Tesina Sobri
-
Upload
abraham-dominguez-cuna -
Category
Technology
-
view
686 -
download
0
Transcript of Tesina Sobri
REVERSE ENGINEERING AND REVERSE ENGINEERING AND MALWARE THREAT IN MALWARE THREAT IN
DISTRIBUTED BIOMETRIC DISTRIBUTED BIOMETRIC SYSTEMSSYSTEMS
Proyecto fin de carreraProyecto fin de carrera
Autor: Benxamín Porto Domínguez
Tutores: Carmen García MateoClaus Vielhauer
22
REVERSE ENGINEERING AND MALWARE THREATREVERSE ENGINEERING AND MALWARE THREAT IN DISTRIBUTED BIOMETRIC SYSTEMS IN DISTRIBUTED BIOMETRIC SYSTEMS
<!- - Benxamín Porto Domínguez - ->
ContentsContents
IntroductionIntroduction MalwareMalware Reverse Engineering Reverse Engineering ConclusionsConclusions Question timeQuestion time
33
REVERSE ENGINEERING AND MALWARE THREATREVERSE ENGINEERING AND MALWARE THREAT IN DISTRIBUTED BIOMETRIC SYSTEMS IN DISTRIBUTED BIOMETRIC SYSTEMS
<!- - Benxamín Porto Domínguez - ->
IntroductionIntroduction
Biometrics refers to the processing of Biometrics refers to the processing of biometrics signals in order to verify an biometrics signals in order to verify an user’s identity or identify within a group user’s identity or identify within a group of possibilitiesof possibilities
The most used biometric traits are based The most used biometric traits are based on: voice, face, fingerprint, signature, on: voice, face, fingerprint, signature, etc. etc.
INTRODUCTION
44
REVERSE ENGINEERING AND MALWARE THREATREVERSE ENGINEERING AND MALWARE THREAT IN DISTRIBUTED BIOMETRIC SYSTEMS IN DISTRIBUTED BIOMETRIC SYSTEMS
<!- - Benxamín Porto Domínguez - ->
ObjectivesObjectives
Analysis of the possible vulnerabilities that Analysis of the possible vulnerabilities that can be found in distributed biometric can be found in distributed biometric systems due to Malware or Reverse systems due to Malware or Reverse Engineering attacksEngineering attacks
Check the results shown by these attacksCheck the results shown by these attacks
Find alternative implementations that can Find alternative implementations that can counter these types of attacks or at least counter these types of attacks or at least minimize themminimize them
INTRODUCTIONINTRODUCTION
55
REVERSE ENGINEERING AND MALWARE THREATREVERSE ENGINEERING AND MALWARE THREAT IN DISTRIBUTED BIOMETRIC SYSTEMS IN DISTRIBUTED BIOMETRIC SYSTEMS
<!- - Benxamín Porto Domínguez - ->
The systemThe system
The system used is a prototype developed The system used is a prototype developed in Universidad de Vigoin Universidad de Vigo
It is called BioWebAuthIt is called BioWebAuth
It is a distributed authentication system It is a distributed authentication system that uses biometrics to authenticate users that uses biometrics to authenticate users on the interneton the internet
It is based on a Client-Server architectureIt is based on a Client-Server architecture
INTRODUCTIONINTRODUCTION
66
REVERSE ENGINEERING AND MALWARE THREATREVERSE ENGINEERING AND MALWARE THREAT IN DISTRIBUTED BIOMETRIC SYSTEMS IN DISTRIBUTED BIOMETRIC SYSTEMS
<!- - Benxamín Porto Domínguez - ->
INTRODUCTIONINTRODUCTION
SensorFeature Extraction Matcher Decision
Template Database
Client Server
Internet
77
REVERSE ENGINEERING AND MALWARE THREATREVERSE ENGINEERING AND MALWARE THREAT IN DISTRIBUTED BIOMETRIC SYSTEMS IN DISTRIBUTED BIOMETRIC SYSTEMS
<!- - Benxamín Porto Domínguez - ->
BioWebAuthBioWebAuthINTRODUCTIONINTRODUCTION
88
REVERSE ENGINEERING AND MALWARE THREATREVERSE ENGINEERING AND MALWARE THREAT IN DISTRIBUTED BIOMETRIC SYSTEMS IN DISTRIBUTED BIOMETRIC SYSTEMS
<!- - Benxamín Porto Domínguez - ->
BioWebAuth (II)BioWebAuth (II)INTRODUCTION
99
REVERSE ENGINEERING AND MALWARE THREATREVERSE ENGINEERING AND MALWARE THREAT IN DISTRIBUTED BIOMETRIC SYSTEMS IN DISTRIBUTED BIOMETRIC SYSTEMS
<!- - Benxamín Porto Domínguez - ->
ProcedureProcedure
Not use of knowledge unavailable for the Not use of knowledge unavailable for the attackerattacker
Use of diverse hacking tools to emulate Use of diverse hacking tools to emulate MalwareMalware
Seek for the reverse engineering Seek for the reverse engineering processes of the biometric modalitiesprocesses of the biometric modalities
