![Page 1: Forensic Implications of Identity Management Systems · Forensic Implications of Identity Management Systems ... writing • Speech ... Philip Statham Biovision,2003](https://reader031.vdocuments.net/reader031/viewer/2022020412/5ad0276c7f8b9a8b1e8d932e/html5/thumbnails/1.jpg)
Forensic Implications of Identity Management Systems
dr. Zeno Geradts dr. Arnout Ruifrok,
Rikkert Zoun, MS [email protected]
AAFS Seattle 2006
![Page 2: Forensic Implications of Identity Management Systems · Forensic Implications of Identity Management Systems ... writing • Speech ... Philip Statham Biovision,2003](https://reader031.vdocuments.net/reader031/viewer/2022020412/5ad0276c7f8b9a8b1e8d932e/html5/thumbnails/2.jpg)
Outline• Introduction
• Biometric systems
• Forensic properties (faking biometrics)
• Biometric Passport
• Future research
![Page 3: Forensic Implications of Identity Management Systems · Forensic Implications of Identity Management Systems ... writing • Speech ... Philip Statham Biovision,2003](https://reader031.vdocuments.net/reader031/viewer/2022020412/5ad0276c7f8b9a8b1e8d932e/html5/thumbnails/3.jpg)
Netherlands Forensic Institute• Digital Evidence Section 40 employees
– Open Systems (media analysis, crypto, data analysis)– Embedded Systems (PDA’s, cell phones, other
electronics)– Interception– Image Analysis and Biometrics – Voice and audio
![Page 4: Forensic Implications of Identity Management Systems · Forensic Implications of Identity Management Systems ... writing • Speech ... Philip Statham Biovision,2003](https://reader031.vdocuments.net/reader031/viewer/2022020412/5ad0276c7f8b9a8b1e8d932e/html5/thumbnails/4.jpg)
Outline• Introduction
• Biometric systems
• Forensic properties (faking biometrics)
• Biometric Passport
• Future research
![Page 5: Forensic Implications of Identity Management Systems · Forensic Implications of Identity Management Systems ... writing • Speech ... Philip Statham Biovision,2003](https://reader031.vdocuments.net/reader031/viewer/2022020412/5ad0276c7f8b9a8b1e8d932e/html5/thumbnails/5.jpg)
Current activities Biometrics (NFI)• Photogrammetry • Facial comparison• Dutch Biometric Passport (Chip + Biometric)• Biometrics program Immigration
Naturalization Services– documents– facial recognition at borders– verification of people applying for asylum
• FEARID project • FIDIS www.fidis.org Future of Identification
Systems
![Page 6: Forensic Implications of Identity Management Systems · Forensic Implications of Identity Management Systems ... writing • Speech ... Philip Statham Biovision,2003](https://reader031.vdocuments.net/reader031/viewer/2022020412/5ad0276c7f8b9a8b1e8d932e/html5/thumbnails/6.jpg)
Future of Identification Systems• www.fidis.netEuropean project Network of Excellence with
20 partnersWorkpackage 6 : Forensic ImplicationsExample artefacts :
Media analysisMobile phonesBiometric devices
…In 2006 : profiling - data-analysis of databases
![Page 7: Forensic Implications of Identity Management Systems · Forensic Implications of Identity Management Systems ... writing • Speech ... Philip Statham Biovision,2003](https://reader031.vdocuments.net/reader031/viewer/2022020412/5ad0276c7f8b9a8b1e8d932e/html5/thumbnails/7.jpg)
FIDIS Identity definitions• Artefacts (magstripe, mobiles, biometrics)• Threat level• Forensic reliability and other forensic
qualities• Forms of failure• Verification problems• Consequences of Failure
![Page 8: Forensic Implications of Identity Management Systems · Forensic Implications of Identity Management Systems ... writing • Speech ... Philip Statham Biovision,2003](https://reader031.vdocuments.net/reader031/viewer/2022020412/5ad0276c7f8b9a8b1e8d932e/html5/thumbnails/8.jpg)
Biometrics
Key terms:
