S E C U R E
S E C U R E
C O M P U T I N G C O M P U T I N G
The Biometric Dilemma
The Biometric Dilemma
Dr. Mohammad
Dr. Mohammad Iqbal
Iqbal
Dr. Mohammad
Dr. Mohammad Iqbal
Iqbal
Based on presentation of Rick Smith, Ph.D., CISSP Based on presentation of Rick Smith, Ph.D., CISSP
rick_smith@securecomputing.com rick_smith@securecomputing.com
S E C U R E
S E C U R E
C O M P U T I N G
C O M P U T I N G
Outline
Outline
••
Biometrics: Why, How, How Strong
Biometrics: Why, How, How Strong
–– Attacks, FAR, FRR, Resisting trialAttacks, FAR, FRR, Resisting trial--andand--errorerror••
Server
Server--based Biometrics
based Biometrics
••
Attacking a biometric server
Attacking a biometric server
••
Attacking a biometric server
Attacking a biometric server
–– Digital spoofing, privacy intrusion, latent print reactivationDigital spoofing, privacy intrusion, latent print reactivation
••
Token
Token--based Biometrics
based Biometrics
••
Physical spoofing
Physical spoofing
–– Voluntary and involuntary spoofingVoluntary and involuntary spoofing
S E C U R E
S E C U R E
C O M P U T I N G
C O M P U T I N G
Biometrics: Why?
Biometrics: Why?
••
Eliminate memorization
Eliminate memorization ––
–– Users don’t have to memorize features of their voice, face, Users don’t have to memorize features of their voice, face, eyes, or fingerprints
eyes, or fingerprints
••
Eliminate misplaced tokens
Eliminate misplaced tokens ––
–– Users won’t forget to bring fingerprints to workUsers won’t forget to bring fingerprints to work
–– Users won’t forget to bring fingerprints to workUsers won’t forget to bring fingerprints to work
••
Can’t be delegated
Can’t be delegated ––
–– Users can’t lend fingers or faces to someone elseUsers can’t lend fingers or faces to someone else
••
Often unique
Often unique ––
–– Save money and maintain database integrity by eliminating Save money and maintain database integrity by eliminating duplicate enrollments
S E C U R E
S E C U R E
C O M P U T I N G
C O M P U T I N G
The Dilemma
The Dilemma
They always look stronger and and easier to use
They always look stronger and and easier to use
than they are in practice
than they are in practice
••
Enrollment is difficult
Enrollment is difficult
••
Enrollment is difficult
Enrollment is difficult
–– Easy enrollment = unreliable authenticationEasy enrollment = unreliable authentication
–– Measures to prevent digital spoofing make even more work for Measures to prevent digital spoofing make even more work for administrators, almost a “double enrollment” process
administrators, almost a “double enrollment” process
••
Physical spoofing is easier than we’d like
Physical spoofing is easier than we’d like
S E C U R E
S E C U R E
C O M P U T I N G
C O M P U T I N G
Biometrics: How?
Biometrics: How?
From Authentication© 2002. Used by permission
Measure a physical trait
Measure a physical trait
••
The user’s fingerprint,
The user’s fingerprint,
hand, eye, face
hand, eye, face
Measure user behavior
Measure user behavior
••
The user’s voice, written
The user’s voice, written
signature, or keystrokes
signature, or keystrokes
S E C U R E
S E C U R E
C O M P U T I N G
C O M P U T I N G
Biometrics: How Strong?
Biometrics: How Strong?
Three types of attacks
Three types of attacks
••
Trial
Trial--and
and--error attack
error attack
–– Classic way of measuring biometric strengthClassic way of measuring biometric strength
••
Digital spoofing
Digital spoofing
••
Digital spoofing
Digital spoofing
–– Transmit a digital pattern that mimics that of a legitimate Transmit a digital pattern that mimics that of a legitimate user’s biometric signature
user’s biometric signature
–– Similar to password sniffing and replaySimilar to password sniffing and replay
–– Biometrics can’t prevent such attacks by themselvesBiometrics can’t prevent such attacks by themselves
••
Physical spoofing
Physical spoofing
–– Present a biometric sensor with an image that mimics the Present a biometric sensor with an image that mimics the appearance of a legitimate user
S E C U R E
S E C U R E
C O M P U T I N G
C O M P U T I N G
Biometric Trial
Biometric Trial--and
and--Error
Error
How many trials are needed to achieve a 50
How many trials are needed to achieve a 50--50
50
chance of producing a matching reading?
chance of producing a matching reading?
