security challenges of biometric systems liam m. mayron, ph.d. arizona state university soda january...
TRANSCRIPT
SECURITY CHALLENGES OF BIOMETRIC SYSTEMSLiam M. Mayron, Ph.D.
Arizona State University
SoDA
January 29, 2015
Credit• Some of the reference material in this presentation is from
the textbook “Introduction to Biometrics” by Jain, Ross, and Nandakumar
• Some figures have been obtained from various online sources (as noted)
Biometrics?• Biometrics are physical and behavioral characteristics that
uniquely identify humans• Typically used for authentication – associating individuals
with their personal identities• Active area of research – combines image processing,
security, information retrieval, physiology, cognitive science and other fields
Harry PotterSource: http://allears.net/pl/fingerscan.htm
Harry PotterSource: http://www.smartecarte.com/index.php?page=3000-series-lockers-more-information
Harry PotterSource: http://gamingandbranding.blogspot.com/2011/08/universal-theme-park-in-orlando.html
Identity What a person knows
What a person possesses
Who a person is
Relying on what a person knows and what a person possesses is not enough!
Biometric functions
Verification
• “Are you who you say you are?”
Identification
• “Are you someone who the system previously recognized?”
Examples of biometrics
Fingerprint Palm print Face Iris
Retina Ear Voice Signature
Gait Hand Vein Odor
DNA … AND MORE!
FingerprintSource: http://www.vetmed.vt.edu/education/curriculum/vm8054/labs/lab14/IMAGES/FINGERPRINT.jpg
IrisSource: http://en.wikipedia.org/wiki/File:NIRIris.png
GaitSource: http://homepages.inf.ed.ac.uk/rbf/CVDICT/cvg.htm
System operation
Enrollment phase
Store extracted features, discard the raw data
Extract features
Sample biometric data
Recognition phase
Determine user identity
Compare against stored data
Extract features
Re-sample biometric data
System components
Drag picture to placeholder or click icon to add
Green: enrollment
Purple: recognitionSensor
Feature extractor
Database
Matcher
Feature extraction• A lot of research interest!• Purpose is to generate a template, a compact
representation of a biometric trait• Assess quality• Segment data• Enhance data
Matching• Compare query data to a previously stored template• Decide if a individual is a genuine match or an imposter• Exact matches are… suspicious
Desired characteristics of biometrics
Uniqueness
• A biometric should be able to distinguish between two people
Permanence
• A biometric should not change (much) over time
Design cycle
Understand nature of application and performance requirements
Choose appropriate biometric traits
Collect sample biometric data
Design or train the feature extractor or matcher
Evaluation and feedback
Application considerations• Cooperative vs. non-cooperative users• Overt vs. covert deployment• Habituated vs. non-habituated users• Attended vs. unattended operation• Controlled vs. uncontrolled operation• Open vs. closed system
Biometric considerations• Universality• Uniqueness• Permanence• Measurability• Performance• Acceptability• Circumvention
Example: fingerprintsSource: http://en.wikipedia.org/wiki/File:Fingerprint_detail_on_male_finger.jpg
Fingerprints• Ridges under our fingers allow us to grasp objects and
improve sensation• 20-24 ridges per centimeter is typical• Ridge flow is a result of random stresses during fetal
development*
Fingerprints• The template of a fingerprint is derived from its minutiae• Minutiae consist of:
• Location: location in the image• Direction: direction along local ridge orientation• Type:
• Ending• Bifurcation
• A set of minutiae can potentially be used to derive the original ridge skeleton structure
• Sets of minutiae are compared. If the difference is within allowable parameters both are considered to match
Security threats to biometric systems• Denial of Service (DoS)• Intrusion• Repudiation• Function creep
System attacks
Insider attacks
• Biometric systems require human interaction – can be exploited• Collusion• Coercion• Negligence• Enrollment fraud• Exception abuse
Infrastructure attacks
• Combination of hardware and software
• Types • User interface• System modules• Interconnections• Template database
User interface attacks
• Any attack initiated by presenting a biometric
• Impersonation• Obfuscation• Spoofing
• Spoof detection• Liveness detection• Measure physiological
properties• Pulse• Blood pressure• Perspiration• Spectral properties of the skin• Electrical conductivity• Skin deformation
• Identify voluntary/involuntary behavior
• Challenge-response
Spoof detectionSource: http://www.engadget.com/2012/03/29/samsung-face-unlock-blinking-feature/
Interconnection attacks• Man-in-the-middle attack• Replay attack• Hill-climbing
Template database attacks• Leakage is a much more serious issue in biometric
systems than in password-based systems
Leakage• Ways information about a biometric user can be learned
• Collusion or coercion: close proximity or cooperation• Covert acquisition: close proximity or cooperation• Brute force or hill-climbing: breach system security and intrusion• Template leakage: can be done remotely and anonymously
• It is not possible to replace compromised biometric tokens• The irrevocable nature of biometrics is both a strength
and a weakness
Password security• Can techniques that are used to store passwords be used
to store biometric templates?• Encryption
• Security depends on the secrecy of the decryption key• Encryption (done simply) is not enough to secure passwords
• Password-based key generation• Password is never stored• Password is instead used to generate a cryptographic key
• Cryptographic hash• A one-way hash is applied• Cannot retrieve the original password from the hash*
Requirements and challenges• Password security techniques cannot be directly applied
to biometric templates• Fundamental difference between biometric password systems• Password systems require an exact match• Biometric systems require a “good” match
• Biometric template protection requires• Cryptographic security: non-invertible templates• Performance: maintain matching ability• Revocability: generate multiple templates from the same data
Encryption• Use encryption (AES, RSA) to secure template data• Not equivalent to password encryption
• Passwords are the same• Biometrics vary at each reading• Can compare encrypted passwords directly; cannot directly-
compare encrypted biometrics
• Disadvantage: original data is exposed during decryption• Advantage: matching performance is unaffected, can use
the same matching algorithms• Generally not sufficient for securing biometric data
Feature transformation• A transformation function is applied to the template• Transformation function derived from a password or
random key• Can be invertible or non-invertible• Invertible
• Security is derived from the secrecy of the password or key• Keys can be user-specific• Homomorphic encryption
• Non-invertible• Equivalent to password hashing• More secure than invertible feature transformation• Challenging to create non-invertible transformation functions• Can adversely affect matching performance
Biometric cryptosystems• Biometric data is used to bind or generate cryptographic
keys• Key binding: use biometric data to identify a key that was
generated independently of the biometric data itself• Key generation: use biometric data to create a key• Biometric cryptosystems are an area of active research• Helper information that is publicly available is used to
stabilize the system
Discussion• There is no ideal method of biometric security• Many open challenges• Today, hybrids of multiple techniques are increasingly
common• Research topics to consider:
• Are there existing security methods that can be extended to biometrics?
• How can we measure the security of a biometric template database?
• Are there biometrics that are not compatible with existing security schemes?
