Hack Biometric

download Hack Biometric

of 33

  • date post

  • Category


  • view

  • download


Embed Size (px)

Transcript of Hack Biometric

  • 1.ITU-T Workshop on Security, SeoulImportance of Open Discussion onAdversarial Analyses for Mobile Security Technologies --- A Case Study for User Identification --- 14 May 2002Tsutomu MatsumotoGraduate School of Environment and Information Sciences Yokohama National Universityemail: tsutomu@mlab.jks.ynu.ac.jp

2. Mobile Security TechnologiesSecurity Architecture Operating Systems Security Software Tamper Resistance Mobile Code Security Physical Tamper Resistance Communications Security Cryptographic Protocol User Identification 3. Adversarial AnalysisSecurity assessment of biometric user identification systems should be conducted not only for the accuracy of authentication, but also for security against fraud.In this presentation we focus on Fingerprint Systems which may become widespread for Mobile Terminals. Examine Adversarial Analysis as A Third PartyCan we make artificial fingers that fool fingerprint systems?What are acceptance rates? 4. Fingerprint SystemsTypical structure of a fingerprint systemTypical structure of a fingerprint systemFinger Data ResultFingerCapturingFeature ExtractionComparison PresentingRecording Referring Finger Information Database Fingerprint SystemEnrollmentVerification or Identification Types of sensors Optical sensors Live and Well Detection Capacitive sensors Thermal sensors, Ultrasound sensors, etc. 5. A Risk Analysis for Fingerprint Systems Attackers may present 1) the registered finger,by an armed criminal, under duress, or with a sleepingdrug, 2) an unregistered finger (an imposter's finger), i.e., non-effort forgery, 3) a severed fingertip from the registered finger, 4) a genetic clone of the registered finger, 5) an artificial clone of the registered finger, and 6) the others, such as a well-known method as a fault based attack. 6. Fraud with Artificial FingersPart of patterns of dishonest acts with artificial fingers against a fingerprint system.L(X): A Live Finger corresponding to Person XA(Y): An Artificial Finger corresponding to Person YA(Z): An Artificial Finger corresponding to Nobody 7. Fraud with Artificial Fingers IEnrollment Y obtains A(X). X L(X) A(X) L(X) X YXDistribution of A(X)s Authentication A(X)s A(X)X or Y 8. Fraud with Artificial Fingers IIX obtains A(Y).X enrolls A(Y). X A(Y)A(Y) A(Y)YX X AuthenticationDistribution of A(Y)s A(Y)sA(Y)or L(Y) X or Y 9. Fraud with Artificial Fingers IIIEnrollment Y makes A(X).XL(X) A(X)L(X)L(X) XX Y Authentication Distribution of A(X)s A(X)sA(X) Y 10. Mapping a Fingerprint onto Artificial FingersFinegerprinte.g., Live Fingers, Generators, ... Impression e.g., Molds, Residual Fingerprints, ...Artificial Finger 11. Known Results Process 0(1) Finger (2) Mold (3) Silicone Rubber Finger 12. Fact Optical SensorOptical Sensor Capacitive Sensor Capacitive SensorFingerFinger Detector Light SourceArray of ElectrodesOften Accepts Usually RejectsSilicone Rubber Fingers Silicone Rubber Fingers 13. Gummy FingersOur Result Process 1 (1) Finger (2) Plastic Mold (3) Gummy Finger 14. Recipe 1-1 Making an Artificial Finger directly from a Live Finger Materials Materials Free molding plasticSolid gelatin sheet FREEPLASTIC GELATINE LEAF by Daicel FineChem Ltd. by MARUHA CORP350JPY/35grams200JPY/30grams 15. Recipe 1-2 Making an Artificial Finger directly from a Live FingerHow to make a moldHow to make a mold Put the plastic into hot water to soften it. Press a live finger against it. It takes around 10 minutes.The mold 16. Recipe 1-3 Making an Artificial Finger directly from a Live FingerPreparation of material Preparation of material A liquid in which immersed gelatin at 50 wt.