• Verification (Authentication): Determination if an identity claim is true (1 to 1 match)
• Identification: Determination if a person already enrolled in a system, and who he/she is (1 to N match)
![Page 9: Forensic Implications of Identity Management Systems · Forensic Implications of Identity Management Systems ... writing • Speech ... Philip Statham Biovision,2003](https://reader031.vdocuments.net/reader031/viewer/2022020412/5ad0276c7f8b9a8b1e8d932e/html5/thumbnails/9.jpg)
Schematic Biometric System
Common Methodology for Information Technology Security Evaluation, The Biometric Evaluation Methodology Working Group, 2002
![Page 10: Forensic Implications of Identity Management Systems · Forensic Implications of Identity Management Systems ... writing • Speech ... Philip Statham Biovision,2003](https://reader031.vdocuments.net/reader031/viewer/2022020412/5ad0276c7f8b9a8b1e8d932e/html5/thumbnails/10.jpg)
Outline• Introduction
• Biometric systems
• Forensic properties (faking biometrics)
• Biometric Passport
• Future research
![Page 11: Forensic Implications of Identity Management Systems · Forensic Implications of Identity Management Systems ... writing • Speech ... Philip Statham Biovision,2003](https://reader031.vdocuments.net/reader031/viewer/2022020412/5ad0276c7f8b9a8b1e8d932e/html5/thumbnails/11.jpg)
Biometric systems -1 • Facial recognition
• Fingerprint
• Iris, retina
![Page 12: Forensic Implications of Identity Management Systems · Forensic Implications of Identity Management Systems ... writing • Speech ... Philip Statham Biovision,2003](https://reader031.vdocuments.net/reader031/viewer/2022020412/5ad0276c7f8b9a8b1e8d932e/html5/thumbnails/12.jpg)
Biometric systems -2• Hand scan
• Vascular patterns
• Signature, writing
• Speech
• Keystroke
1 1.1 1.2 1.3 1.4 1.5
-0.25
-0.2
-0.15
-0.1
-0.05
0
0.05
0.1
0.15
0.2
![Page 13: Forensic Implications of Identity Management Systems · Forensic Implications of Identity Management Systems ... writing • Speech ... Philip Statham Biovision,2003](https://reader031.vdocuments.net/reader031/viewer/2022020412/5ad0276c7f8b9a8b1e8d932e/html5/thumbnails/13.jpg)
3D facial system
![Page 14: Forensic Implications of Identity Management Systems · Forensic Implications of Identity Management Systems ... writing • Speech ... Philip Statham Biovision,2003](https://reader031.vdocuments.net/reader031/viewer/2022020412/5ad0276c7f8b9a8b1e8d932e/html5/thumbnails/14.jpg)
Principles of a biometric system• Example: facial image
• Enrollment: facial picture taken under controlled circumstances
• Calculation of a “template” (series of numbers) for storage on a chipcard or in a database
• Verification: compare with template on a chipcard
• Identification: compare with templates stored in a database
![Page 15: Forensic Implications of Identity Management Systems · Forensic Implications of Identity Management Systems ... writing • Speech ... Philip Statham Biovision,2003](https://reader031.vdocuments.net/reader031/viewer/2022020412/5ad0276c7f8b9a8b1e8d932e/html5/thumbnails/15.jpg)
-200
0
200
400
600
800
1000
1200
1400
-1 -0.5 0 0.5 1 1.5 2
Template Difference
Num
ber o
f com
paris
ons
Template matching• Compare stored template with captured
template• Difference too big: refuse
authentic imposters
refusalacceptance threshold
![Page 16: Forensic Implications of Identity Management Systems · Forensic Implications of Identity Management Systems ... writing • Speech ... Philip Statham Biovision,2003](https://reader031.vdocuments.net/reader031/viewer/2022020412/5ad0276c7f8b9a8b1e8d932e/html5/thumbnails/16.jpg)
Properties of biometric systems• FTE, ‘failure to enroll’
– Probability that a user will be unable to enroll the system
Threshold setting: trade-off between• FRR, ‘false rejection rate’
– Probability of unintended refusal
