importance of open discussion on adversarial analyses for
play

Importance of Open Discussion on Adversarial Analyses for Mobile - PowerPoint PPT Presentation

ITU-T Workshop on Security, Seoul Importance of Open Discussion on Adversarial Analyses for Mobile Security Technologies --- A Case Study for User Identification --- 14 May 2002 Tsutomu Matsumoto Graduate School of Environment and Information


  1. ITU-T Workshop on Security, Seoul Importance of Open Discussion on Adversarial Analyses for Mobile Security Technologies --- A Case Study for User Identification --- 14 May 2002 Tsutomu Matsumoto Graduate School of Environment and Information Sciences Yokohama National University email: tsutomu@mlab.jks.ynu.ac.jp

  2. Mobile Security Technologies Security Architecture Operating Systems Security Software Tamper Resistance Mobile Code Security Physical Tamper Resistance Communications Security Cryptographic Protocol User Identification ……

  3. Adversarial Analysis Security assessment of biometric user identification systems should be conducted not only for the accuracy of authentication, but also for security against fraud. In this presentation we focus on Fingerprint Systems which may become widespread for Mobile Terminals. Examine Adversarial Analysis as A Third Party Can we make artificial fingers that fool fingerprint systems? What are acceptance rates?

  4. Fingerprint Systems Typical structure of a fingerprint system Typical structure of a fingerprint system Finger Data Result Capturing Comparison Feature Extraction Finger Recording Referring Presenting Finger Information Database Fingerprint System Enrollment Verification or Identification Types of sensors Types of sensors Optical sensors “Live and Well” Detection Capacitive sensors Thermal sensors, Ultrasound sensors, etc.

  5. A Risk Analysis for Fingerprint Systems Attackers may present 1) the registered finger, by an armed criminal, under duress, or with a sleeping drug, 2) an unregistered finger (an imposter's finger), i.e., non-effort forgery, 3) a severed fingertip from the registered finger, 4) a genetic clone of the registered finger, 5) an artificial clone of the registered finger, and 6) the others, such as a well-known method as a “fault based attack.”

  6. Fraud with Artificial Fingers Part of patterns of dishonest acts with artificial fingers against a fingerprint system. L(X): A Live Finger corresponding to Person X A(Y): An Artificial Finger corresponding to Person Y A(Z): An Artificial Finger corresponding to Nobody

  7. Fraud with Artificial Fingers I Enrollment Y obtains A(X). Enrollment Y obtains A(X). X A(X) L(X) L(X) Y X X Distribution of A(X)s Distribution of A(X)s Authentication Authentication A(X)s A(X) X or Y

  8. Fraud with Artificial Fingers II X obtains A(Y). X obtains A(Y). X enrolls A(Y). X enrolls A(Y). X A(Y) A(Y) A(Y) Y X X Authentication Distribution of A(Y)s Authentication Distribution of A(Y)s A(Y)s A(Y) or L(Y) X or Y

  9. Fraud with Artificial Fingers III Enrollment Y makes A(X). Enrollment Y makes A(X). X L(X) A(X) L(X) L(X) X X Y Distribution of A(X)s Authentication Distribution of A(X)s Authentication A(X)s A(X) Y

  10. Mapping a Fingerprint onto Artificial Fingers Finegerprint e.g., Live Fingers, Generators, ... Impression e.g., Molds, Residual Fingerprints, ... Artificial Finger

  11. Known Results Process 0 (1) Finger (2) Mold (3) Silicone Rubber Finger

  12. Fact Optical Sensor Capacitive Sensor Optical Sensor Capacitive Sensor Finger Finger Detector Light Source Array of Electrodes Often Accepts Usually Rejects Silicone Rubber Fingers Silicone Rubber Fingers

  13. Gummy Fingers Our Result Our Result Process 1 Process 1 (1) Finger (1) Finger (2) Plastic Mold (2) Plastic Mold (3) Gummy Finger (3) Gummy Finger

  14. Recipe 1-1 Making an Artificial Finger directly from a Live Finger Materials Materials Free molding plastic Solid gelatin sheet “FREEPLASTIC” “GELATINE LEAF ” by Daicel FineChem Ltd. by MARUHA CORP 350JPY/35grams 200JPY/30grams

  15. Recipe 1-2 Making an Artificial Finger directly from a Live Finger How to make a mold How to make a mold Put the plastic into hot water to soften it. Press a live finger against it. The mold It takes around 10 minutes.

  16. Recipe 1-3 Making an Artificial Finger directly from a Live Finger Preparation of material Preparation of material A liquid in which immersed gelatin at 50 wt.% . Add boiling water (30cc) to solid gelatin (30g) in a bottle and mix up them. It takes around 20 minutes.

