12-Biometrics-Lecture-12-Part3-2008-12-08

12-Biometrics-Lecture-12-Part3-2008-12-08 - Master SC...

Info iconThis preview shows pages 1–9. Sign up to view the full content.

View Full Document Right Arrow Icon
1 Biometrics http://scgwww.epfl.ch/courses Master SC – Information and Communication Security Dr. Andrzej Drygajlo Speech Processing and Biometrics Group Signal Processing Institute Ecole Polytechnique Fédérale de Lausanne (EPFL) Center for Interdisciplinary Studies in Information Security (ISIS)
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
2 Biometric System Operation Enrollment: User’s biometric data is captured and a salient feature set is extracted; these features are associated with the user identity and stored as a template in a database Authentication: User’s biometric data is captured and the extracted feature set is compared with either (i) all the templates in the database (identification), or (ii) the templates associated with a claimed identity (verification)
Background image of page 2
3 Biometric System Security
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
4 Types of Threats Circumvention: An attacker gains access to the system protected by biometric authentication Privacy attack : Attacker accesses the data that she was not authorized (e.g., accessing the medical records of another user) Subversive attack : Attacker manipulates the system (e.g., submitting bogus insurance claims) Repudiation : An attacker denies accessing the system A bank clerk modifies the financial records and later claims that her biometric data was stolen and denies that she is responsible Contamination (covert acquisition): An attacker illegally obtains biometric data of genuine users and uses it to access the system Lifting a latent fingerprint and constructing a synthetic finger
Background image of page 4
5 Types of Threats Collusion : A user with wide super user privileges (e.g., system administrator) illegally modifies the system Coercion : An attacker forces a legitimate user to access the system (e.g., using a fingerprint to access ATM at a gunpoint) Denial of Service (DoS): An attacker corrupts the biometric system so that legitimate users cannot use it A server that processes access requests can be bombarded with many bogus access requests, to the point where the server’s computational resources can not handle valid requests any more.
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
6 Locations for Biometric System Threats Security along the whole process chain of a biometric system is needed
Background image of page 6
7 Attacks Against Biometric Systems Points of attack for a generic biometric system
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
8 Attacks Against Biometric Systems Attack 1: A fake biometric (e.g., an artificial finger) is presented at the sensor Attack 2: Illegally intercepted data is resubmitted (replay) Attack 3: Feature detector is replaced by a Trojan horse program It produces feature sets chosen by the attacker Attack 4: Legitimate features are replaced with a synthetic feature set Attack 5: Matcher is replaced by a Trojan horse program It produces scores chosen by the attacker Attack 6: Templates in the database are modified, removed, or new templates are added Attack 7: The transferred template information is altered in the communication channel Attack 8: The matching result (e.g., accept/reject) is overridden
Background image of page 8
Image of page 9
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

Page1 / 63

12-Biometrics-Lecture-12-Part3-2008-12-08 - Master SC...

This preview shows document pages 1 - 9. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online