• FAR, ‘false acceptance rate’– Probability of unintended acceptance
![Page 17: Forensic Implications of Identity Management Systems · Forensic Implications of Identity Management Systems ... writing • Speech ... Philip Statham Biovision,2003](https://reader031.vdocuments.net/reader031/viewer/2022020412/5ad0276c7f8b9a8b1e8d932e/html5/thumbnails/17.jpg)
FAR and FRR of different systems
General Applications
Low securityHigh thru-put
High security access
![Page 18: Forensic Implications of Identity Management Systems · Forensic Implications of Identity Management Systems ... writing • Speech ... Philip Statham Biovision,2003](https://reader031.vdocuments.net/reader031/viewer/2022020412/5ad0276c7f8b9a8b1e8d932e/html5/thumbnails/18.jpg)
Outline• Introduction
• Biometric systems
• Forensic properties (faking biometrics)
• Biometric Passport
• Future research
![Page 19: Forensic Implications of Identity Management Systems · Forensic Implications of Identity Management Systems ... writing • Speech ... Philip Statham Biovision,2003](https://reader031.vdocuments.net/reader031/viewer/2022020412/5ad0276c7f8b9a8b1e8d932e/html5/thumbnails/19.jpg)
Biometric devices tested
![Page 20: Forensic Implications of Identity Management Systems · Forensic Implications of Identity Management Systems ... writing • Speech ... Philip Statham Biovision,2003](https://reader031.vdocuments.net/reader031/viewer/2022020412/5ad0276c7f8b9a8b1e8d932e/html5/thumbnails/20.jpg)
‘Spoofing’ of biometric systems:
• Face – picture or mask• Fingerprint – silicon/gelatin casting • Iris – picture with a hole • Hand - latex model• Speech - digital or analog recording• Keystrokes - recording
Resistance to fraud
![Page 21: Forensic Implications of Identity Management Systems · Forensic Implications of Identity Management Systems ... writing • Speech ... Philip Statham Biovision,2003](https://reader031.vdocuments.net/reader031/viewer/2022020412/5ad0276c7f8b9a8b1e8d932e/html5/thumbnails/21.jpg)
Vingerafdruk: spoofing
Van der Putte, NBF 2003
![Page 22: Forensic Implications of Identity Management Systems · Forensic Implications of Identity Management Systems ... writing • Speech ... Philip Statham Biovision,2003](https://reader031.vdocuments.net/reader031/viewer/2022020412/5ad0276c7f8b9a8b1e8d932e/html5/thumbnails/22.jpg)
Fingerprint: spoofing• Test in house
![Page 23: Forensic Implications of Identity Management Systems · Forensic Implications of Identity Management Systems ... writing • Speech ... Philip Statham Biovision,2003](https://reader031.vdocuments.net/reader031/viewer/2022020412/5ad0276c7f8b9a8b1e8d932e/html5/thumbnails/23.jpg)
spoofing: epoxyNegative of epoxy: More details …
• Epoxy not homogeneous
• Acrylate ‘it remains fixed’, a releasing agent
![Page 24: Forensic Implications of Identity Management Systems · Forensic Implications of Identity Management Systems ... writing • Speech ... Philip Statham Biovision,2003](https://reader031.vdocuments.net/reader031/viewer/2022020412/5ad0276c7f8b9a8b1e8d932e/html5/thumbnails/24.jpg)
spoofing: siliconNegatief van silicon (used for toolmarks):
• More details
• Easy to use
• Can be used for with several casts
![Page 25: Forensic Implications of Identity Management Systems · Forensic Implications of Identity Management Systems ... writing • Speech ... Philip Statham Biovision,2003](https://reader031.vdocuments.net/reader031/viewer/2022020412/5ad0276c7f8b9a8b1e8d932e/html5/thumbnails/25.jpg)
acrylaat ‘fake’• Easy to remove
• Easy to use
![Page 26: Forensic Implications of Identity Management Systems · Forensic Implications of Identity Management Systems ... writing • Speech ... Philip Statham Biovision,2003](https://reader031.vdocuments.net/reader031/viewer/2022020412/5ad0276c7f8b9a8b1e8d932e/html5/thumbnails/26.jpg)