••
Typical objective: 1 in 1,000,000
Typical objective: 1 in 1,000,000
22
1919••
Some systems achieve this, but most aren’t
Some systems achieve this, but most aren’t
••
Some systems achieve this, but most aren’t
Some systems achieve this, but most aren’t
that accurate in practical settings
that accurate in practical settings
••
Team
Team--based attack
based attack
–– A group of individuals take turns pretending to be a legitimate A group of individuals take turns pretending to be a legitimate user (5 people X 10 finger = 50 fingers)
S E C U R E
S E C U R E
C O M P U T I N G
C O M P U T I N G
Passwords: A Baseline
Passwords: A Baseline
Example Type of Attack Average Attack Space Random 8-character
Unix password or Off-Line Interactive 2
45
Dictionary Attack Interactive 215 to 223
Dictionary Attack Interactive
or Off-Line 2 to 2
Mouse Pad Search Interactive 21 to 24
S E C U R E
S E C U R E
C O M P U T I N G
C O M P U T I N G
Biometric Authentication
Biometric Authentication
••
Compares user’s
Compares user’s
signature
signature
to previously
to previously
established
established
pattern
pattern
built from that trait
built from that trait
S E C U R E
S E C U R E
C O M P U T I N G
C O M P U T I N G
Pattern Matching
Pattern Matching
We compare how closely a signature matches
We compare how closely a signature matches
one user’s pattern versus another’s pattern
one user’s pattern versus another’s pattern
S E C U R E
S E C U R E
C O M P U T I N G
C O M P U T I N G
Matching Self vs. Others
Matching Self vs. Others
S E C U R E
S E C U R E
C O M P U T I N G
C O M P U T I N G
Matching in Practice
Matching in Practice
FAR = recognized Bob instead; FRR = doesn’t recognize me
FAR = recognized Bob instead; FRR = doesn’t recognize me
S E C U R E
S E C U R E
C O M P U T I N G
C O M P U T I N G
Measurement Trade
Measurement Trade--Offs
Offs
We must balance the FAR and the FRR
We must balance the FAR and the FRR
••
Lower FAR = Fewer successful attacks
Lower FAR = Fewer successful attacks
–– Less tolerant of close matches by attackersLess tolerant of close matches by attackers–– Also less tolerant of authentic matchesAlso less tolerant of authentic matches
–– Therefore Therefore –– increases the FRRincreases the FRR
–– Therefore Therefore –– increases the FRRincreases the FRR
••
Lower FRR = Easier to use
Lower FRR = Easier to use
–– Recognizes a legitimate user the first timeRecognizes a legitimate user the first time
–– More tolerant of poor matchesMore tolerant of poor matches
–– Also more tolerant of matches by attackersAlso more tolerant of matches by attackers
–– Therefore Therefore –– increases the FARincreases the FAR
S E C U R E
S E C U R E
C O M P U T I N G
C O M P U T I N G
Trial and Error in Practice
Trial and Error in Practice
Example Type of Attack Average Attack Space
Biometric with 1% FAR Team 26
Biometric with 0.01% FAR Team 212
Biometric with 0.01% FAR Team 212
Biometric with “One in a million” Team 219
••
Higher security means more mistakes
Higher security means more mistakes
–– When we reduce the FAR, we increase the FRRWhen we reduce the FAR, we increase the FRRS E C U R E
S E C U R E
C O M P U T I N G
C O M P U T I N G
Biometric Enrollment
Biometric Enrollment
••
How it works
How it works
–– User provides one or more biometric readings User provides one or more biometric readings
–– The system converts each reading into a signatureThe system converts each reading into a signature
–– The system constructs the pattern from those signaturesThe system constructs the pattern from those signatures
••
Problems with biometric enrollment
Problems with biometric enrollment
••
Problems with biometric enrollment
Problems with biometric enrollment
–– It’s hard to reliably “preIt’s hard to reliably “pre--enroll” usersenroll” users
–– Users must provide biometric readings interactivelyUsers must provide biometric readings interactively
••
Accuracy is time consuming
Accuracy is time consuming
