Chapter 12 Thwarting Attacks - PowerPoint PPT Presentation

About This Presentation

Title:

Chapter 12 Thwarting Attacks

Description:

Injection of an image created artificially from extracted features; ... Electronic ... e.g. An image of an artificial fingerprint created from minutia ... – PowerPoint PPT presentation

Number of Views:64

Avg rating:3.0/5.0

Slides: 34

Provided by: Lean8

Learn more at: https://www.cse.unr.edu

Category:

more less

Transcript and Presenter's Notes

Title: Chapter 12 Thwarting Attacks

1
Chapter 12 Thwarting Attacks

Leandro A. Loss

2
Introduction

Benefits of Biometric Authentication
Convenience (e.g. recall password, keep cards)
Security (e.g. cracked password, stolen cards)
Introduces different security weaknesses
Objective Identify security weak points, keeping
in mind the security versus convenience trade-off

3
Pattern Recognition Model
Sensor
Template Extractor
Matcher
Application
Enrollment
Template Database

11 basic points of attack that plague biometric
authentication systems

4
Attacking Biometric Identifiers
Sensor
Template Extractor
Matcher
Application
5
Attacking Biometric Identifiers

Coercive Attack Examples
A genuine user is forced by an attacker to
identify him or herself to an authentication
system
The system should detect coercion instances
reliably without endangering lives (stress
analysis, guards, video recording).
The correct biometric is presented after physical
removal from the rightful owner
The system should detect liveness (movements of
iris, electrical activity, temperature, pulse in
fingers.

6
Attacking Biometric Identifiers

Impersonation Attack Examples
Involves changing ones appearance so that the
measured biometric matches an authorized person
Voice and face are the most easily attacked
Fake fingerprints or even fingers have been
reported.
Changes ones appearance to cause a false
negative error in screening systems
disguises or plastic surgeries
Combination of multiple biometrics makes
replications more difficult, specially when
synchronization is analyzed (works well for the
first case)
No defense suggestions for the second case

7
Attacking Biometric Identifiers

Replay Attack Examples
Re-presentation of previously recorded biometric
information (tape or picture)
Prompt random text to be read
Detect tri-dimensionality or require change of
expression.

8
Front-end attacks
B
D
Sensor
Template Extractor
Matcher
Application
A
C
9
Front-end attacks

(A) Channel between sensor and biometric system
Replay Attacks
circumventing the sensor by injecting recorded
signal in the system input (easier than attacking
the sensor)
digital encryption and time-stamping can
protect against these attacks.
Electronic Impersonation Attacks
Injection of an image created artificially from
extracted features
e.g. An image of an artificial fingerprint
created from minutia captured from a card
No defense suggested.

10
Front-end attacks

(B) Template Extractor
Trojan Horse Attacks
The features are replaced after extracted
(assuming the representation is known)
The extractor would produce a pre-selected
feature set at some given time or under some
condition
No defense suggested.

11
Front-end attacks

(C) Transmissions between Extractor and Matcher
Communication Attacks
Specially dangerous in remote matchers
No defense suggested.

12
Front-end attacks

(D) Matcher
Trojan Horse Attacks
Manipulations of match decision
e.g. A hacker could replace the biometric
library on a computer with a library that always
declares a true match for a particular person
No defense suggested.

13
Circumvention
Sensor
Template Extractor
Matcher
Application
Overriding of the matchers output
14
Circumvention

Collusion
Some operators have super-user status, which
allows them to bypass the authentication process
Attackers can gain super-user status by
- Stealing this status
- Agreement with operator

15
Circumvention

Covert Acquisition
Biometric stolen without the user knowledge
Only the parametric data is used to override
matcher (so different from impersonation)

16
Circumvention

Denial
A authentic user identifies him or herself to
the system but is denied such an access (a False
Rejection is evoked)
Not considered fraud because no unauthorized
access was granted
But it disrupts the functioning of the system.

17
Back-end attacks
D
Sensor
Template Extractor
Matcher
Application
B
A
Enrollment
Template Database
E
C
18
Back-end attacks

(A) Enrollment Attacks
Same vulnerable points of the others
With collusion between the hacker and the
supervisor of the enrollment center, it is easy
to enroll a created or stolen identity
Enrollment needs to be more secure than
authentication and is best done under trusted and
competent supervision.

Enrollment
Sensor
Template Extractor
Matcher
Template Database
19
Back-end attacks

(B) Transmissions between Matcher and Database
Communication Attacks
Remote central or distributed databases
Information is attacked before it reaches the
matcher.

20
Back-end attacks

(C) Transmissions between Enrollment and Database
Communication Attacks
Remote central or distributed databases
Information is attacked before it reaches the
database.

21
Back-end attacks
(D) Attacks to the Application
22
Back-end attacks

(E) Attacks to the Database
Hackers Attack
Modification or deletion of registers
Legitimate unauthorized person
Denial of authorized person
Removal of a known wanted person from
screening list.
Privacy Attacks
Access to confidential information
Level of security of different systems
Passwords x Biometrics.

23
Other attacks

Password systems are vulnerable to brute force
attacks
The number of characters is proportional to the
bit-strength of password
Biometrics equivalent notion of bit-strength,
called intrinsic error rate (chapter 14)

24
Other attacks

Hill Climbing
Repeatedly submit biometric data to an algorithm
with slight differences, and preserve
modifications that result in an improved score
Can be prevented by
Limiting the number of trials
Giving out only yes/no matches.

25
Other attacks

Swamping
Similar to brute force attack, exploiting
weakness in the algorithm to obtain a match for
incorrect data.
E.g. Fingerprints
Submit a print with hundreds of minutiae in the
hope that at least the threshold number of them
will match the stored template
Can be prevented by normalizing the number of
minutiae.

26
Other attacks

Piggy-back
An unauthorized user gains access through
simultaneous entry with a legitimate user
(coercion, tailgating).

27
Other attacks

illegitimate enrollment
Somehow an attacker is enrolled (collusion,
forgery).

28
Combining Smartcards and Biometrics

Biometrics reliable authentication
Smartcards store biometrics and other data
Suggestion valid enrolled biometrics valid
card
Benefits
Authentication is done locally cuts down on
communication with database
The information never leaves the card secure
by design
Attacks occur locally and are treated locally
Keeps privacy

29
Challenge-Response Protocol
Dynamic authentication - prevents mainly Replay
Attacks The system issues a challenge to the
user, who must respond appropriately (prompted
text increases the difficulty of recorded
biometrics use) It will demand more
sophisticated attacks and block the casual
ones Extension E.g. Number projected in the
retina, that must be typed.
30
Cancellable Biometrics

Once a biometric identifier is somehow
compromised, the identifier is compromised
forever
Privacy
A hacked system can give out users information
(medical history and susceptibility)
Proscription
Biometric information should not be used for any
other purpose than its intended use
Concerns
Not an extra bit of information should be
collected
Data integrity and data confidentially are two
important issues
Cross-matching matching against law enforcement
databases
Biometric cannot change (issue a new credit card
number, etc).