Other tested methods• Printing a stamp of a fingerprint and using
that• Printing on paper and using glue for copying
a fingerprint
![Page 27: Forensic Implications of Identity Management Systems · Forensic Implications of Identity Management Systems ... writing • Speech ... Philip Statham Biovision,2003](https://reader031.vdocuments.net/reader031/viewer/2022020412/5ad0276c7f8b9a8b1e8d932e/html5/thumbnails/27.jpg)
Glue
![Page 28: Forensic Implications of Identity Management Systems · Forensic Implications of Identity Management Systems ... writing • Speech ... Philip Statham Biovision,2003](https://reader031.vdocuments.net/reader031/viewer/2022020412/5ad0276c7f8b9a8b1e8d932e/html5/thumbnails/28.jpg)
![Page 29: Forensic Implications of Identity Management Systems · Forensic Implications of Identity Management Systems ... writing • Speech ... Philip Statham Biovision,2003](https://reader031.vdocuments.net/reader031/viewer/2022020412/5ad0276c7f8b9a8b1e8d932e/html5/thumbnails/29.jpg)
![Page 30: Forensic Implications of Identity Management Systems · Forensic Implications of Identity Management Systems ... writing • Speech ... Philip Statham Biovision,2003](https://reader031.vdocuments.net/reader031/viewer/2022020412/5ad0276c7f8b9a8b1e8d932e/html5/thumbnails/30.jpg)
![Page 31: Forensic Implications of Identity Management Systems · Forensic Implications of Identity Management Systems ... writing • Speech ... Philip Statham Biovision,2003](https://reader031.vdocuments.net/reader031/viewer/2022020412/5ad0276c7f8b9a8b1e8d932e/html5/thumbnails/31.jpg)
Rubber Stamp• Just send your
fingerprint by email to a stamp manufacturer
![Page 32: Forensic Implications of Identity Management Systems · Forensic Implications of Identity Management Systems ... writing • Speech ... Philip Statham Biovision,2003](https://reader031.vdocuments.net/reader031/viewer/2022020412/5ad0276c7f8b9a8b1e8d932e/html5/thumbnails/32.jpg)
Hand copy
![Page 33: Forensic Implications of Identity Management Systems · Forensic Implications of Identity Management Systems ... writing • Speech ... Philip Statham Biovision,2003](https://reader031.vdocuments.net/reader031/viewer/2022020412/5ad0276c7f8b9a8b1e8d932e/html5/thumbnails/33.jpg)
How to
![Page 34: Forensic Implications of Identity Management Systems · Forensic Implications of Identity Management Systems ... writing • Speech ... Philip Statham Biovision,2003](https://reader031.vdocuments.net/reader031/viewer/2022020412/5ad0276c7f8b9a8b1e8d932e/html5/thumbnails/34.jpg)
Vein scanner•
![Page 35: Forensic Implications of Identity Management Systems · Forensic Implications of Identity Management Systems ... writing • Speech ... Philip Statham Biovision,2003](https://reader031.vdocuments.net/reader031/viewer/2022020412/5ad0276c7f8b9a8b1e8d932e/html5/thumbnails/35.jpg)
Vein Scanner (2)•
![Page 36: Forensic Implications of Identity Management Systems · Forensic Implications of Identity Management Systems ... writing • Speech ... Philip Statham Biovision,2003](https://reader031.vdocuments.net/reader031/viewer/2022020412/5ad0276c7f8b9a8b1e8d932e/html5/thumbnails/36.jpg)
ICAO StandardsICAO Standards
• Face recognition– Image in stead of template
• Contactless chiptechnology– ISO/IEC 14443 type A or B
• Logical Data Structure– Design of the chip
• PKI for MRTDs– Secure and authenticate information on the chip
• Optional 2nd biometric features– Fingerprint & Iris
![Page 37: Forensic Implications of Identity Management Systems · Forensic Implications of Identity Management Systems ... writing • Speech ... Philip Statham Biovision,2003](https://reader031.vdocuments.net/reader031/viewer/2022020412/5ad0276c7f8b9a8b1e8d932e/html5/thumbnails/37.jpg)
Naam van de spreker