–– Take trial readings, build tentative patterns, try them outTake trial readings, build tentative patterns, try them out
–– Take more readings to refine patternsTake more readings to refine patterns
S E C U R E
S E C U R E
C O M P U T I N G
C O M P U T I N G
Compare with Password or
Compare with Password or
Token Enrollment
Token Enrollment
••
Modern systems allow users to self
Modern systems allow users to self--enroll
enroll
–– User enters some personal authentication informationUser enters some personal authentication information–– Establish a user nameEstablish a user name
–– Establish a password: system generated or user chosenEstablish a password: system generated or user chosen
–– Establish a token: enter its serial numberEstablish a token: enter its serial number
–– Establish a token: enter its serial numberEstablish a token: enter its serial number
••
Password enrollment is comparatively simple
Password enrollment is comparatively simple
••
Tokens require a database associating serial
Tokens require a database associating serial
numbers with individual authentication tokens
numbers with individual authentication tokens
–– Database is generated by token’s manufacturerDatabase is generated by token’s manufacturer
–– Enrollment system uses it to establish user accountEnrollment system uses it to establish user account
S E C U R E
S E C U R E
C O M P U T I N G
C O M P U T I N G
Biometric Privacy
Biometric Privacy
••
The biometric pattern acts like a password
The biometric pattern acts like a password
But biometrics are
But biometrics are not
not secrets
secrets
••
Each user leaves artifacts of her voice,
Each user leaves artifacts of her voice,
fingerprints, and appearance wherever she
fingerprints, and appearance wherever she
••
Each user leaves artifacts of her voice,
Each user leaves artifacts of her voice,
fingerprints, and appearance wherever she
fingerprints, and appearance wherever she
goes
goes
••
Users can’t change biometrics if someone
Users can’t change biometrics if someone
makes a copy
makes a copy
••
We can trace people by following their
We can trace people by following their
S E C U R E
S E C U R E
C O M P U T I N G
C O M P U T I N G
Server
Server--based biometrics
based biometrics
••
Boring but important
Boring but important
••
Some biometric systems require servers
Some biometric systems require servers
–– When you need a central repositoryWhen you need a central repository
–– Identification systems (FBI’s AFIS)Identification systems (FBI’s AFIS)
S E C U R E
S E C U R E
C O M P U T I N G
S E C U R E
S E C U R E
C O M P U T I N G
C O M P U T I N G
Attacks on Server Traffic
Attacks on Server Traffic
••
Attack on privacy of a user’s biometrics
Attack on privacy of a user’s biometrics
–– Defense = encryption while traversing the networkDefense = encryption while traversing the network
••
Attack by spoofing a digital biometric reading
Attack by spoofing a digital biometric reading
–– Defense = authenticating legitimate biometric readersDefense = authenticating legitimate biometric readers
S E C U R E
S E C U R E
C O M P U T I N G
C O M P U T I N G
Trusted Biometric Reader
Trusted Biometric Reader
••
Blocks either type of attack on server traffic
Blocks either type of attack on server traffic
••
Security objective
Security objective –– reliable data collection
reliable data collection
••
Must embed a cryptographic secret in every
Must embed a cryptographic secret in every
trusted reader
trusted reader
–– Increased development costIncreased development cost
–– Increased development costIncreased development cost
–– Increased administrative cost Increased administrative cost –– administrators must keep the administrators must keep the reader’s keys safe and up
reader’s keys safe and up--toto--datedate
••
Must enroll both users
Must enroll both users and
and trusted readers
trusted readers
