • 64 points left • 65 points right • 25 matches Ref: On the Individuality of Fingerprints

  10. Live-scanning of Fingerprints • Live-scan fingerprint sensing • Three sensor types: optical, solid-state, ultrasound Ref: Handbook of Fingerprint Recognition

  11. Live-scanning of Fingerprints • Optical Sensors: • “Picture” • Frustrated total internal reflection (FTIR), optical fibers, electro-optical, direct reading Ref: Fingerprint Classification and Matching Handbook of Fingerprint Recognition

  12. Live-scanning of Fingerprints • Solid-State Sensors: • Direct conversion to electronic signal • Capacitive, thermal, electric field, piezoelectric Ref: Fingerprint Classification and Matching Handbook of Fingerprint Recognition

  13. Live-scanning of Fingerprints • Ultrasound Sensors: • Based on acoustic signaling • Not yet mature Ref: Handbook of Fingerprint Recognition

  14. Attacks on Fingerprint Authentication Systems • Attacks focus on the disadvantages of fingerprint- based recognition: • While distinctive, fingerprints are not secret • Latent fingerprints are left on everything a person touches • With only 10 fingerprints, if one is compromised by theft of a template, it can be replaced a very limited number of times (unlike a password that can be reset as often as desired) Ref: Handbook of Fingerprint Recognition

  15. Fingerprint Authentication System Model This model of a fingerprint authentication system shows the 8 points of attack generally recognized by security experts Ref: Handbook of Fingerprint Recognition

  16. Attack at Fingerprint Scanner • 1.Destruction of Scanner Surface • 2.Fake Finger attack Image ‘a’ – Rubber Stamp made from a finger print image Image ‘b’ – Wafer thin plastic sheet containing a three-dimensional replication of a fingerprint Ref: Handbook of Fingerprint Recognition

  17. Destruction of Scanner Surface • Ruggedness is important • Weather • Keyless car entry system as opposed to e-Commerce application • Glass/Plastic surfaces covered can be easily scratched or broken • Chip-based sensors can be damaged by electrostatic discharge

  18. Fake Finger Attacks • Most common method is to build an accurate three-dimensional model using the latent print from a legitimate user. • Latent fingerprints are formed when a thin film of sweat and grease are left on a surface. Can be colored with dye and lifted • Legitimate user can be in collusion or coerced • Models made using latex rubber membrane, glue impression, gelatin • Research done in 2000 – latent print used to produce silicone cement fake finger was accepted by 5 out of 6 commercial scanners on the first try. The sixth scanner accepted the print on the second try. Ref: Attacks on biometric systems: a case study in fingerprints

  19. Trojan Horse Attacks • Attack can be launched at scanner, feature extractor, matcher, or system database • Program disguises itself as something else • Device will not recognize that it is sending or receiving information from a source that is not trusted • Generates false results Ref: Handbook of Fingerprint Recognition

  20. Replay Attacks • Information intercepted from communication channels between modules is re-issued at a later time in an attempt to fool the system • Information moving across channels must be secured via: • Encryption and digital signatures • Timestamp and challenge response • Digitally signing fingerprint images/features

  21. Attacks on Cancelable/Private Biometrics • One of the most problematic vulnerabilities of biometrics • Once a template or image is compromised, it cannot be reissued, updated, or destroyed • Can be prevented by having template or image transformed into another representation by using a non-invertible transform such as a one-way hash function paired with a verification function

  22. Attacks Using Coercion • Legitimate users can be forced to identify themselves to a fingerprint-based recognition system • This cannot be detected by fake finger detection modules or cryptographic techniques • Could be prevented by having two fingerprints on file....one default, one for panic situations that would trigger security measures unnoticeable by thief

  23. Summary • Biometrics is a growing field with many exciting discoveries on the horizon • However, until more secure systems can be developed, fingerprint recognition systems should be used in conjunction with another type of user identification to bolster their security Ref: On the Individuality of Fingerprints

  24. References • Department of Defense, Biometrics Management Office http://www.biometrics.dod.mil • S. Pankanti, S. Prabhakar, and A. K. Jain, "On the Individuality of Fingerprints", IEEE Transactions on PAMI, Vol. 24, No. 8, pp. 1010-1025, 2002. • C. Barral, J.S. Coron, D. Naccache, “Externalized Fingerprint Matching”, Lecture Notes in Computer Science, Volume 3072, Jul 2004, Pages 309 – 315 • U. Uludag and A.K. Jain, "Attacks on biometric systems: a case study in fingerprints", Proc. SPIE-EI 2004 , pp. 622-633, San Jose, CA, January 18-22, 2004 • T. Matsumoto, H. Matsumoto, K. Yamada, and S. Hoshino,”Impaact of Artificial Gummy Fingers on Fingerprint Systems”, Proc. Of SPIE, Optical Security and Counterfeit Deterrence Techniques IV, vol 4677, pp.275-289, 2002 • D. Maltoni, et. Al,” Handbook of fingerprint recognition”, New York : Springer, 2003 • A. K. Jain and S. Pankanti. “Fingerprint classification and matching,” In A. Bovik, editor, Handbook for Image and Video Processing. Academic Press, April 2000. • G. Bebis, T. Deaconu, and M. Georgiopoulos, “Fingerprint identification using Delaunay triangulation,” 1999 Int. Conf. on Information Intelligence and Systems, pp. 452-459, 1999.

  25. Questions

More Related