Attacking a biometric server

(1)

S E C U R E

C O M P U T I N G C O M P U T I N G

The Biometric Dilemma

Dr. Mohammad

Dr. Mohammad Iqbal

Iqbal

Dr. Mohammad

Dr. Mohammad Iqbal

Iqbal

Based on presentation of Rick Smith, Ph.D., CISSP Based on presentation of Rick Smith, Ph.D., CISSP

rick_smith@securecomputing.com rick_smith@securecomputing.com

(2)

S E C U R E

C O M P U T I N G

Outline

••

Biometrics: Why, How, How Strong

–– Attacks, FAR, FRR, Resisting trialAttacks, FAR, FRR, Resisting trial--andand--errorerror

••

Server

Server--based Biometrics

based Biometrics

••

Attacking a biometric server

••

Attacking a biometric server

–– Digital spoofing, privacy intrusion, latent print reactivationDigital spoofing, privacy intrusion, latent print reactivation

••

Token

Token--based Biometrics

based Biometrics

••

Physical spoofing

–– Voluntary and involuntary spoofingVoluntary and involuntary spoofing

(3)

S E C U R E

C O M P U T I N G

Biometrics: Why?

••

Eliminate memorization

Eliminate memorization ––

–– Users don’t have to memorize features of their voice, face, Users don’t have to memorize features of their voice, face, eyes, or fingerprints

eyes, or fingerprints

••

Eliminate misplaced tokens

Eliminate misplaced tokens ––

–– Users won’t forget to bring fingerprints to workUsers won’t forget to bring fingerprints to work

••

Can’t be delegated

Can’t be delegated ––

–– Users can’t lend fingers or faces to someone elseUsers can’t lend fingers or faces to someone else

••

Often unique

Often unique ––

–– Save money and maintain database integrity by eliminating Save money and maintain database integrity by eliminating duplicate enrollments

(4)

S E C U R E

C O M P U T I N G

The Dilemma

They always look stronger and and easier to use

than they are in practice

••

Enrollment is difficult

••

Enrollment is difficult

–– Easy enrollment = unreliable authenticationEasy enrollment = unreliable authentication

–– Measures to prevent digital spoofing make even more work for Measures to prevent digital spoofing make even more work for administrators, almost a “double enrollment” process

administrators, almost a “double enrollment” process

••

Physical spoofing is easier than we’d like

(5)

S E C U R E

C O M P U T I N G

Biometrics: How?

Measure a physical trait

••

The user’s fingerprint,

hand, eye, face

Measure user behavior

••

The user’s voice, written

signature, or keystrokes

(6)

S E C U R E

C O M P U T I N G

Biometrics: How Strong?

Three types of attacks

••

Trial

Trial--and

and--error attack

error attack

–– Classic way of measuring biometric strengthClassic way of measuring biometric strength

••

Digital spoofing

••

Digital spoofing

–– Transmit a digital pattern that mimics that of a legitimate Transmit a digital pattern that mimics that of a legitimate user’s biometric signature

user’s biometric signature

–– Similar to password sniffing and replaySimilar to password sniffing and replay

–– Biometrics can’t prevent such attacks by themselvesBiometrics can’t prevent such attacks by themselves

••

Physical spoofing

–– Present a biometric sensor with an image that mimics the Present a biometric sensor with an image that mimics the appearance of a legitimate user

(7)

S E C U R E

C O M P U T I N G

Biometric Trial

Biometric Trial--and

and--Error

Error

How many trials are needed to achieve a 50

How many trials are needed to achieve a 50--50

50

chance of producing a matching reading?

••

Typical objective: 1 in 1,000,000



22

₁₉₁₉

••

Some systems achieve this, but most aren’t

••

Some systems achieve this, but most aren’t

that accurate in practical settings

••

Team

Team--based attack

based attack

–– A group of individuals take turns pretending to be a legitimate A group of individuals take turns pretending to be a legitimate user (5 people X 10 finger = 50 fingers)

(8)

S E C U R E

C O M P U T I N G

Passwords: A Baseline

Example Type of Attack Average Attack Space Random 8-character

Unix password or Off-Line Interactive 2

45

Dictionary Attack Interactive 215 to 223

Dictionary Attack Interactive

or Off-Line 2 to 2

Mouse Pad Search Interactive 21 to 24

(9)