Use of the reversed samples to test the Use of the reversed samples to test the systemsystem
INTRODUCTION
MalwareMalware
1111
REVERSE ENGINEERING AND MALWARE THREATREVERSE ENGINEERING AND MALWARE THREAT IN DISTRIBUTED BIOMETRIC SYSTEMS IN DISTRIBUTED BIOMETRIC SYSTEMS
<!- - Benxamín Porto Domínguez - ->
MalwareMalware
Set of instructions that run in one Set of instructions that run in one computer and make that system do computer and make that system do something that an attacker wants it to dosomething that an attacker wants it to do
It can be found in any platform and in any It can be found in any platform and in any computer languagecomputer language
Growing problem in today’s Internet Growing problem in today’s Internet security security
MALWARE
1212
REVERSE ENGINEERING AND MALWARE THREATREVERSE ENGINEERING AND MALWARE THREAT IN DISTRIBUTED BIOMETRIC SYSTEMS IN DISTRIBUTED BIOMETRIC SYSTEMS
<!- - Benxamín Porto Domínguez - ->
MethodologyMethodology
Study the different types of existent Study the different types of existent Malware Malware
Find possible techniques against Find possible techniques against distributed biometric systemsdistributed biometric systems
Create a threat level list reagarding the Create a threat level list reagarding the sucess possibilities of the different types sucess possibilities of the different types of Malwareof Malware
MALWARE
1313
REVERSE ENGINEERING AND MALWARE THREATREVERSE ENGINEERING AND MALWARE THREAT IN DISTRIBUTED BIOMETRIC SYSTEMS IN DISTRIBUTED BIOMETRIC SYSTEMS
<!- - Benxamín Porto Domínguez - ->
Malware TypesMalware Types
Malicious mobile codeMalicious mobile code
VirusVirus
WormsWorms
Trojan HorsesTrojan Horses
BackdoorsBackdoors
User and Kernel level RootKitsUser and Kernel level RootKits
Combo MalwareCombo Malware
MALWARE
1414
REVERSE ENGINEERING AND MALWARE THREATREVERSE ENGINEERING AND MALWARE THREAT IN DISTRIBUTED BIOMETRIC SYSTEMS IN DISTRIBUTED BIOMETRIC SYSTEMS
<!- - Benxamín Porto Domínguez - ->
Malware level threatMalware level threat Malicious mobile code: lowMalicious mobile code: low
Virus: lowVirus: low
Worms: mediumWorms: medium
Trojan Horses: mediumTrojan Horses: medium
Backdoors: highBackdoors: high
User and Kernel RootKits: very HighUser and Kernel RootKits: very High
Combo Malware: the highestCombo Malware: the highest
MALWARE
+
lev
el t
hrea
t
|
1515
REVERSE ENGINEERING AND MALWARE THREATREVERSE ENGINEERING AND MALWARE THREAT IN DISTRIBUTED BIOMETRIC SYSTEMS IN DISTRIBUTED BIOMETRIC SYSTEMS
<!- - Benxamín Porto Domínguez - ->
TechniquesTechniques
Keylogger:Keylogger:
Password recovery: Password recovery:
MALWARE
1616
REVERSE ENGINEERING AND MALWARE THREATREVERSE ENGINEERING AND MALWARE THREAT IN DISTRIBUTED BIOMETRIC SYSTEMS IN DISTRIBUTED BIOMETRIC SYSTEMS
<!- - Benxamín Porto Domínguez - ->
Techniques (II)Techniques (II)MALWARE
1717
REVERSE ENGINEERING AND MALWARE THREATREVERSE ENGINEERING AND MALWARE THREAT IN DISTRIBUTED BIOMETRIC SYSTEMS IN DISTRIBUTED BIOMETRIC SYSTEMS
<!- - Benxamín Porto Domínguez - ->
TechniquesTechniques (III) (III) Vulnerabilities scanningVulnerabilities scanning
MALWARE
1818
REVERSE ENGINEERING AND MALWARE THREATREVERSE ENGINEERING AND MALWARE THREAT IN DISTRIBUTED BIOMETRIC SYSTEMS IN DISTRIBUTED BIOMETRIC SYSTEMS
<!- - Benxamín Porto Domínguez - ->
Techniques (IV)Techniques (IV) Cookie stealingCookie stealing
MALWARE
Reverse EngineeringReverse Engineering
2020
REVERSE ENGINEERING AND MALWARE THREATREVERSE ENGINEERING AND MALWARE THREAT IN DISTRIBUTED BIOMETRIC SYSTEMS IN DISTRIBUTED BIOMETRIC SYSTEMS
<!- - Benxamín Porto Domínguez - ->
Reserve EngineeringReserve Engineering
Process of analyzing a subject system to Process of analyzing a subject system to identify the system's components and their identify the system's components and their interrelationships and create interrelationships and create representations of the system in another representations of the system in another form or a higher level of abstractionform or a higher level of abstraction
Used for reconstruction of an input sampleUsed for reconstruction of an input sample