Plaats en datum
Contact less Chip Technology
![Page 38: Forensic Implications of Identity Management Systems · Forensic Implications of Identity Management Systems ... writing • Speech ... Philip Statham Biovision,2003](https://reader031.vdocuments.net/reader031/viewer/2022020412/5ad0276c7f8b9a8b1e8d932e/html5/thumbnails/38.jpg)
1: User. Authorized user provides own biometric sample, unknowingly, unwillingly or willingly (collusion), to imposter.2: User/capture. Authorized user tries to enroll a weak biometric template.
Imposter presents own biometric sample in an attempt to impersonate an authorized user.Imposter modifies own biometric in an attempt to impersonate.Imposter presents an artificial biometric sample.Imposter uses a residual biometric in an attempt to impersonate the last user (e.g. latent fingerprint).
3: Capture/extraction. Imposter intercepts an authorized biometric sample, and inserts the authorized biometric sample (replay).4: Extraction/comparison. Imposter intercepts extracted biometric features, and inserts these into the comparison subsystem.5: Enrollment Extraction/Template storage Imposter intercepts an authorized biometric template.
Unauthorized user is enrolled due to error or by replacement of an authorized user template 6: Template storage. Attacker modifies templates in storage.
Imposter presents own biometric after manipulation of a template storage device.Imposter steals the biometric template of an authorized user from a storage device.
7: Template Retrieval. Imposter intercepts an authorized biometric template during transmission between Storage and Comparison subsystems.Imposter inserts own template directly into the comparison subsystem.
8: Administrator/Resource manager. A hostile unauthorized user may acquire administrator privileges Non-hostile administrator or hostile unauthorized user or imposter incorrectly modifies matching thresholds, incorrectly modifies user privileges, allows unauthorized access to template storage, allows unauthorized modification of audit trail, enrolls unauthorized user.Administrator fails to properly review and respond to audit trail anomalies.
9: User policy/management. Imposter authenticates as authorized user through collusion, coercion, password, backup system, 10: Policy management. Audit data collection inadequate to detect attacks, attacker modifies user identity.11: Policy management/portal. Attacker bypasses biometric system by inserting appropriate “grant privileges” signal directly into portal.
Attacker disables system, and defeats backup system or alternative authentication method12: Portal. Attacker gains unauthorized access with the willing or unwilling aid of an authorized user
User gains access to unauthorized privileges after improper modification of privileges.13: Hardware components. Attacker tampers, modifies, bypasses, or deactivates one or more components, and exploits hardware “back-
door”, design flaw, environmental conditions, or failure mode. Attacker floods one or more components with noise (e.g. electromagnetic energy).Imposter intercepts or inserts authorized biometric templates to one or more hardware components.
14: Software/firmware components. Attacker tampers, modifies, bypasses, or deactivates one or more executables, and exploits software “back-door”, algorithm quirk, design flaw, or failure mode.A virus or other malicious software is introduced into the system.Imposter intercepts or inserts authorized biometric template to one or more software or firmware components.
15: Connections (including network). Attacker tampers, modifies, bypasses, or deactivates one or more connections between components.Imposter intercepts or inserts authorized biometric sample or template during transmission.