S E C U R E

C O M P U T I N G

Biometric Authentication

••

Compares user’s

signature

to previously

established

pattern

built from that trait

(10)

S E C U R E

C O M P U T I N G

Pattern Matching

We compare how closely a signature matches

one user’s pattern versus another’s pattern

(11)

S E C U R E

C O M P U T I N G

Matching Self vs. Others

(12)

S E C U R E

C O M P U T I N G

Matching in Practice

FAR = recognized Bob instead; FRR = doesn’t recognize me

(13)

S E C U R E

C O M P U T I N G

Measurement Trade

Measurement Trade--Offs

Offs

We must balance the FAR and the FRR

••

Lower FAR = Fewer successful attacks

–– Less tolerant of close matches by attackersLess tolerant of close matches by attackers

–– Also less tolerant of authentic matchesAlso less tolerant of authentic matches

–– Therefore Therefore –– increases the FRRincreases the FRR

••

Lower FRR = Easier to use

–– Recognizes a legitimate user the first timeRecognizes a legitimate user the first time

–– More tolerant of poor matchesMore tolerant of poor matches

–– Also more tolerant of matches by attackersAlso more tolerant of matches by attackers

–– Therefore Therefore –– increases the FARincreases the FAR

(14)

S E C U R E

C O M P U T I N G

Trial and Error in Practice

Example Type of Attack Average Attack Space

Biometric with 1% FAR Team 26

Biometric with 0.01% FAR Team 212

Biometric with “One in a million” Team 219

••

Higher security means more mistakes

–– When we reduce the FAR, we increase the FRRWhen we reduce the FAR, we increase the FRR

(15)

S E C U R E

C O M P U T I N G

Biometric Enrollment

••

How it works

–– User provides one or more biometric readings User provides one or more biometric readings

–– The system converts each reading into a signatureThe system converts each reading into a signature

–– The system constructs the pattern from those signaturesThe system constructs the pattern from those signatures

••

Problems with biometric enrollment

••

Problems with biometric enrollment

–– It’s hard to reliably “preIt’s hard to reliably “pre--enroll” usersenroll” users

–– Users must provide biometric readings interactivelyUsers must provide biometric readings interactively

••

Accuracy is time consuming

–– Take trial readings, build tentative patterns, try them outTake trial readings, build tentative patterns, try them out

–– Take more readings to refine patternsTake more readings to refine patterns

(16)

S E C U R E

C O M P U T I N G

Compare with Password or

Token Enrollment

••

Modern systems allow users to self

Modern systems allow users to self--enroll

enroll

–– User enters some personal authentication informationUser enters some personal authentication information

–– Establish a user nameEstablish a user name

–– Establish a password: system generated or user chosenEstablish a password: system generated or user chosen

–– Establish a token: enter its serial numberEstablish a token: enter its serial number

••

Password enrollment is comparatively simple

••

Tokens require a database associating serial

numbers with individual authentication tokens

–– Database is generated by token’s manufacturerDatabase is generated by token’s manufacturer

–– Enrollment system uses it to establish user accountEnrollment system uses it to establish user account

(17)

S E C U R E

C O M P U T I N G

Biometric Privacy

••

The biometric pattern acts like a password

But biometrics are

But biometrics are not

not secrets

secrets

••

Each user leaves artifacts of her voice,

fingerprints, and appearance wherever she

••

Each user leaves artifacts of her voice,

fingerprints, and appearance wherever she

goes

••

Users can’t change biometrics if someone

makes a copy

••

We can trace people by following their

(18)

S E C U R E

C O M P U T I N G

Server

Server--based biometrics

based biometrics

••

Boring but important

••

Some biometric systems require servers

–– When you need a central repositoryWhen you need a central repository

–– Identification systems (FBI’s AFIS)Identification systems (FBI’s AFIS)

(19)

S E C U R E

C O M P U T I N G

(20)

S E C U R E

C O M P U T I N G

Attacks on Server Traffic

••

Attack on privacy of a user’s biometrics

–– Defense = encryption while traversing the networkDefense = encryption while traversing the network

••

Attack by spoofing a digital biometric reading

–– Defense = authenticating legitimate biometric readersDefense = authenticating legitimate biometric readers

(21)