Grey box model is chosen in this workGrey box model is chosen in this work
REVERSE ENGINEERING
2121
REVERSE ENGINEERING AND MALWARE THREATREVERSE ENGINEERING AND MALWARE THREAT IN DISTRIBUTED BIOMETRIC SYSTEMS IN DISTRIBUTED BIOMETRIC SYSTEMS
<!- - Benxamín Porto Domínguez - ->
REVERSE ENGINEERING
SensorFeature Extraction Matcher Decision
Template Database
Client Server
Internet
ReverseEngineering
2222
REVERSE ENGINEERING AND MALWARE THREATREVERSE ENGINEERING AND MALWARE THREAT IN DISTRIBUTED BIOMETRIC SYSTEMS IN DISTRIBUTED BIOMETRIC SYSTEMS
<!- - Benxamín Porto Domínguez - ->
MethodologyMethodology
Study of the data distribution of templatesStudy of the data distribution of templates
Find information about the algorithmsFind information about the algorithms
Create a reverse algorithm through the Create a reverse algorithm through the inversion of Gabor Jetsinversion of Gabor Jets
Bypass the system with the use of these Bypass the system with the use of these samplessamples
REVERSE ENGINEERING
2323
REVERSE ENGINEERING AND MALWARE THREATREVERSE ENGINEERING AND MALWARE THREAT IN DISTRIBUTED BIOMETRIC SYSTEMS IN DISTRIBUTED BIOMETRIC SYSTEMS
<!- - Benxamín Porto Domínguez - ->
Data Distribution StudyData Distribution StudyREVERSE ENGINEERING
2424
REVERSE ENGINEERING AND MALWARE THREATREVERSE ENGINEERING AND MALWARE THREAT IN DISTRIBUTED BIOMETRIC SYSTEMS IN DISTRIBUTED BIOMETRIC SYSTEMS
<!- - Benxamín Porto Domínguez - ->
Reverse AlgorithmReverse Algorithm Creation Creation
REVERSE ENGINEERING
2525
REVERSE ENGINEERING AND MALWARE THREATREVERSE ENGINEERING AND MALWARE THREAT IN DISTRIBUTED BIOMETRIC SYSTEMS IN DISTRIBUTED BIOMETRIC SYSTEMS
<!- - Benxamín Porto Domínguez - ->
System AttackSystem AttackREVERSE ENGINEERING
2626
REVERSE ENGINEERING AND MALWARE THREATREVERSE ENGINEERING AND MALWARE THREAT IN DISTRIBUTED BIOMETRIC SYSTEMS IN DISTRIBUTED BIOMETRIC SYSTEMS
<!- - Benxamín Porto Domínguez - ->
ResultsResults
The system was bypassed in all the The system was bypassed in all the matchings between the spoofed image matchings between the spoofed image and the template where it came fromand the template where it came from
Correlated tests between different Correlated tests between different templates images of the same subject templates images of the same subject showed a 10% of successshowed a 10% of success
REVERSE ENGINEERING
ConclusionsConclusions
2828
REVERSE ENGINEERING AND MALWARE THREATREVERSE ENGINEERING AND MALWARE THREAT IN DISTRIBUTED BIOMETRIC SYSTEMS IN DISTRIBUTED BIOMETRIC SYSTEMS
<!- - Benxamín Porto Domínguez - ->
ConclusionsConclusions
Reverse engineering of the system is a serious Reverse engineering of the system is a serious threat due to the possibility of acquiring an threat due to the possibility of acquiring an user’s sampleuser’s sample
Malware can give an attacker important Malware can give an attacker important information about the userinformation about the user
Malware can modify the input devices and thus Malware can modify the input devices and thus invalidate the whole processinvalidate the whole process
Biometric templates have to be stored using Biometric templates have to be stored using encryption techniques or, at least, methods for encryption techniques or, at least, methods for obscuring the identification of different patternsobscuring the identification of different patterns
CONCLUSIONS
2929
REVERSE ENGINEERING AND MALWARE THREATREVERSE ENGINEERING AND MALWARE THREAT IN DISTRIBUTED BIOMETRIC SYSTEMS IN DISTRIBUTED BIOMETRIC SYSTEMS
<!- - Benxamín Porto Domínguez - ->
Conclusions (II)Conclusions (II)
System have to advise all the users System have to advise all the users against social engineering attacks against social engineering attacks
Use of liveness detection techniques is Use of liveness detection techniques is highly recommended, although they do highly recommended, although they do not ensure full protection against Malwarenot ensure full protection against Malware
CONCLUSIONS
Question timeQuestion time
Thanks for your timeThanks for your time
I hope you enjoyedI hope you enjoyed