May 10, 2004USVISIT - ITR Project Meeting1CSE190a Fall 06Biometric System SecurityandPolicy ImplicationsBiometricsCSE 190-aLecture 19CSE190a Fall 06Outline1.Serge’s Video2.Biometrics System Security3. PolicyCSE190a Fall 06Computer Vision: Fact and FictionBiometricsVideo bySerge Belongie et al•Attacks against Biometric Systems• Taxonomy of Attacks• Attack Examples•Solutions to Attacks• Liveness Detection• Challenge/Response• WatermarkingBiometrics System SecurityOutlineBiometrics System SecurityOutline• Circumvention: An attacker gains access to the system protected by biometric authentication •Privacy attack:Attacker accesses the data that she was not authorized (e.g., accessing the medical records of another user)•Subversive attack:Attacker manipulates the system (e.g., submitting bogus insurance claims)• Repudiation: An attacker denies accessing the system •A bank clerk modifies the financial records and later claims that her biometric data was stolen and denies that she is responsible• Contamination (covert acquisition): An attacker illegally obtains biometric data of genuine users and uses it to access the system•Lifting a latent fingerprint and constructing a synthetic fingerMaltoni et al. 2003& Uludag, Jain 2004 (1)Six major types of threatsTypes of ThreatsTypes of Threats• Collusion: A user with wide super userprivileges (e.g., system administrator) illegally modifies the system• Coercion: An attacker forces a legitimate user to access the system (e.g., using a fingerprint to access ATM at a gunpoint)• Denial of Service (DoS): An attacker corrupts the biometric system so that legitimate users cannot use it •A server that processes access requests can be bombarded with many bogus access requests, to the point where the server’s computational resources can not handle valid requests any more.Maltoni et al. 2003& Uludag, Jain 2004 (1)Types of ThreatsTypes of Threats
has intentionally blurred sections.
Sign up to view the full version.