S E C U R E

C O M P U T I N G

Trusted Biometric Reader

••

Blocks either type of attack on server traffic

••

Security objective

Security objective –– reliable data collection

reliable data collection

••

Must embed a cryptographic secret in every

trusted reader

–– Increased development costIncreased development cost

–– Increased administrative cost Increased administrative cost –– administrators must keep the administrators must keep the reader’s keys safe and up

reader’s keys safe and up--toto--datedate

••

Must enroll both users

Must enroll both users and

and trusted readers

trusted readers

–– “Double enrollment”“Double enrollment”

–– Database of device keys from biometric vendorDatabase of device keys from biometric vendor

–– One device per workstation is often like one per userOne device per workstation is often like one per user

(22)

S E C U R E

C O M P U T I N G

Another Server Attack

••

Experiments in the US and Germany

•• Willis and Lee of Willis and Lee of Network ComputingNetwork Computing Labs, 1998Labs, 1998

–– Reported in “Six Biometric Devices Point The Finger At Security” in Reported in “Six Biometric Devices Point The Finger At Security” in

Network Computing

Network Computing, 1 June 1998, 1 June 1998

•• Thalheim, Krissler, and Ziegler, Thalheim, Krissler, and Ziegler, 20022002

–– Reported in “Body Check,” Reported in “Body Check,” C’TC’T (Germany)(Germany)

–– http://www.heise.de/ct/english/02/11/114/http://www.heise.de/ct/english/02/11/114/

••

Attack on “capacitive” fingerprint sensors

–– Measures change in capacitance due to presence or absence of Measures change in capacitance due to presence or absence of material with skin

material with skin--like responselike response

–– 65Kb sensor collects ~20 minutiae from fingerprint65Kb sensor collects ~20 minutiae from fingerprint

–– Traditional techniques use 10Traditional techniques use 10--12 for identification12 for identification

••

Attack exploits the fatty oils left over from the last

user logon

(23)

S E C U R E

C O M P U T I N G

Latent Finger Reactivation

••

Three techniques

–– Oil vs. nonOil vs. non--oil regions return difference as humidity increasesoil regions return difference as humidity increases

1.

1. Breathe on the sensor (Thalheim, et al)

Breathe on the sensor (Thalheim, et al)

–– You can watch the print reappear as a biometric imageYou can watch the print reappear as a biometric image

–– Works occasionallyWorks occasionally

2.

2. Use a thin

Use a thin--walled plastic bag of warm water

walled plastic bag of warm water

•• More effective, but not 100%More effective, but not 100%

–– Works occasionally even when system is set to maximum sensitivityWorks occasionally even when system is set to maximum sensitivity

3.

3. Dust with graphite (Willis et al; Thalheim et al)

Dust with graphite (Willis et al; Thalheim et al)

•• Attach clear tape to the dustAttach clear tape to the dust

–– Press down on the sensorPress down on the sensor

(24)

S E C U R E

C O M P U T I N G

This Shouldn’t Work

••

According to Siemens

According to Siemens –– vendor of the

vendor of the

“ID Mouse” used in those examples

“ID Mouse” used in those examples ––

–– Authentication procedure remembers the last fingerprint usedAuthentication procedure remembers the last fingerprint used

–– System rejects a match that’s “too close” to the last reading System rejects a match that’s “too close” to the last reading as well as a match that’s “too far” from the pattern

as well as a match that’s “too far” from the pattern

Observations

••

Observations

1.

1. Defense didn’t work in these experimentsDefense didn’t work in these experiments 2.

2. Tape can be repositioned to create a ‘different’ readingTape can be repositioned to create a ‘different’ reading 3.

3. Hard to track through multiple biometric readersHard to track through multiple biometric readers

–– Assume the user logs in at multiple locations over timeAssume the user logs in at multiple locations over time

–– Then the latent image on some reader is Then the latent image on some reader is notnot the most the most recent one accepted for login

(25)

S E C U R E

C O M P U T I N G

What about “Active”

Biometric Authentication?