–– “Double enrollment”“Double enrollment”–– Database of device keys from biometric vendorDatabase of device keys from biometric vendor
–– One device per workstation is often like one per userOne device per workstation is often like one per user
S E C U R E
S E C U R E
C O M P U T I N G
C O M P U T I N G
Another Server Attack
Another Server Attack
••
Experiments in the US and Germany
Experiments in the US and Germany
•• Willis and Lee of Willis and Lee of Network ComputingNetwork Computing Labs, 1998Labs, 1998
–– Reported in “Six Biometric Devices Point The Finger At Security” in Reported in “Six Biometric Devices Point The Finger At Security” in
Network Computing
Network Computing, 1 June 1998, 1 June 1998
•• Thalheim, Krissler, and Ziegler, Thalheim, Krissler, and Ziegler, 20022002
–– Reported in “Body Check,” Reported in “Body Check,” C’TC’T (Germany)(Germany)
–– http://www.heise.de/ct/english/02/11/114/http://www.heise.de/ct/english/02/11/114/
••
Attack on “capacitive” fingerprint sensors
Attack on “capacitive” fingerprint sensors
–– Measures change in capacitance due to presence or absence of Measures change in capacitance due to presence or absence of material with skin
material with skin--like responselike response
–– 65Kb sensor collects ~20 minutiae from fingerprint65Kb sensor collects ~20 minutiae from fingerprint
–– Traditional techniques use 10Traditional techniques use 10--12 for identification12 for identification
••
Attack exploits the fatty oils left over from the last
Attack exploits the fatty oils left over from the last
user logon
S E C U R E
S E C U R E
C O M P U T I N G
C O M P U T I N G
Latent Finger Reactivation
Latent Finger Reactivation
••
Three techniques
Three techniques
–– Oil vs. nonOil vs. non--oil regions return difference as humidity increasesoil regions return difference as humidity increases
1.
1. Breathe on the sensor (Thalheim, et al)
Breathe on the sensor (Thalheim, et al)
–– You can watch the print reappear as a biometric imageYou can watch the print reappear as a biometric image
–– Works occasionallyWorks occasionally
–– Works occasionallyWorks occasionally
2.
2. Use a thin
Use a thin--walled plastic bag of warm water
walled plastic bag of warm water
•• More effective, but not 100%More effective, but not 100%
–– Works occasionally even when system is set to maximum sensitivityWorks occasionally even when system is set to maximum sensitivity
3.
3. Dust with graphite (Willis et al; Thalheim et al)
Dust with graphite (Willis et al; Thalheim et al)
•• Attach clear tape to the dustAttach clear tape to the dust
–– Press down on the sensorPress down on the sensor
S E C U R E
S E C U R E
C O M P U T I N G
C O M P U T I N G
This Shouldn’t Work
This Shouldn’t Work
••
According to Siemens
According to Siemens –– vendor of the
vendor of the
“ID Mouse” used in those examples
“ID Mouse” used in those examples ––
–– Authentication procedure remembers the last fingerprint usedAuthentication procedure remembers the last fingerprint used
–– System rejects a match that’s “too close” to the last reading System rejects a match that’s “too close” to the last reading as well as a match that’s “too far” from the pattern
as well as a match that’s “too far” from the pattern
Observations
Observations
••
Observations
Observations
1.
1. Defense didn’t work in these experimentsDefense didn’t work in these experiments 2.
2. Tape can be repositioned to create a ‘different’ readingTape can be repositioned to create a ‘different’ reading 3.
3. Hard to track through multiple biometric readersHard to track through multiple biometric readers
–– Assume the user logs in at multiple locations over timeAssume the user logs in at multiple locations over time
–– Then the latent image on some reader is Then the latent image on some reader is notnot the most the most recent one accepted for login
S E C U R E
S E C U R E
C O M P U T I N G
C O M P U T I N G
What about “Active”
What about “Active”
Biometric Authentication?
Biometric Authentication?
