1 / 33

Chapter 12 Thwarting Attacks

Chapter 12 Thwarting Attacks. Leandro A. Loss. Introduction. Benefits of Biometric Authentication: Convenience (e.g. recall password, keep cards) Security (e.g. cracked password, stolen cards) Introduces different security weaknesses:

nadda
Télécharger la présentation

Chapter 12 Thwarting Attacks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 12Thwarting Attacks Leandro A. Loss

  2. Introduction • Benefits of Biometric Authentication: • Convenience (e.g. recall password, keep cards) • Security (e.g. cracked password, stolen cards) • Introduces different security weaknesses: • Objective: Identify security weak points, keeping in mind the security versus convenience trade-off

  3. Pattern Recognition Model Sensor Template Extractor Matcher Application Enrollment Template Database • 11 basic points of attack that plague biometric authentication systems

  4. Attacking Biometric Identifiers Sensor Template Extractor Matcher Application

  5. Attacking Biometric Identifiers • Coercive Attack Examples • A genuine user is forced by an attacker to identify him or herself to an authentication system; • The system should detect coercion instances reliably without endangering lives (stress analysis, guards, video recording). • The correct biometric is presented after physical removal from the rightful owner; • The system should detect “liveness” (movements of iris, electrical activity, temperature, pulse in fingers.

  6. Attacking Biometric Identifiers • Impersonation Attack Examples • Involves changing one’s appearance so that the measured biometric matches an authorized person; • Voice and face are the most easily attacked; • Fake fingerprints or even fingers have been reported. • Changes one’s appearance to cause a false negative error in screening systems; • disguises or plastic surgeries; • Combination of multiple biometrics makes replications more difficult, specially when synchronization is analyzed (works well for the first case); • No defense suggestions for the second case;

  7. Attacking Biometric Identifiers • Replay Attack Examples • Re-presentation of previously recorded biometric information (tape or picture); • Prompt random text to be read; • Detect tri-dimensionality or require change of expression.

  8. Front-end attacks B D Sensor Template Extractor Matcher Application A C

  9. Front-end attacks • (A) Channel between sensor and biometric system • Replay Attacks: • circumventing the sensor by injecting recorded signal in the system input (easier than attacking the sensor); • digital encryption and time-stamping can protect against these attacks. • Electronic Impersonation Attacks: • Injection of an image created artificially from extracted features; • e.g. An image of an artificial fingerprint created from minutia captured from a card; • No defense suggested.

  10. Front-end attacks • (B) Template Extractor • Trojan Horse Attacks: • The features are replaced after extracted (assuming the representation is known); • The extractor would produce a pre-selected feature set at some given time or under some condition; • No defense suggested.

  11. Front-end attacks • (C) Transmissions between Extractor and Matcher • Communication Attacks: • Specially dangerous in remote matchers; • No defense suggested.

  12. Front-end attacks • (D) Matcher • Trojan Horse Attacks: • Manipulations of match decision; • e.g. A hacker could replace the biometric library on a computer with a library that always declares a true match for a particular person; • No defense suggested.

  13. Circumvention Sensor Template Extractor Matcher Application “Overriding of the matcher’s output”

  14. Circumvention • Collusion • Some operators have super-user status, which allows them to bypass the authentication process; • Attackers can gain super-user status by: • - Stealing this status; • - Agreement with operator;

  15. Circumvention • Covert Acquisition • Biometric stolen without the user knowledge; • Only the parametric data is used to override matcher (so different from impersonation);

  16. Circumvention • Denial • A authentic user identifies him or herself to the system but is denied such an access (a False Rejection is evoked); • Not considered fraud because no unauthorized access was granted; • But it disrupts the functioning of the system.

