This preview shows pages 1–3. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: May 10, 2004 USVISIT - ITR Project Meeting 1 CSE190a Fal 06 Biometric System Security and Policy Implications Biometrics CSE 190-a Lecture 19 CSE190a Fal 06 Outline 1. Serges Video 2. Biometrics System Security 3. Policy CSE190a Fal 06 Computer Vision: Fact and Fiction Biometrics Video by Serge Belongie et al Attacks against Biometric Systems Taxonomy of Attacks Attack Examples Solutions to Attacks Liveness Detection Challenge/Response Watermarking Biometrics System Security Outline Biometrics System Security Outline Circumvention: An attacker gains access to the system protected by biometric authentication Privacy attack: Attacker accesses the data that she was not authorized (e.g., accessing the medical records of another user) Subversive attack: Attacker manipulates the system (e.g., submitting bogus insurance claims) Repudiation: An attacker denies accessing the system A bank clerk modifies the financial records and later claims that her biometric data was stolen and denies that she is responsible Contamination (covert acquisition): An attacker illegally obtains biometric data of genuine users and uses it to access the system Lifting a latent fingerprint and constructing a synthetic finger Maltoni et al. 2003 & Uludag, Jain 2004 (1) Six major types of threats Types of Threats Types of Threats Collusion: A user with wide super user privileges (e.g., system administrator) illegally modifies the system Coercion: An attacker forces a legitimate user to access the system (e.g., using a fingerprint to access ATM at a gunpoint) Denial of Service (DoS): An attacker corrupts the biometric system so that legitimate users cannot use it A server that processes access requests can be bombarded with many bogus access requests, to the point where the servers computational resources can not handle valid requests any more. Maltoni et al. 2003 & Uludag, Jain 2004 (1) Types of Threats Types of Threats May 10, 2004 USVISIT - ITR Project Meeting 2 Sensor Feature extractor Matcher Database Decision 1 2 3 4 5 8 7 6 Adapted from Ratha et al. 2001 (1) Points of attack for a generic biometric system Attacks Against Biometric Systems Attacks Against Biometric Systems Attack 1 : A fake biometric (e.g., an artificial finger) is presented at the sensor Attack 2 : Illegally intercepted data is resubmitted (replay) Attack 3 : Feature detector is replaced by a Trojan horse program It produces feature sets chosen by the attacker Attack 4 : Legitimate features are replaced with a synthetic feature set Attack 5 : Matcher is replaced by a Trojan horse program It produces scores chosen by the attacker Attack 6 : Templates in the database are modified, removed, or new templates are added Attack 7 : The transferred template information is altered in the communication channel Attack 8 : The matching result (e.g., accept/reject) is overridden Attacks Against Biometric Systems...
View Full Document
This note was uploaded on 02/14/2008 for the course CSE 190A taught by Professor Kriegman during the Fall '06 term at UCSD.
- Fall '06