••
Some (Dorothy Denning) suggest the use of biometrics
Some (Dorothy Denning) suggest the use of biometrics
in which the pattern incorporates “dynamic”
in which the pattern incorporates “dynamic”
information uniquely associated with the user
information uniquely associated with the user
••
Possible techniques
Possible techniques
–– Require any sort of nonRequire any sort of non--static input that matches the builtstatic input that matches the built--in patternin pattern
•• Moving the finger around on the fingerprint readerMoving the finger around on the fingerprint reader
•• Moving the finger around on the fingerprint readerMoving the finger around on the fingerprint reader
–– Challenge response that demands an unpredictable reply Challenge response that demands an unpredictable reply
•• Voice recognition that demands reciting an unpredictable phraseVoice recognition that demands reciting an unpredictable phrase
••
Both are vulnerable to a dynamic digital attack based
Both are vulnerable to a dynamic digital attack based
on a copy of the user’s biometric pattern
on a copy of the user’s biometric pattern
••
Ease of use issue
Ease of use issue
–– Requires more complex user behavior, which makes it harder to use Requires more complex user behavior, which makes it harder to use and less reliable
S E C U R E
S E C U R E
C O M P U T I N G
C O M P U T I N G
Attacking Active Biometrics
Attacking Active Biometrics
A feasible dynamic attack uses the system’s algorithms
A feasible dynamic attack uses the system’s algorithms
to generate an acceptable signature
to generate an acceptable signature
••
Example
Example
–– Attacker collects enough biometric samples from the victim to build a Attacker collects enough biometric samples from the victim to build a plausible copy of victim’s biometric pattern
plausible copy of victim’s biometric pattern
–– During login, attacker is prompted for a spoken phrase from the victimDuring login, attacker is prompted for a spoken phrase from the victim
–– Attack software generates a digital message based on the user’s Attack software generates a digital message based on the user’s biometric pattern
biometric pattern
•• There may be a sequence of timed messages or a single message There may be a sequence of timed messages or a single message –– it doesn’t matterit doesn’t matter
S E C U R E
S E C U R E
C O M P U T I N G
C O M P U T I N G
Token
Token--Based Biometrics
Based Biometrics
Authenticate with biometric + embedded secret
Authenticate with biometric + embedded secret
S E C U R E
S E C U R E
C O M P U T I N G
C O M P U T I N G
Token Technology
Token Technology
••
Resist copying and other attacks by storing the
Resist copying and other attacks by storing the
authentication secret in a tamper
authentication secret in a tamper--resistant package.
resistant package.
S E C U R E
S E C U R E
C O M P U T I N G
C O M P U T I N G
Tokens Resist
Tokens Resist
Trial
Trial--and
and--Error Attacks
Error Attacks
Example Type of Attack Average Attack Space
Reusable Passwords or Off-Line 2Interactive 1 to 245
Biometrics Team 26 to 219
One-Time Password Tokens Interactive or Off-Line 2
19 to 263
Public Key Tokens Off-Line 263 to 2116
These numbers assume that the attacker
These numbers assume that the attacker
has
S E C U R E
S E C U R E
C O M P U T I N G
C O M P U T I N G
Biometric Token Operation
Biometric Token Operation
••
The “real” authentication is based on a secret
The “real” authentication is based on a secret
embedded in the token
embedded in the token
••
The biometric reading simply “unlocks” that
The biometric reading simply “unlocks” that
secret
secret
••
Benefits
Benefits
••
Benefits
Benefits
–– User retains control of own biometric patternUser retains control of own biometric pattern
–– Biometric signatures don’t traverse networksBiometric signatures don’t traverse networks
••
Problems
Problems
–– Biometric Tokens cost moreBiometric Tokens cost more
–– Less space and cost for the biometric readerLess space and cost for the biometric reader
S E C U R E
S E C U R E
C O M P U T I N G
C O M P U T I N G
Attacks on Biometric Tokens
Attacks on Biometric Tokens
••
If you can trick the reader, you can probably
If you can trick the reader, you can probably
trick the token
trick the token
••
Digital spoofing shouldn’t work
Digital spoofing shouldn’t work
–– We’ve eliminated the vulnerable data pathWe’ve eliminated the vulnerable data path
••
Latent print reactivation (remember?)