% . Add boiling water (30cc) to solid gelatin (30g) in a bottle and mix up them. It takes around 20 minutes. 17. Recipe 1-4Making an Artificial Finger directly from a Live FingerHow to make a gummy finger How to make a gummy finger Pour the liquid into the mold.Put it into a refrigerator to cool. It takes around 10 minutes. The gummy finger 18. Similarity with Live FingersThe photomicrographs of fingers (a) Live Finger (b) Silicone Finger (c) Gummy Finger 19. Captured ImagesCaptured images with the device C (an optical sensor).optical (a) Live Finger (b) Silicone Finger (c) Gummy FingerCaptured images with the device H (a capacitive sensor).(a) Live Finger (b) Gummy Finger 20. ExperimentsSubjects: five persons whose ages are from 20s to 40sFingerprint systems: 11 typesWe attempted one-to-one verification 100 times counting the number of times that it accepts a finger presented.Types of experiments ExperimentEnrollmentVerificationType 1Live FingerLive FingerType 2Live FingerGummy FingerType 3Gummy Finger Live FingerType 4Gummy Finger Gummy Finger 21. The List of Fingerprint DevicesH ard w are S p ecification sS o ftw a re S p e cific ation sM eth od s L iv e an dfo rM an ufactu rer / P rod u c tM anu fa ctur er /P ro d uc t N am e C o m p ar is o n P ro d uc t N am e T yp e S e ns orW ell V er ificationS ellin g A g en cy N umbe r S elling A ge n cy (A p p lication ) L eve ls D ete ctionC om p aq S ta nd-A lone F in gerprint Identifica tion Com p aq C om p uterO pt ic a l C om p aq C om pu terM inu tiae D ev ic e AF ingerprint Identifica tionD F R -200 E 0 38 11U S 00 1unknow n T echnology S oftw are 1 throu gh 3 Cor pora tion S ens orC orp ora tion M a tc hingU nitver sion 1.1M IT S U B IS H I S um ikin Iz um i O pt ic a lM inu tiae D ev ic e B EL E C T R ICF ingerprint R ec ognizer F P R -D T mkII003 136unknow n C om p uter S er vice co. S ecF P V 1.11 F ix ed S ens or M a tc hing CO R P O R A T IO N L td. M inu tiaeF ingerprint Identifica tion O pt ic a l B a sic U tilit ie s for M a tc hing D ev ic e C N E C C orpora tionN 7 95 0-41 9 Y 00 00 3 unknow n N E C C orpora tionF ix edU nit (P ris m)S ens orF in gerprint Identifica tion(M inut ia a ndR ela tion)" Y U B I PA S S " U .a re.U F ingerprint R ec ognition O pt ic a lM inu tiae D ev ic e D O M R O N C orp orat ion F P S -100 0 9 050 085 4unknow n O M R O N C orpor ation F in gerprint V er ifica tionF ix edS ens or S ens or M a tc hing S oft w a reF in gerprint Identifica tionS ony F ingerp rintO pt ic a l L ive F inger T S U B A S A S Y S T E M U nit W indow s 9 5P att ern D ev ic e E S ony C orpora tion F IU -00 2-F 11 0 07 091 throu gh 5Iden tific ation U nit S ens or detectionC O .,L T D . Inter ac tive D em o V er sion m a tch ing 1 .0 Bu ild 1 3 M inu tiae C a pa citive L ogon for F ings ens or V 1 .0 D ev ic e F F U J IT S U L IM IT E D F ings ensor F S -2 00U00 A A 0 002 57unknow n F U J IT S U L IM IT E D F ix ed M a tc hing S ens orfor W indow