  17. Recipe 1-4 Making an Artificial Finger directly from a Live Finger How to make a gummy finger How to make a gummy finger Pour the liquid into the mold. Put it into a refrigerator to cool. It takes around 10 minutes. The gummy finger

  18. Similarity with Live Fingers The photomicrographs of fingers The photomicrographs of fingers (a) Live Finger (b) Silicone Finger (c) Gummy Finger

  19. Captured Images Captured images with the device C (an optical sensor). Captured images with the device C (an optical sensor). (a) Live Finger (b) Silicone Finger (c) Gummy Finger Captured images with the device H (a capacitive sensor). Captured images with the device H (a capacitive sensor). (a) Live Finger (b) Gummy Finger

  20. Experiments Subjects : five persons whose ages are from 20’s to 40’s Fingerprint systems : 11 types We attempted one-to-one verification 100 times counting the number of times that it accepts a finger presented. Types of experiments Experiment Enrollment Verification Type 1 Live Finger Live Finger Type 2 Live Finger Gummy Finger Type 3 Gummy Finger Live Finger Type 4 Gummy Finger Gummy Finger

  21. The List of Fingerprint Devices H ardw are S pecifications So ftwa re Spe cific ations M ethods fo r L iv e and M anufacturer / P roduc t M anufa ctur er / P ro duc t N ame Co mpar iso n V er ification P ro duc t N am e T ype Se nsor W ell Selling Ag ency N umbe r S elling Age ncy (Application) L eve ls D ete ction Com p aq S ta nd-A lone F in gerprint Identifica tion Com p aq C om p uter Optic a l C om p aq C om pu ter M inu tiae DF R ョ D ev ic e A Fingerprint Identifica tion -200 E 0 38 11US 00 1 unknow n T echnology Softw are 1 throu gh 3 Cor poration S ensor C orp ora tion M a tc hing Unit ver sion 1.1 M IT SUB ISH I S um ikin Iz um i Optic a l M inu tiae D ev ic e B EL E C T R IC Fingerprint R ec ognizer F PR -DT mkII 003 136 unknow n C om p uter Ser vice co. S ecFP V1.11 Fix ed S ensor M a tc hing CO R PO R AT IO N L td. M inu tiae Fingerprint Identifica tion Optic a l B asic Utilit ie s for M a tc hing D ev ic e C NE C C orpora tion N7 95 0-41 9 Y00 00 3 unknow n N E C C orpora tion Fix ed Unit (P rism) S ensor F in gerprint Identifica tion (M inut ia and R ela tion) " YU B I PA S S " U .a re.U ョ Fingerprint R ec ognition Optic a l M inu tiae D ev ic e D OM R O N C orp orat ion FP S-100 0 9 050 085 4 unknow n O M R ON C orpor ation F in gerprint Ver ification Fix ed Sensor S ensor M a tc hing S oftwa re F in gerprint Identifica tion U nit W indows ョ Sony Fingerp rint Optic a l L ive Finger T SUB ASA S YST E M 9 5 P att ern D ev ic e E Sony C orpora tion FIU-00 2-F11 0 07 09 1 throu gh 5 Iden tific ation Unit S ensor detection C O .,L T D. Inter active Dem o Ver sion m a tch ing 1 .0 Bu ild 1 3 M inu tiae C a pa citive L ogon for Fingsensor V1 .0 D ev ic e F FUJIT SU L IM IT E D Fingsensor FS-2 00U 00 AA0 002 57 unknow n F UJIT SU L IM IT E D Fix ed M a tc hing for W indows ョ S ensor 95 /98 (C orrela tion) M inu tiae Fingerprint Identifica tion C a pa citive B asic Utilit ie s for M a tc hing D ev ic e G NE C C orpora tion P K-FP 002 03 005 29S unknow n N E C C orpora tion Fix ed Unit (S eria l) S ensor F in gerprint Identifica tion (M inut ia and R ela tion) F in gerT IP ョ S oftwa re C 98 451 - FingerT IP ョ Siem ens A G (Infineon C a pa citive S ie me ns AG (Infineon D evelopm ent K it (SDK ) M inu tia E VA LUA TION - D ev ic e H D6 100 -A900 - unknow n Fix ed T echnologies AG ) EV AL UAT ION K IT KIT S ensor T echnologies AG) V ersion: V0 .90, B eta 3 m a tch ing 4 "D em o Progra m " Sony Fingerp rint C a pa citive L ive Finger P att ern G o o d - b y e " P A S S W O R D " s D ev ic e I Sony C orpora tion F IU-710 30 00 398 S yst em needs Inc . 1 throu gh 5 Iden tific ation Unit S ensor detection m a tch ing Op t i c a l S e c u De s k t o p 1 . 5 5 日 9 Mi n u t i a 9 6 5 0 1 7 2 0 0 4 S e c u g e n 1 t h r o u g h Secu gen Ey eD m ouse II unknow n D ev ic e J SM B -800 S e n s o r 本 語 版 ma t c h i n g Op t i c a l S e c u r e S u i t e Mi n u t i a ethenticatior M S 3 000 PC M3 0 0 F 2 0 0 9 9 1 u n k n o w n F i x e d D ev ic e K Et hentica M S 3 00 0 E the ntica S e n s o r R e l e a s e 1 . 0 ma t c h i n g Ca rd

  22. Experimental Results Making an Artificial Finger directly from a Live Finger 1 0 0 ) s t p 8 0 m e t a f 0 o 0 r 1 6 0 e / b s m e u m i N t ( e 4 0 e h c T n a t p e 2 0 c c L - L L - A A - L A - A A 0 A B C D E F G H I J K F i n g e r p r i n t D e v i c e

  23. Gummy Fingers Our Result Our Result Process 2 Process 2 (1) Residual Fingerprint (1) Residual Fingerprint (2) Digital Image Data (2) Digital Image Data (3) Printed Circuit Board (3) Printed Circuit Board (4) Gummy Finger (4) Gummy Finger

Recommend


More recommend