Latent print reactivation (remember?)
–– Tokens should be able to detect and reject such attacksTokens should be able to detect and reject such attacks
••
Attacks by cloning the biometric artifact
Attacks by cloning the biometric artifact
–– Voluntary cloning (the authorized user is an accomplice)Voluntary cloning (the authorized user is an accomplice)
S E C U R E
S E C U R E
C O M P U T I N G
C O M P U T I N G
Voluntary finger cloning
Voluntary finger cloning
1.
1. Select the casting material
Select the casting material
–– Option: softened, free molding plastic (used by Matsumoto)Option: softened, free molding plastic (used by Matsumoto)
–– Option: part of a large, soft wax candle (used by Willis; Thalheim)Option: part of a large, soft wax candle (used by Willis; Thalheim)
2.
2. Push the fingertip into the soft material
Push the fingertip into the soft material
3.
3. Let material harden
Let material harden
3.
3. Let material harden
Let material harden
4.
4. Select the finger cloning material
Select the finger cloning material
•• Option: gelatin (“gummy fingers” used by Matsumoto)Option: gelatin (“gummy fingers” used by Matsumoto)
•• Option: silicone (used by Willis; Thalheim)Option: silicone (used by Willis; Thalheim)
5.
5. Pour a layer of cloning material into the mold
Pour a layer of cloning material into the mold
6.
6. Let the clone harden
Let the clone harden
S E C U R E
S E C U R E
C O M P U T I N G
C O M P U T I N G
Matsumoto’s Technique
Matsumoto’s Technique
S E C U R E
S E C U R E
C O M P U T I N G
C O M P U T I N G
Making the Actual Clone
Making the Actual Clone
You can place the “gummy finger” over your real finger.
You can place the “gummy finger” over your real finger.
Observers aren’t likely to detect it when you use it on a
Observers aren’t likely to detect it when you use it on a
fingerprint reader. (Matsumoto)
S E C U R E
S E C U R E
C O M P U T I N G
C O M P U T I N G
Involuntary Cloning
Involuntary Cloning
••
The stuff of Hollywood
The stuff of Hollywood –– three examples
three examples
–– SneakersSneakers (1992) “My voice is my password”(1992) “My voice is my password”–– Never Say Never AgainNever Say Never Again (1983) cloned retina(1983) cloned retina
–– Charlie’s AngelsCharlie’s Angels (2000)(2000)
•• Fingerprints from beer bottlesFingerprints from beer bottles
•• Fingerprints from beer bottlesFingerprints from beer bottles
•• Eye scan from oomEye scan from oom--pah laserpah laser
••
You clone the biometric without victim’s
You clone the biometric without victim’s
knowledge or intentional assistance
knowledge or intentional assistance
S E C U R E
S E C U R E
C O M P U T I N G
C O M P U T I N G
Cloned Face
Cloned Face
••
More work by
More work by Thalheim, Krissler, and Ziegler
Thalheim, Krissler, and Ziegler
•• Reported in “Body Check,” C’T (Germany) Reported in “Body Check,” C’T (Germany)http://www.heise.de/ct/english/02/11/114/ http://www.heise.de/ct/english/02/11/114/
••
Show the camera a photograph or video clip
Show the camera a photograph or video clip
instead of the real face
instead of the real face
instead of the real face
instead of the real face
–– Video clip required to defeat “dynamic” biometric checksVideo clip required to defeat “dynamic” biometric checks
••
Photo was taken without the victim’s
Photo was taken without the victim’s
assistance (video possible, too)
assistance (video possible, too)
••
Face recognition was fooled
Face recognition was fooled
–– Cognitec's FaceVACSCognitec's FaceVACS--Logon using the recommended Philips's Logon using the recommended Philips's ToUcam PCVC 740K camera
S E C U R E
S E C U R E
C O M P U T I N G
C O M P U T I N G
Matsumoto’s 2
Matsumoto’s 2
nd
nd
Technique
Technique
Cloning a fingerprint from a
Cloning a fingerprint from a latent
latent print
1.