  17. Back-end attacks D Sensor Template Extractor Matcher Application B A Enrollment Template Database E C

  18. Back-end attacks • (A) Enrollment Attacks • Same vulnerable points of the others; • With collusion between the hacker and the supervisor of the enrollment center, it is easy to enroll a created or stolenidentity; • Enrollment needs to be more secure than authentication and is best done under trusted and competent supervision. Enrollment Template Database Sensor Template Extractor Matcher

  19. Back-end attacks • (B) Transmissions between Matcher and Database • Communication Attacks: • Remote central or distributed databases; • Information is attacked before it reaches the matcher.

  20. Back-end attacks • (C) Transmissions between Enrollment and Database • Communication Attacks: • Remote central or distributed databases; • Information is attacked before it reaches the database.

  21. Back-end attacks (D) Attacks to the Application

  22. Back-end attacks • (E) Attacks to the Database • Hacker’s Attack • Modification or deletion of registers: • Legitimate unauthorized person; • Denial of authorized person; • Removal of a known “wanted” person from screening list. • Privacy Attacks: • Access to confidential information; • Level of security of different systems; • Passwords x Biometrics.

  23. Other attacks • Password systems are vulnerable to brute force attacks; • The number of characters is proportional to the bit-strength of password; • Biometrics: equivalent notion of bit-strength, called intrinsic error rate (chapter 14);

  24. Other attacks • Hill Climbing: • Repeatedly submit biometric data to an algorithm with slight differences, and preserve modifications that result in an improved score; • Can be prevented by • Limiting the number of trials; • Giving out only yes/no matches.

  25. Other attacks • Swamping: • Similar to brute force attack, exploiting weakness in the algorithm to obtain a match for incorrect data. • E.g. Fingerprints: • Submit a print with hundreds of minutiae in the hope that at least the threshold number of them will match the stored template; • Can be prevented by normalizing the number of minutiae.

  26. Other attacks • Piggy-back: • An unauthorized user gains access through simultaneous entry with a legitimate user (coercion, tailgating).

  27. Other attacks • illegitimate enrollment: • Somehow an attacker is enrolled (collusion, forgery).

  28. Combining Smartcards and Biometrics • Biometrics – reliable authentication; • Smartcards – store biometrics and other data; • Suggestion: valid enrolled biometrics + valid card; • Benefits: • Authentication is done locally – cuts down on communication with database; • The information never leaves the card – secure by design; • Attacks occur locally and are treated locally; • Keeps privacy;

  29. Challenge-Response Protocol • Dynamic authentication - prevents mainly Replay Attacks; • The system issues a challenge to the user, who must respond appropriately (prompted text – increases the difficulty of recorded biometrics’ use); • It will demand more sophisticated attacks and block the casual ones; • Extension: • E.g. Number projected in the retina, that must be typed.

  30. Cancellable Biometrics • Once a biometric identifier is somehow compromised, the identifier is compromised forever; • Privacy: • A hacked system can give out user’s information (medical history and susceptibility); • Proscription: • Biometric information should not be used for any other purpose than its intended use; • Concerns • Not an extra bit of information should be collected; • Data integrity and data confidentially are two important issues; • Cross-matching: matching against law enforcement databases; • Biometric cannot change (issue a new credit card number, etc).

  31. Cancellable Biometrics • Cancellable biometrics is a technique that alleviate some of these concerns. • Biometrics are distorted by some non-invertible transform. • If one representation is compromised, another one can be generated. • Signal domain distortions: • Distortion of the raw biometric signal: • Morphed fingerprint; • Split voice signal and scramble pieces; • Feature domain distortions: • Distortion of preprocessed biometric signal (template): • Fingerprint minutiae (S={(xi, yi, θi); i=1,…,M}); X1 X2 x1 x2 x3 X3

  32. Cancellable Biometrics • Relation to compression and encryption • Signal Compression: • the signal temporarily loses its characteristics; • Encryption: • Secure transmission: signal is restored after it; • Cancellable Biometrics: • Signal loses definitely its characteristics; • It’s desirable that the distorted signal is impossible to be restored.

  33. Questions?

More Related