Presentation is loading. Please wait.

Presentation is loading. Please wait.

Thwarting Attacks Dr. Pushkin Kachroo. Introduction Biometrics can help convenience and security Might remove or strengthen some weak points but get new.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Thwarting Attacks Dr. Pushkin Kachroo. Introduction Biometrics can help convenience and security Might remove or strengthen some weak points but get new."— Presentation transcript:

1 Thwarting Attacks Dr. Pushkin Kachroo

2 Introduction Biometrics can help convenience and security Might remove or strengthen some weak points but get new ones too

3 Pattern Recognition Pattern Recognition: Stages A, B, C, D Enrollment: E, F Input Device/ Sensor Template Extractor Matcher Application Enrollment Template Database 1 2 3 4 5 6 7 8 9 10 11

4 Attacking Biometric Identifiers Mimicking another person Distorting One’s own Appearance Changing Data stored in the System

5 Threat 1: CA Coercive Attack: True Biometric is presented in an unauthorized way (e.g. under duress, forced a genuine person by an intruder. Detection could use stress analysis of the user, video monitoring etc.) Biometric could involve physical removal of the biometric from the real owner. Detection could use by using “liveness” detection, e.g. temperature, electrical activity, eye movement etc.)

6 Threat 1: IA Impersonation Attack: The attacker changes her/his own biometric (face, voice etc.) –Positive: Imitate someone else’s voice –Negative: Surgically remove one’s own finger prints Use multiple biomerics

7 Threat 1: RA Replay Attack: Recording of true data is presented to the sensor –e.g. recorder speech, can be detected by changing the text; –Photograph for face recognition, detect by asking for changing expressions, angle etc.

8 Front End Attacks Threat 2: Channel between sensor and biomeric system, i.e. introduce signal (digital/analog) past the sensor system. Threat 3: The feature extractor can be attacked so that it produces a pre-selected feature at some given time, or under some specific condition. Threat 4: Communication channel between feature extractor and matcher; e.g. send minutiae to a remote matcher. Threat 5: Matcher is attacked directly to produce a favorable score.

9 Circumvention Threat 6: Overriding the output of the matcher –Collusion: Where a super-user has the ability to overrule the system results

10 Back End Attacks Threat 7: Change the representation between the database and the matcher. Threat 8: Enrollment has similarities to authentication, hence similar attacks as 1 to 6. Threat 9: Between enrollment and database. Threat 10: Attack on database itself Threat 11: Bugs in the application itself

11 Other Attacks Password attacks (intrinsic error ate or bit strength of a password/biometric), generally at points 2 and 4, but other places too. Hill Climbing Attack: repeated submissions and using error metrics and gradients. Swamping Attack: Brute force attack, e.g. using hundreds of minutiae. Piggy-back Attack: Gain access simultaneously with a legitimate user. Illegitimate Enrollment.

12 Smartcard with Biometric Smart cards with stored biometric of the user – Good for privacy –Distributed database Even if card lost, it is safe because card and actual biometric is needed. Data is protected on the card using hardware/software encryption.

13 Challenge and Response Dynamic protocol where the user is challenged to produce different responses

14 Cancelable Biometrics Use morphing or non-invertible transformation of the data, e.g. for finger printing, iris patterns etc. –Differ from image compression because in cancelable biometrics much of the local geomery is retained. –Different from encryption, because non-invertible –Also, legacy system can deal with cancelable biometrics.

Download ppt "Thwarting Attacks Dr. Pushkin Kachroo. Introduction Biometrics can help convenience and security Might remove or strengthen some weak points but get new."

Similar presentations

Match On Card Technology and its use for PKI Mgr. Miroslav Valeš Sales Manager Eastern Europe May 9, 2001 CATE 2001 Security and Protection.

Match On Card Technology and its use for PKI Mgr. Miroslav Valeš Sales Manager Eastern Europe May 9, 2001 CATE 2001 Security and Protection.
Biometrics: Fingerprint Technology Calvin Shueh Professor Stamp CS265.

Biometrics: Fingerprint Technology Calvin Shueh Professor Stamp CS265.
Lecture 6 User Authentication (cont)

Lecture 6 User Authentication (cont)
 Physical Logical Access  Physical and Logical Access  Total SSO and Password Automation  Disk/Data Encryption  Centralized management system  Biometric.

 Physical Logical Access  Physical and Logical Access  Total SSO and Password Automation  Disk/Data Encryption  Centralized management system  Biometric.
CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.

CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.
Chapter 9 Creating and Maintaining Database Presented by Zhiming Liu Instructor: Dr. Bebis.

Chapter 9 Creating and Maintaining Database Presented by Zhiming Liu Instructor: Dr. Bebis.
Security Challenges of Biometric Systems

Security Challenges of Biometric Systems
Chapter 8 Selecting a Biometric Presentation by Phani Dogiparthi.

Chapter 8 Selecting a Biometric Presentation by Phani Dogiparthi.
Creating and Maintaining Databases Dr. Pushkin Kachroo.

Creating and Maintaining Databases Dr. Pushkin Kachroo.
Biometric Authentication Andrea Blanco Binglin Li Brian Connelly.

Biometric Authentication Andrea Blanco Binglin Li Brian Connelly.
Chapter 12 Thwarting Attacks Leandro A. Loss. Introduction Benefits of Biometric Authentication: –Convenience (e.g. recall password, keep cards) –Security.

Chapter 12 Thwarting Attacks Leandro A. Loss. Introduction Benefits of Biometric Authentication: –Convenience (e.g. recall password, keep cards) –Security.
Biometrics.

Biometrics.
Authors: Anil K. Jain, Arun Ross and Sharath Pankanti Presented By: Payas Gupta.

Authors: Anil K. Jain, Arun Ross and Sharath Pankanti Presented By: Payas Gupta.
Biometric Cryptosystems Presenters: Yeh Po-Yin Yang Yi-Lun.

Biometric Cryptosystems Presenters: Yeh Po-Yin Yang Yi-Lun.
BIOMETRICS AND NETWORK AUTHENTICATION Security Innovators.

BIOMETRICS AND NETWORK AUTHENTICATION Security Innovators.
Biometrics Technology Jie Meng. What is Biometrics ? Biometrics is the science and technology of measuring and analyzing biological data. In information.

Biometrics Technology Jie Meng. What is Biometrics ? Biometrics is the science and technology of measuring and analyzing biological data. In information.
Standards for Biometrics Dr. Pushkin Kachroo. Introduction Standards needed for interoperability At all levels of the system –hardware level (using one.

Standards for Biometrics Dr. Pushkin Kachroo. Introduction Standards needed for interoperability At all levels of the system –hardware level (using one.
Biometrics II CUBS, University at Buffalo

Biometrics II CUBS, University at Buffalo
FIT3105 Biometric based authentication and identity management

FIT3105 Biometric based authentication and identity management
Introduction to Biometrics Dr. Pushkin Kachroo. New Field Face recognition from computer vision Speaker recognition from signal processing Finger prints.

Introduction to Biometrics Dr. Pushkin Kachroo. New Field Face recognition from computer vision Speaker recognition from signal processing Finger prints.

Similar presentations

Ads by Google