Introduction to BiometricsOutlineTypes of AttacksTypes of AttacksTypes of AttacksSlide 6Slide 7Slide 8Slide 9Analysis of AttacksSlide 11Slide 12Slide 13Slide 14Slide 15Slide 16Slide 17Slide 18Slide 19Slide 20Slide 21Slide 22Slide 23Liveness DetectionSlide 25Slide 26Role of IBGSlide 28Slide 29Slide 30Introduction to BiometricsDr. Bhavani ThuraisinghamThe University of Texas at DallasLecture #24Attacks on Biometrics SystemsNovember 16, 2005OutlineTypes of AttacksAnalysis of AttacksLiveness DetectionRole of IBGReference: -http://biometrics.cse.msu.edu/EI5306-62-manuscript.pdf-http://www.biometricsinfo.org/whitepaper1.htmTypes of Attacks Type 1 attack involves presenting a fake biometric (e.g., synthetic fingerprint, face, iris) to the sensor. Submitting a previously intercepted biometric data constitutes thesecond type of attack (replay). In the third type of attack, the feature extractor module is compromised to produce feature values selected by the attackerGenuine feature values are replaced with the ones selected by the attacker in the fourth type of attack. Matcher can be modified to output an artificially high matching score in the fifth type of attack.The attack on the template database (e.g., adding a new template, modifying an existing template, removing templates, etc.) constitutes the sixth type of attack.Types of Attacks The attack on the template database (e.g., adding a new template, modifying an existing template, removing templates, etc.) constitutes the sixth type of attack. The transmission medium between the template database and matcher is attacked in the seventh type of attack, resulting in the alteration of the transmitted templates. Finally, the matcher result (accept or reject) can be overridden by the attacker.Types of AttacksThe lack of secrecy (e.g., leaving fingerprint impressions on the surfaces we touch), and non-replaceability (e.g., once the biometric data is compromised, there is no way to return to a secure situation, unlike replacing a key or password) are identified as the main problems of biometric systems.Typical threats for a generic authentication application, may result in quite different effects for traditional and biometrics-based systems. In Denial of Service (DoS), an attacker corrupts the authentication system so that legitimate users cannot use it. For a biometric authentication system, an online authentication server that processes access requests (via retrieving templates from a database and performing matching with the transferred biometric data) can be bombarded with many bogus access requests, to a point where the server’s computational resources cannot handle valid requests any more.In circumvention, an attacker gains access to the system protected by the authentication application. -This threat can be cast as a privacy attack, where the attacker accesses the data that she was not authorized (e.g., accessing the medical records of another user) or, as a subversive attack, where the attacker manipulates the system (e.g., changing those records, submitting bogus insurance claims, etc.). In repudiation, the attacker denies accessing the system. -For example, a corrupt bank clerk who modifies some financial records illegally may claim that her biometric data was “stolen”, or she can argue that the False Accept Rate (FAR) phenomenon associated with any biometric may have been the cause of the problem.Types of AttacksIn contamination (covert acquisition), an attacker can surreptitiously obtain biometric In contamination (covert acquisition), an attacker can surreptitiously obtain biometric data of legitimate users (e.g., lifting a latent fingerprint and constructing a three-dimensional mold) and use it to access the system. Further, the biometric data associated with a specific application can be used in another unintended application (e.g., using a fingerprint for accessing medical records instead of the intended use of office door access control). This becomes especially important for biometric systems since we have a limited number of useful biometric traits, compared to practically unlimited number of traditional access identities (e.g., keys and passwords). Types of AttacksCross-application usage of biometric data becomes more probable with the growing number of applications using biometrics (e.g., opening car or office doors, accessing bank accounts, accessing medical records, locking computer screens, gaining travel authorization, etc.). In collusion, a legitimate user with wide access privileges (e.g., system administrator) is the attacker who illegally modifies the system. In coercion, attackers force the legitimate users to access the system (e.g., using a fingerprint to access ATM accounts at a gunpoint) Types of AttacksTypes of AttacksThe problems that may arise from the above mentioned attacks on biometric systems are raising concerns as more and more biometric systems are being deployed both commercially and in government applications This, along with the increase in the size of the population using these systems and the expanding application areas (visa, border control, health care, welfare distribution, e-commerce, etc.) may lead to possible finance, privacy, and security related breaches.Analysis of AttacksFake biometric submission to the sensor (type 1 attack) does not need anything more than a fake biometric; hence the feasibility of it compared to the other attacks can be high. For example, neither a knowledge of the matcher or template specifications nor template database access privileges (generally limited to system administrators) are necessary. Also, since it operates in the analog domain, outside the digital limits of the biometric system, the digital protection mechanisms such as encryption, digital signature, hashing etc. are not applicable.Analysis of AttacksResearchers have tested several fingerprint sensors to check whether they accept an artificially created (dummy) finger instead of a real finger. Methods to create dummy fingers with and without the cooperation of the real owner of the biometric (say, Alice) have been discussed. When the owner cooperates (namely, Alice is helping the attackers), obviously, the quality of the produced dummy fingers can be higher than those produced without cooperation (namely, Alice is a victim of the attackers). In the former case, after creating the
View Full Document
Unlocking...