s 95 /98(C orrela tion) M inu tiaeF ingerprint Identifica tion C a pa citive B a sic U tilit ie s for M a tc hing D ev ic e G N E C C orpora tionP K -F P 002 03 005 29S unknow n N E C C orpora tionF ix edU nit (S eria l) S ens orF in gerprint Identifica tion(M inut ia a ndR ela tion) F in gerT IP S oftw a reC 98 451 - S iem ens A G (Infineon F ingerT IP E V A L U A T IO N - C a pa citive S ie me ns A G (InfineonD evelopm ent K it (S D K )M inu tia D ev ic e H K IT D 6 100 -A 900 - unknow nF ix ed T echnologies A G ) EV A L U A T IO N K ITS ens orT echnologies A G ) V ers ion: V 0 .90, B eta 3m a tch ing4 " D em o P rogra m " S ony F ingerp rintC a pa citive L ive F ingerP att ern D ev ic e I S ony C orpora tion F IU -71030 00 398S yst em needs Inc .Good -b ye " PASSWORD" s 1 throu gh 5Iden tific ation U nit S ens or detection m a tch ing O p t ic a l S e cu D e sk t op 1. 55 M inut ia D ev ic e J S ecu genEy eD m ous e IISM B -8 0 0 96 501 720 04 unknow n S e cu g e n 1 t hr ough 9Se n s or{ m at c hing ethentica tior M S 3 000 P CO p t ic a l S ecu re Su iteM inut ia D ev ic e K Et henticaM S 3 00 0M 3 00F 20 099 1 un kno wnE the nticaF i xe dC a rdSe n s orRele as e1. 0m at c hing 22. Experimental Results Making an Artificial Finger directly from a Live Finger100 Acceptance(times/100a tempts)80The Number of604020 L-LL-A A- L A- A0 A B C D EF G H IJ K Fingerpri Device nt 23. Gummy Fingers Our Result Process 2 (1) Residual Fingerprint (2) Digital Image Data (3) Printed Circuit Board (4) Gummy Finger 24. Recipe 2-1 Making an Artificial Finger from a Residual FingerprintMaterialsA photosensitiveSolid gelatin sheet coated Printed CircuitGELATINE LEAF Board (PCB) by MARUHA CORP 10K by Sanhayato Co., Ltd . 320JPY/sheet 200JPY/30grams 25. Recipe 2-2 Residual Fingerprint Digital Microscope Enhancing Cyanoacrylate Adhesive Capturing Image ProcessingAdobe Photoshop 6.0 Fingerprint ImageKEYENCE VH6300: 900k pixels PrintingTransparent Film Inkjet PrinterMaskUV light Exposing PhotosensitiveDevelopingCoated PCB EtchingCanon BJ-F800: 1200x600dpiMold 26. Recipe 2-3 A Mask with Fingerprint Images An Enhanced Fingerprint A Fingerprint Image 27. Recipe 2-4 Gelatin Liquid Put this mold intoDrip the liquida refrigerator to cool,onto the mold. and then peel carefully. 40wt.% ^ 28. The Mold and the Gummy Finger Mold: 70JPY/pieceGummy Finger: 50JPY/piece (Ten molds can be obtained in the PCB.) 29. Resolution of Fingerprint Images Pores can be observed. Captured Fingerprint Image ofthe Gummy FingerEnhanced Fingerprintwith the device H (a capacitive sensor) 30. Experimental Resultsfrom Residual Fingerprints (for 1 subject)100 Accep tance(times/100a tempts)80 The Number of604020L-LL-A A- L A- A0A B C D EF G H IJ KFingerpri Devicent 31. Characteristics of Gummy FingersMoistureElectric Resistance Live Finger16%16 Mohms/cm Gummy Finger 23%20 Mohms/cm Silicone Finger impossible to measure impossible to measure500Gummy Finger Tact ile Sensor Outpt (Hz ) 400Live Finger 300 200 100 0 050100 150Pressure Sensor Output (g) The compliance was also examined for live and gummy fingers. 32. ConclusionsThere can be various dishonest acts using artificial fingers against the fingerprint systems. Gummy fingers, which are easy to make with cheep, easily obtainable tools and materials, can be accepted by 11 types of fingerprint systems. The exper