Security Challenges of Biometric Systems Liam M. Mayron, Ph.D. Arizona State University SoDA January 29, 2015

Credit Some of the reference material in this presentation is from the textbook “Introduction to Biometrics” by Jain, Ross, and Nandakumar Some figures have been obtained from various online sources (as noted)

Biometrics? Biometrics are physical and behavioral characteristics that uniquely identify humans Typically used for authentication – associating individuals with their personal identities Active area of research – combines image processing, security, information retrieval, physiology, cognitive science and other fields

Harry Potter Source: http://allears.net/pl/fingerscan.htm

Harry Potter Source: http://www.smartecarte.com/index.php?page=3000-series-lockers-more-information

Harry Potter Source: http://gamingandbranding.blogspot.com/2011/08/universal-theme-park-in-orlando.html

What a person possesses Identity What a person knows What a person possesses Who a person is Relying on what a person knows and what a person possesses is not enough!

Biometric functions “Are you who you say you are?” Verification Identification “Are you who you say you are?” “Are you someone who the system previously recognized?”

Examples of biometrics Fingerprint Palm print Face Iris Retina Ear Voice Signature Gait Hand Vein Odor DNA … AND MORE!

Fingerprint Source: http://www.vetmed.vt.edu/education/curriculum/vm8054/labs/lab14/IMAGES/FINGERPRINT.jpg

Iris Source: http://en.wikipedia.org/wiki/File:NIRIris.png

Gait Source: http://homepages.inf.ed.ac.uk/rbf/CVDICT/cvg.htm

System operation Enrollment phase Recognition phase Sample biometric data Extract features Store extracted features, discard the raw data Re-sample biometric data Extract features Compare against stored data Determine user identity

System components Sensor Feature extractor Database Matcher Green: enrollment Purple: recognition Sensor Feature extractor Database Matcher

Feature extraction A lot of research interest! Purpose is to generate a template, a compact representation of a biometric trait Assess quality Segment data Enhance data

Matching Compare query data to a previously stored template Decide if a individual is a genuine match or an imposter Exact matches are… suspicious

Desired characteristics of biometrics Uniqueness Permanence A biometric should be able to distinguish between two people A biometric should not change (much) over time

Design cycle Understand nature of application and performance requirements Choose appropriate biometric traits Collect sample biometric data Design or train the feature extractor or matcher Evaluation and feedback

Application considerations Cooperative vs. non-cooperative users Overt vs. covert deployment Habituated vs. non-habituated users Attended vs. unattended operation Controlled vs. uncontrolled operation Open vs. closed system

Biometric considerations Universality Uniqueness Permanence Measurability Performance Acceptability Circumvention

Example: fingerprints Source: http://en.wikipedia.org/wiki/File:Fingerprint_detail_on_male_finger.jpg

Fingerprints Ridges under our fingers allow us to grasp objects and improve sensation 20-24 ridges per centimeter is typical Ridge flow is a result of random stresses during fetal development*

Fingerprints The template of a fingerprint is derived from its minutiae Minutiae consist of: Location: location in the image Direction: direction along local ridge orientation Type: Ending Bifurcation A set of minutiae can potentially be used to derive the original ridge skeleton structure Sets of minutiae are compared. If the difference is within allowable parameters both are considered to match

Security threats to biometric systems Denial of Service (DoS) Intrusion Repudiation Function creep

Infrastructure attacks System attacks Insider attacks Infrastructure attacks Biometric systems require human interaction – can be exploited Collusion Coercion Negligence Enrollment fraud Exception abuse Combination of hardware and software Types User interface System modules Interconnections Template database

User interface attacks Any attack initiated by presenting a biometric Impersonation Obfuscation Spoofing Spoof detection Liveness detection Measure physiological properties Pulse Blood pressure Perspiration Spectral properties of the skin Electrical conductivity Skin deformation Identify voluntary/involuntary behavior Challenge-response

Spoof detection Source: http://www.engadget.com/2012/03/29/samsung-face-unlock-blinking-feature/

Interconnection attacks Man-in-the-middle attack Replay attack Hill-climbing

Template database attacks Leakage is a much more serious issue in biometric systems than in password-based systems

Leakage Ways information about a biometric user can be learned Collusion or coercion: close proximity or cooperation Covert acquisition: close proximity or cooperation Brute force or hill-climbing: breach system security and intrusion Template leakage: can be done remotely and anonymously It is not possible to replace compromised biometric tokens The irrevocable nature of biometrics is both a strength and a weakness

Password security Can techniques that are used to store passwords be used to store biometric templates? Encryption Security depends on the secrecy of the decryption key Encryption (done simply) is not enough to secure passwords Password-based key generation Password is never stored Password is instead used to generate a cryptographic key Cryptographic hash A one-way hash is applied Cannot retrieve the original password from the hash*

Requirements and challenges Password security techniques cannot be directly applied to biometric templates Fundamental difference between biometric password systems Password systems require an exact match Biometric systems require a “good” match Biometric template protection requires Cryptographic security: non-invertible templates Performance: maintain matching ability Revocability: generate multiple templates from the same data

Encryption Use encryption (AES, RSA) to secure template data Not equivalent to password encryption Passwords are the same Biometrics vary at each reading Can compare encrypted passwords directly; cannot directly-compare encrypted biometrics Disadvantage: original data is exposed during decryption Advantage: matching performance is unaffected, can use the same matching algorithms Generally not sufficient for securing biometric data

Feature transformation A transformation function is applied to the template Transformation function derived from a password or random key Can be invertible or non-invertible Invertible Security is derived from the secrecy of the password or key Keys can be user-specific Homomorphic encryption Non-invertible Equivalent to password hashing More secure than invertible feature transformation Challenging to create non-invertible transformation functions Can adversely affect matching performance

Biometric cryptosystems Biometric data is used to bind or generate cryptographic keys Key binding: use biometric data to identify a key that was generated independently of the biometric data itself Key generation: use biometric data to create a key Biometric cryptosystems are an area of active research Helper information that is publicly available is used to stabilize the system

Discussion There is no ideal method of biometric security Many open challenges Today, hybrids of multiple techniques are increasingly common Research topics to consider: Are there existing security methods that can be extended to biometrics? How can we measure the security of a biometric template database? Are there biometrics that are not compatible with existing security schemes?

Thank you! Questions? lmayron@asu.edu or stop by BYENG 506