1. Capture clean, complete fingerprint on a glass, CD,
Capture clean, complete fingerprint on a glass, CD,
or other smooth, clean surface
or other smooth, clean surface
2.
2. Pick it up using tape and graphite
Pick it up using tape and graphite
2.
2. Pick it up using tape and graphite
Pick it up using tape and graphite
3.
3. Scan it into a computer at high resoultion
Scan it into a computer at high resoultion
4.
4. Enhance the fingerprint image
Enhance the fingerprint image
5.
5. Etch it onto printed circuit board (PCB) material
Etch it onto printed circuit board (PCB) material
6.
S E C U R E
S E C U R E
C O M P U T I N G
C O M P U T I N G
Making a Gummy Finger
Making a Gummy Finger
S E C U R E
S E C U R E
C O M P U T I N G
C O M P U T I N G
The Latent Print Dilemma
The Latent Print Dilemma
••
Tokens tend to be smooth objects of metal or
Tokens tend to be smooth objects of metal or
plastic
plastic –– materials that hold latent prints well
materials that hold latent prints well
••
Can an attacker steal a token, lift the owner’s
Can an attacker steal a token, lift the owner’s
latent prints from it, and construct a working
latent prints from it, and construct a working
latent prints from it, and construct a working
latent prints from it, and construct a working
clone of the owner’s fingerprint?
clone of the owner’s fingerprint?
••
Worse, can an attacker reactivate a latent
Worse, can an attacker reactivate a latent
image of the biometric from the sensor itself?
image of the biometric from the sensor itself?
S E C U R E
S E C U R E
C O M P U T I N G
C O M P U T I N G
Finger Cloning Effectiveness
Finger Cloning Effectiveness
••
Willis and Lee could trick 4 of 6 sensors tested
Willis and Lee could trick 4 of 6 sensors tested
in 1998 with cloned fingers
in 1998 with cloned fingers
••
Thalheim et al could trick both “capacitive” and
Thalheim et al could trick both “capacitive” and
“optical” sensors with cloned fingers
“optical” sensors with cloned fingers
–– Products from Siemens, Cherry, Eutron, VerdicomProducts from Siemens, Cherry, Eutron, Verdicom
–– Products from Siemens, Cherry, Eutron, VerdicomProducts from Siemens, Cherry, Eutron, Verdicom
–– Latent image reactivation only worked on capacitive sensors, Latent image reactivation only worked on capacitive sensors, not on optical ones
not on optical ones
••
Matsumoto tested 11 capacitive and optical
Matsumoto tested 11 capacitive and optical
sensors
sensors
–– Cloned fingers tricked all of themCloned fingers tricked all of them
–– Compaq, Mitsubishi, NEC, Omron, Sony, Fujitsu, Siemens, Compaq, Mitsubishi, NEC, Omron, Sony, Fujitsu, Siemens, Secugen, Ethentica
S E C U R E
S E C U R E
C O M P U T I N G
C O M P U T I N G
Summary
Summary
••
Traditional FAR and FRR statistics don’t tell the
Traditional FAR and FRR statistics don’t tell the
whole story about biometric vulnerabilities
whole story about biometric vulnerabilities
••
Networked biometrics require trusted readers
Networked biometrics require trusted readers
that pose extra administrative headaches
that pose extra administrative headaches
that pose extra administrative headaches
that pose extra administrative headaches
••
We can build physical clones of biometric
We can build physical clones of biometric
features that spoof biometric readers
features that spoof biometric readers
–– Matsumoto needed $10 worth of materials and 40 minutes to Matsumoto needed $10 worth of materials and 40 minutes to reliably clone a fingerprint
reliably clone a fingerprint
••
We can often build clones without the
We can often build clones without the
S E C U R E
S E C U R E
C O M P U T I N G C O M P U T I N G
Thank You!
Thank You!
Questions? Comments?
Questions? Comments?
My e
My e--mail:
mail:
Rick_Smith@securecomputing.com
Rick_Smith@securecomputing.com
http://www.visi.com/crypto
http://www.visi.com/crypto