••

Some (Dorothy Denning) suggest the use of biometrics

in which the pattern incorporates “dynamic”

information uniquely associated with the user

••

Possible techniques

–– Require any sort of nonRequire any sort of non--static input that matches the builtstatic input that matches the built--in patternin pattern

•• Moving the finger around on the fingerprint readerMoving the finger around on the fingerprint reader

–– Challenge response that demands an unpredictable reply Challenge response that demands an unpredictable reply

•• Voice recognition that demands reciting an unpredictable phraseVoice recognition that demands reciting an unpredictable phrase

••

Both are vulnerable to a dynamic digital attack based

on a copy of the user’s biometric pattern

••

Ease of use issue

–– Requires more complex user behavior, which makes it harder to use Requires more complex user behavior, which makes it harder to use and less reliable

(26)

S E C U R E

C O M P U T I N G

Attacking Active Biometrics

A feasible dynamic attack uses the system’s algorithms

to generate an acceptable signature

••

Example

–– Attacker collects enough biometric samples from the victim to build a Attacker collects enough biometric samples from the victim to build a plausible copy of victim’s biometric pattern

plausible copy of victim’s biometric pattern

–– During login, attacker is prompted for a spoken phrase from the victimDuring login, attacker is prompted for a spoken phrase from the victim

–– Attack software generates a digital message based on the user’s Attack software generates a digital message based on the user’s biometric pattern

biometric pattern

•• There may be a sequence of timed messages or a single message There may be a sequence of timed messages or a single message –– it doesn’t matterit doesn’t matter

(27)

S E C U R E

C O M P U T I N G

Token

Token--Based Biometrics

Based Biometrics

Authenticate with biometric + embedded secret

(28)

S E C U R E

C O M P U T I N G

Token Technology

••

Resist copying and other attacks by storing the

authentication secret in a tamper

authentication secret in a tamper--resistant package.

resistant package.

(29)

S E C U R E

C O M P U T I N G

Tokens Resist

Trial

Trial--and

and--Error Attacks

Error Attacks

Example Type of Attack Average Attack Space

Reusable Passwords _{or Off-Line 2}Interactive 1 to 245

Biometrics Team 26 to 219

One-Time Password Tokens Interactive or Off-Line 2

19_{to 2}63

Public Key Tokens Off-Line 263 to 2116

These numbers assume that the attacker

has

(30)

S E C U R E

C O M P U T I N G

Biometric Token Operation

••

The “real” authentication is based on a secret

embedded in the token

••

The biometric reading simply “unlocks” that

secret

••

Benefits

••

Benefits

–– User retains control of own biometric patternUser retains control of own biometric pattern

–– Biometric signatures don’t traverse networksBiometric signatures don’t traverse networks

••

Problems

–– Biometric Tokens cost moreBiometric Tokens cost more

–– Less space and cost for the biometric readerLess space and cost for the biometric reader

(31)

S E C U R E

C O M P U T I N G

Attacks on Biometric Tokens

••

If you can trick the reader, you can probably

trick the token

••

Digital spoofing shouldn’t work

–– We’ve eliminated the vulnerable data pathWe’ve eliminated the vulnerable data path

••

Latent print reactivation (remember?)

–– Tokens should be able to detect and reject such attacksTokens should be able to detect and reject such attacks

••

Attacks by cloning the biometric artifact

–– Voluntary cloning (the authorized user is an accomplice)Voluntary cloning (the authorized user is an accomplice)

(32)

S E C U R E

C O M P U T I N G

Voluntary finger cloning

1.

1. Select the casting material

Select the casting material

–– Option: softened, free molding plastic (used by Matsumoto)Option: softened, free molding plastic (used by Matsumoto)

–– Option: part of a large, soft wax candle (used by Willis; Thalheim)Option: part of a large, soft wax candle (used by Willis; Thalheim)

2.

2. Push the fingertip into the soft material

Push the fingertip into the soft material

3.

3. Let material harden

Let material harden

3.

3. Let material harden

Let material harden

4.

4. Select the finger cloning material

Select the finger cloning material

•• Option: gelatin (“gummy fingers” used by Matsumoto)Option: gelatin (“gummy fingers” used by Matsumoto)

•• Option: silicone (used by Willis; Thalheim)Option: silicone (used by Willis; Thalheim)

5.

5. Pour a layer of cloning material into the mold

Pour a layer of cloning material into the mold

6.

6. Let the clone harden

Let the clone harden

(33)

S E C U R E

C O M P U T I N G

Matsumoto’s Technique

(34)

S E C U R E

C O M P U T I N G

Making the Actual Clone

You can place the “gummy finger” over your real finger.

