Biometric AuthenticationSlide 2Identification vs. AuthenticationProblems with BiometricsForging HandwritingBiometric Error Rates (Benign)Biometrics (1)Biometrics (2)Biometrics (3)Biometrics (4)Biometrics (5)Risks of BiometricsSurgical ChangeStealing BiometricsInvoluntary CloningCloning a FingerCloning ProcessFingerprint ImageMoldingThe Mold and the Gummy FingerSide By SidePlay-Doh FingersVitaly ShmatikovCS 361SBiometric Authenticationslide 2Biometric AuthenticationNothing to rememberPassive•Nothing to type, no devices to carry aroundCan’t share (usually)Can be fairly unique•… if measurements are sufficiently accurateslide 3Identification vs. AuthenticationGoal: associate an identity with an event•Example: a fingerprint at a crime scene•Key question: given a particular biometric reading, does there exist another person who has the same value of this biometric?Goal: verify a claimed identity•Example: fingerprint scanner to enter a building•Key question: do there exist any two persons who have the same value of this biometric?–Birthday paradox!slide 4Problems with BiometricsPrivate, but not secret•Biometric passports, fingerprints and DNA on objects…Even random-looking biometrics may not be sufficiently unique for authentication•Birthday paradox!Potentially forgeableRevocation is difficult or impossibleslide 5Forging Handwriting[Ballard, Monrose, Lopresti]Generated by computer algorithm trainedon handwriting samplesslide 6Biometric Error Rates (Benign)“Fraud rate” vs. “insult rate”•Fraud = system accepts a forgery (false accept)•Insult = system rejects valid user (false reject)Increasing acceptance threshold increases fraud rate, decreases insult rateFor biometrics, U.K. banks set target fraud rate of 1%, insult rate of 0.01% [Ross Anderson]•Common signature recognition systems achieve equal error rates around 1% - not good enough!slide 7Biometrics (1)Face recognition (by a computer algorithm)•Error rates up to 20%, given reasonable variations in lighting, viewpoint and expressionFingerprints•Traditional method for identification•1911: first US conviction on fingerprint evidence•U.K. traditionally requires 16-point match–Probability of a false match is 1 in 10 billion–No successful challenges until 2000•Fingerprint damage impairs recognition–Ross Anderson’s scar crashes FBI scannerslide 8Biometrics (2)Iris scanning•Irises are very random, but stable through life–Different between the two eyes of the same individual•256-byte iris code based on concentric rings between the pupil and the outside of the iris•Equal error rate better than 1 in a millionHand geometry•Used in nuclear premises entry control, INSPASS (discontinued in 2002)Voice, ear shape, vein pattern, face temperatureslide 9Biometrics (3)Identifies wearerby his/her uniqueheartbeat patternslide 10Biometrics (4)“Forget Fingerprints: Car Seat IDs Driver’s Rear End”360 disc-shaped sensorsidentify a unique “buttprint”with 98% accuracy“All you need to do is sit”¥70,000[Advanced Institute of Industrial Technology, Japan]slide 11Biometrics (5)slide 12Risks of BiometricsCriminal gives an inexperienced policeman fingerprints in the wrong order•Record not found; gets off as a first-time offenderCan be cloned or separated from the person•Ross Anderson: in countries where fingerprints are used to pay pensions, there are persistent tales of “Granny’s finger in the pickle jar” being the most valuable property she bequeathed to her familyBirthday paradox•With the false accept rate of 1 in a million, probability of a false match is above 50% with only 1609 samplesslide 13Surgical Changeslide 14Stealing Biometricsslide 15Involuntary CloningClone a biometric without victim’s knowledge or assistance“my voice is mypassword”cloned retinaFingerprints frombeer bottlesEye laser scanBad news: it works!slide 16Cloning a Finger[Matsumoto]slide 17Cloning Process[Matsumoto]slide 18Fingerprint Image[Matsumoto]slide 19Molding[Matsumoto]slide 20The Mold and the Gummy Finger[Matsumoto]slide 21Side By Side[Matsumoto]slide 22Play-Doh FingersAlternative to gelatinPlay-Doh fingers fool 90% of fingerprint scanners•Clarkson University studySuggested perspiration measurement to test “liveness” of the