Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Challenges of Biometric Systems

Similar presentations

Presentation on theme: "Security Challenges of Biometric Systems"— Presentation transcript:

1 Security Challenges of Biometric Systems
Liam M. Mayron, Ph.D. Arizona State University SoDA January 29, 2015

2 Credit Some of the reference material in this presentation is from the textbook “Introduction to Biometrics” by Jain, Ross, and Nandakumar Some figures have been obtained from various online sources (as noted)

3 Biometrics? Biometrics are physical and behavioral characteristics that uniquely identify humans Typically used for authentication – associating individuals with their personal identities Active area of research – combines image processing, security, information retrieval, physiology, cognitive science and other fields

4 Harry Potter Source:

5 Harry Potter Source:

6 Harry Potter Source:

7 What a person possesses
Identity What a person knows What a person possesses Who a person is Relying on what a person knows and what a person possesses is not enough!

8 Biometric functions “Are you who you say you are?”
Verification Identification “Are you who you say you are?” “Are you someone who the system previously recognized?”

9 Examples of biometrics
Fingerprint Palm print Face Iris Retina Ear Voice Signature Gait Hand Vein Odor DNA … AND MORE!

10 Fingerprint Source:

11 Iris Source:

12 Gait Source:

13 System operation Enrollment phase Recognition phase
Sample biometric data Extract features Store extracted features, discard the raw data Re-sample biometric data Extract features Compare against stored data Determine user identity

14 System components Sensor Feature extractor Database Matcher
Green: enrollment Purple: recognition Sensor Feature extractor Database Matcher

15 Feature extraction A lot of research interest!
Purpose is to generate a template, a compact representation of a biometric trait Assess quality Segment data Enhance data

16 Matching Compare query data to a previously stored template
Decide if a individual is a genuine match or an imposter Exact matches are… suspicious

17 Desired characteristics of biometrics
Uniqueness Permanence A biometric should be able to distinguish between two people A biometric should not change (much) over time

18 Design cycle Understand nature of application and performance requirements Choose appropriate biometric traits Collect sample biometric data Design or train the feature extractor or matcher Evaluation and feedback

19 Application considerations
Cooperative vs. non-cooperative users Overt vs. covert deployment Habituated vs. non-habituated users Attended vs. unattended operation Controlled vs. uncontrolled operation Open vs. closed system

20 Biometric considerations
Universality Uniqueness Permanence Measurability Performance Acceptability Circumvention

21 Example: fingerprints

22 Fingerprints Ridges under our fingers allow us to grasp objects and improve sensation 20-24 ridges per centimeter is typical Ridge flow is a result of random stresses during fetal development*

23 Fingerprints The template of a fingerprint is derived from its minutiae Minutiae consist of: Location: location in the image Direction: direction along local ridge orientation Type: Ending Bifurcation A set of minutiae can potentially be used to derive the original ridge skeleton structure Sets of minutiae are compared. If the difference is within allowable parameters both are considered to match

24 Security threats to biometric systems
Denial of Service (DoS) Intrusion Repudiation Function creep

25 Infrastructure attacks
System attacks Insider attacks Infrastructure attacks Biometric systems require human interaction – can be exploited Collusion Coercion Negligence Enrollment fraud Exception abuse Combination of hardware and software Types User interface System modules Interconnections Template database

26 User interface attacks
Any attack initiated by presenting a biometric Impersonation Obfuscation Spoofing Spoof detection Liveness detection Measure physiological properties Pulse Blood pressure Perspiration Spectral properties of the skin Electrical conductivity Skin deformation Identify voluntary/involuntary behavior Challenge-response

27 Spoof detection Source:

28 Interconnection attacks
Man-in-the-middle attack Replay attack Hill-climbing

29 Template database attacks
Leakage is a much more serious issue in biometric systems than in password-based systems

30 Leakage Ways information about a biometric user can be learned
Collusion or coercion: close proximity or cooperation Covert acquisition: close proximity or cooperation Brute force or hill-climbing: breach system security and intrusion Template leakage: can be done remotely and anonymously It is not possible to replace compromised biometric tokens The irrevocable nature of biometrics is both a strength and a weakness

31 Password security Can techniques that are used to store passwords be used to store biometric templates? Encryption Security depends on the secrecy of the decryption key Encryption (done simply) is not enough to secure passwords Password-based key generation Password is never stored Password is instead used to generate a cryptographic key Cryptographic hash A one-way hash is applied Cannot retrieve the original password from the hash*

32 Requirements and challenges
Password security techniques cannot be directly applied to biometric templates Fundamental difference between biometric password systems Password systems require an exact match Biometric systems require a “good” match Biometric template protection requires Cryptographic security: non-invertible templates Performance: maintain matching ability Revocability: generate multiple templates from the same data

33 Encryption Use encryption (AES, RSA) to secure template data
Not equivalent to password encryption Passwords are the same Biometrics vary at each reading Can compare encrypted passwords directly; cannot directly-compare encrypted biometrics Disadvantage: original data is exposed during decryption Advantage: matching performance is unaffected, can use the same matching algorithms Generally not sufficient for securing biometric data

34 Feature transformation
A transformation function is applied to the template Transformation function derived from a password or random key Can be invertible or non-invertible Invertible Security is derived from the secrecy of the password or key Keys can be user-specific Homomorphic encryption Non-invertible Equivalent to password hashing More secure than invertible feature transformation Challenging to create non-invertible transformation functions Can adversely affect matching performance

35 Biometric cryptosystems
Biometric data is used to bind or generate cryptographic keys Key binding: use biometric data to identify a key that was generated independently of the biometric data itself Key generation: use biometric data to create a key Biometric cryptosystems are an area of active research Helper information that is publicly available is used to stabilize the system

36 Discussion There is no ideal method of biometric security
Many open challenges Today, hybrids of multiple techniques are increasingly common Research topics to consider: Are there existing security methods that can be extended to biometrics? How can we measure the security of a biometric template database? Are there biometrics that are not compatible with existing security schemes?

37 Thank you! Questions? or stop by BYENG 506

Download ppt "Security Challenges of Biometric Systems"

Similar presentations

Ads by Google