Presentation is loading. Please wait.

Presentation is loading. Please wait.

SECURITY CHALLENGES OF BIOMETRIC SYSTEMS Liam M. Mayron, Ph.D. Arizona State University SoDA January 29, 2015.

Similar presentations


Presentation on theme: "SECURITY CHALLENGES OF BIOMETRIC SYSTEMS Liam M. Mayron, Ph.D. Arizona State University SoDA January 29, 2015."— Presentation transcript:

1 SECURITY CHALLENGES OF BIOMETRIC SYSTEMS Liam M. Mayron, Ph.D. Arizona State University SoDA January 29, 2015

2 Credit Some of the reference material in this presentation is from the textbook “Introduction to Biometrics” by Jain, Ross, and Nandakumar Some figures have been obtained from various online sources (as noted)

3 Biometrics? Biometrics are physical and behavioral characteristics that uniquely identify humans Typically used for authentication – associating individuals with their personal identities Active area of research – combines image processing, security, information retrieval, physiology, cognitive science and other fields

4 Harry Potter Source: scan.htm scan.htm

5 Harry Potter Source: om/index.php?page=300 0-series-lockers-more- information om/index.php?page=300 0-series-lockers-more- information

6 Harry Potter Source: g.blogspot.com/2011/08/ universal-theme-park-in- orlando.html g.blogspot.com/2011/08/ universal-theme-park-in- orlando.html

7 Identity Relying on what a person knows and what a person possesses is not enough!

8 Biometric functions Verification “Are you who you say you are?” Identification “Are you someone who the system previously recognized?”

9 Examples of biometrics FingerprintPalm printFaceIris RetinaEarVoiceSignature GaitHandVeinOdor DNA … AND MORE!

10 Fingerprint Source: u/education/curriculum/v m8054/labs/lab14/IMAG ES/FINGERPRINT.jpg u/education/curriculum/v m8054/labs/lab14/IMAG ES/FINGERPRINT.jpg

11 Iris Source: ki/File:NIRIris.png ki/File:NIRIris.png

12 Gait Source: ac.uk/rbf/CVDICT/cvg.ht m ac.uk/rbf/CVDICT/cvg.ht m

13 System operation Enrollment phaseRecognition phase

14 System components Green: enrollment Purple: recognition Sensor Feature extractor Database Matcher

15 Feature extraction A lot of research interest! Purpose is to generate a template, a compact representation of a biometric trait Assess quality Segment data Enhance data

16 Matching Compare query data to a previously stored template Decide if a individual is a genuine match or an imposter Exact matches are… suspicious

17 Desired characteristics of biometrics Uniqueness A biometric should be able to distinguish between two people Permanence A biometric should not change (much) over time

18 Design cycle

19 Application considerations Cooperative vs. non-cooperative users Overt vs. covert deployment Habituated vs. non-habituated users Attended vs. unattended operation Controlled vs. uncontrolled operation Open vs. closed system

20 Biometric considerations Universality Uniqueness Permanence Measurability Performance Acceptability Circumvention

21 Example: fingerprints Source: ki/File:Fingerprint_detail _on_male_finger.jpg ki/File:Fingerprint_detail _on_male_finger.jpg

22 Fingerprints Ridges under our fingers allow us to grasp objects and improve sensation ridges per centimeter is typical Ridge flow is a result of random stresses during fetal development*

23 Fingerprints The template of a fingerprint is derived from its minutiae Minutiae consist of: Location: location in the image Direction: direction along local ridge orientation Type: Ending Bifurcation A set of minutiae can potentially be used to derive the original ridge skeleton structure Sets of minutiae are compared. If the difference is within allowable parameters both are considered to match

24 Security threats to biometric systems Denial of Service (DoS) Intrusion Repudiation Function creep

25 System attacks Insider attacks Biometric systems require human interaction – can be exploited Collusion Coercion Negligence Enrollment fraud Exception abuse Infrastructure attacks Combination of hardware and software Types User interface System modules Interconnections Template database

26 User interface attacks Any attack initiated by presenting a biometric Impersonation Obfuscation Spoofing Spoof detection Liveness detection Measure physiological properties Pulse Blood pressure Perspiration Spectral properties of the skin Electrical conductivity Skin deformation Identify voluntary/involuntary behavior Challenge-response

27 Spoof detection Source: m/2012/03/29/samsung- face-unlock-blinking- feature/ m/2012/03/29/samsung- face-unlock-blinking- feature/

28 Interconnection attacks Man-in-the-middle attack Replay attack Hill-climbing

29 Template database attacks Leakage is a much more serious issue in biometric systems than in password-based systems

30 Leakage Ways information about a biometric user can be learned Collusion or coercion: close proximity or cooperation Covert acquisition: close proximity or cooperation Brute force or hill-climbing: breach system security and intrusion Template leakage: can be done remotely and anonymously It is not possible to replace compromised biometric tokens The irrevocable nature of biometrics is both a strength and a weakness

31 Password security Can techniques that are used to store passwords be used to store biometric templates? Encryption Security depends on the secrecy of the decryption key Encryption (done simply) is not enough to secure passwords Password-based key generation Password is never stored Password is instead used to generate a cryptographic key Cryptographic hash A one-way hash is applied Cannot retrieve the original password from the hash*

32 Requirements and challenges Password security techniques cannot be directly applied to biometric templates Fundamental difference between biometric password systems Password systems require an exact match Biometric systems require a “good” match Biometric template protection requires Cryptographic security: non-invertible templates Performance: maintain matching ability Revocability: generate multiple templates from the same data

33 Encryption Use encryption (AES, RSA) to secure template data Not equivalent to password encryption Passwords are the same Biometrics vary at each reading Can compare encrypted passwords directly; cannot directly- compare encrypted biometrics Disadvantage: original data is exposed during decryption Advantage: matching performance is unaffected, can use the same matching algorithms Generally not sufficient for securing biometric data

34 Feature transformation A transformation function is applied to the template Transformation function derived from a password or random key Can be invertible or non-invertible Invertible Security is derived from the secrecy of the password or key Keys can be user-specific Homomorphic encryption Non-invertible Equivalent to password hashing More secure than invertible feature transformation Challenging to create non-invertible transformation functions Can adversely affect matching performance

35 Biometric cryptosystems Biometric data is used to bind or generate cryptographic keys Key binding: use biometric data to identify a key that was generated independently of the biometric data itself Key generation: use biometric data to create a key Biometric cryptosystems are an area of active research Helper information that is publicly available is used to stabilize the system

36 Discussion There is no ideal method of biometric security Many open challenges Today, hybrids of multiple techniques are increasingly common Research topics to consider: Are there existing security methods that can be extended to biometrics? How can we measure the security of a biometric template database? Are there biometrics that are not compatible with existing security schemes?

37 THANK YOU! Questions? or stop by BYENG


Download ppt "SECURITY CHALLENGES OF BIOMETRIC SYSTEMS Liam M. Mayron, Ph.D. Arizona State University SoDA January 29, 2015."

Similar presentations


Ads by Google