Observers aren’t likely to detect it when you use it on a

fingerprint reader. (Matsumoto)

(35)

S E C U R E

C O M P U T I N G

Involuntary Cloning

••

The stuff of Hollywood

The stuff of Hollywood –– three examples

three examples

–– SneakersSneakers (1992) “My voice is my password”(1992) “My voice is my password”

–– Never Say Never AgainNever Say Never Again (1983) cloned retina(1983) cloned retina

–– Charlie’s AngelsCharlie’s Angels (2000)(2000)

•• Fingerprints from beer bottlesFingerprints from beer bottles

•• Eye scan from oomEye scan from oom--pah laserpah laser

••

You clone the biometric without victim’s

knowledge or intentional assistance

(36)

S E C U R E

C O M P U T I N G

Cloned Face

••

More work by

More work by Thalheim, Krissler, and Ziegler

Thalheim, Krissler, and Ziegler

•• Reported in “Body Check,” C’T (Germany) Reported in “Body Check,” C’T (Germany)

http://www.heise.de/ct/english/02/11/114/ http://www.heise.de/ct/english/02/11/114/

••

Show the camera a photograph or video clip

instead of the real face

–– Video clip required to defeat “dynamic” biometric checksVideo clip required to defeat “dynamic” biometric checks

••

Photo was taken without the victim’s

assistance (video possible, too)

••

Face recognition was fooled

–– Cognitec's FaceVACSCognitec's FaceVACS--Logon using the recommended Philips's Logon using the recommended Philips's ToUcam PCVC 740K camera

(37)

S E C U R E

C O M P U T I N G

Matsumoto’s 2

nd

Technique

Cloning a fingerprint from a

Cloning a fingerprint from a latent

latent print

print

1.

1. Capture clean, complete fingerprint on a glass, CD,

Capture clean, complete fingerprint on a glass, CD,

or other smooth, clean surface

2.

2. Pick it up using tape and graphite

Pick it up using tape and graphite

2.

2. Pick it up using tape and graphite

Pick it up using tape and graphite

3.

3. Scan it into a computer at high resoultion

Scan it into a computer at high resoultion

4.

4. Enhance the fingerprint image

Enhance the fingerprint image

5.

5. Etch it onto printed circuit board (PCB) material

Etch it onto printed circuit board (PCB) material

6.

(38)

S E C U R E

C O M P U T I N G

Making a Gummy Finger

(39)

S E C U R E

C O M P U T I N G

The Latent Print Dilemma

••

Tokens tend to be smooth objects of metal or

plastic

plastic –– materials that hold latent prints well

materials that hold latent prints well

••

Can an attacker steal a token, lift the owner’s

latent prints from it, and construct a working

clone of the owner’s fingerprint?

••

Worse, can an attacker reactivate a latent

image of the biometric from the sensor itself?

(40)

S E C U R E

C O M P U T I N G

Finger Cloning Effectiveness

••

Willis and Lee could trick 4 of 6 sensors tested

in 1998 with cloned fingers

••

Thalheim et al could trick both “capacitive” and

“optical” sensors with cloned fingers

–– Products from Siemens, Cherry, Eutron, VerdicomProducts from Siemens, Cherry, Eutron, Verdicom

–– Latent image reactivation only worked on capacitive sensors, Latent image reactivation only worked on capacitive sensors, not on optical ones

not on optical ones

••

Matsumoto tested 11 capacitive and optical

sensors

–– Cloned fingers tricked all of themCloned fingers tricked all of them

–– Compaq, Mitsubishi, NEC, Omron, Sony, Fujitsu, Siemens, Compaq, Mitsubishi, NEC, Omron, Sony, Fujitsu, Siemens, Secugen, Ethentica

(41)

S E C U R E

C O M P U T I N G

Summary

••

Traditional FAR and FRR statistics don’t tell the

whole story about biometric vulnerabilities

••

Networked biometrics require trusted readers

that pose extra administrative headaches

••

We can build physical clones of biometric

features that spoof biometric readers

–– Matsumoto needed $10 worth of materials and 40 minutes to Matsumoto needed $10 worth of materials and 40 minutes to reliably clone a fingerprint

reliably clone a fingerprint

••

We can often build clones without the

(42)

S E C U R E

C O M P U T I N G C O M P U T I N G

Thank You!

Questions? Comments?

My e

My e--mail:

mail:

Rick_Smith@securecomputing.com

http://www.visi.com/crypto