Threats for biometric systems (summarized)
Common Methodology for Information Technology Security Evaluation, The Biometric Evaluation Methodology Working Group, 2002
![Page 39: Forensic Implications of Identity Management Systems · Forensic Implications of Identity Management Systems ... writing • Speech ... Philip Statham Biovision,2003](https://reader031.vdocuments.net/reader031/viewer/2022020412/5ad0276c7f8b9a8b1e8d932e/html5/thumbnails/39.jpg)
USB Sniffing example from fingerprint
![Page 40: Forensic Implications of Identity Management Systems · Forensic Implications of Identity Management Systems ... writing • Speech ... Philip Statham Biovision,2003](https://reader031.vdocuments.net/reader031/viewer/2022020412/5ad0276c7f8b9a8b1e8d932e/html5/thumbnails/40.jpg)
Biometric system Issues• Biometrics not absolute identification
• Biometrics are not secret
• Biometrics cannot be changed/revoked (theft/spoofing)
• Biometric algorithms are not validated
• How to know when security level falls
Tony Mansfield, Philip Statham Biovision,2003
![Page 41: Forensic Implications of Identity Management Systems · Forensic Implications of Identity Management Systems ... writing • Speech ... Philip Statham Biovision,2003](https://reader031.vdocuments.net/reader031/viewer/2022020412/5ad0276c7f8b9a8b1e8d932e/html5/thumbnails/41.jpg)
User Concerns• Biometric may be stolen• Identity theft• Increased chance of capture/coercion• Authentication failure• Operator/administrator misuse• Audit trail reveals personal information• Use without consent
– Giving biometric by accident– Covert collection of biometric
• Function creep– Database searched for criminal suspects
Tony Mansfield, Philip Statham Biovision,2003
![Page 42: Forensic Implications of Identity Management Systems · Forensic Implications of Identity Management Systems ... writing • Speech ... Philip Statham Biovision,2003](https://reader031.vdocuments.net/reader031/viewer/2022020412/5ad0276c7f8b9a8b1e8d932e/html5/thumbnails/42.jpg)
Outline• Definition of Biometrics
• Biometrics at the NFI
• Biometric systems
• Automatic verification
• Privacy issues
• Future of biometrics
![Page 43: Forensic Implications of Identity Management Systems · Forensic Implications of Identity Management Systems ... writing • Speech ... Philip Statham Biovision,2003](https://reader031.vdocuments.net/reader031/viewer/2022020412/5ad0276c7f8b9a8b1e8d932e/html5/thumbnails/43.jpg)
Future developments• Biometrics mandatory in travel documents
• Mass introduction of biometric systems?
• Large datasets
• Statistics about features from biometric systems available for forensic identification research
• Knowledge base for biometric features and systems
![Page 44: Forensic Implications of Identity Management Systems · Forensic Implications of Identity Management Systems ... writing • Speech ... Philip Statham Biovision,2003](https://reader031.vdocuments.net/reader031/viewer/2022020412/5ad0276c7f8b9a8b1e8d932e/html5/thumbnails/44.jpg)
Discussion• Most test with people that cooperate
• What if people damage the sensor• Damage the chip• Fall back system
![Page 45: Forensic Implications of Identity Management Systems · Forensic Implications of Identity Management Systems ... writing • Speech ... Philip Statham Biovision,2003](https://reader031.vdocuments.net/reader031/viewer/2022020412/5ad0276c7f8b9a8b1e8d932e/html5/thumbnails/45.jpg)
Summary• In some cases expectations of biometric systems are
still too high
• Consensus about biometric systems testing is growing*, but implementation is still lacking
• Current mass-market products are relatively easy to ‘spoof’
• Privacy issues depend on technology and system implementation
• Multimodal biometrics (3D + 2D + IR of face)
• Biometry is gaining importance in forensics
*http://www.cesg.gov.uk