1. Brent Kennedy

2.  Overview  Security Issues  Usability Issues  Bring it all together  Discussion

3.  Sequence of ridges and valleys  No two fingerprints can be exactly the same  Even two imprints from the same finger are different  Reliable and efficient biometric  Still are cons  Scanners work by imaging the print and using an algorithm to compare images http://denis.biometric-fingerprint.com/?cat=7 http://en.wikipedia.org/wiki/Fingerprint

4.  Storage  How are the fingerprints stored?  Who can access them?  Privacy  Can fingerprints lead to more information?  Device  Is it susceptible to over the shoulder peeks?  Does it leave a trace?  Can it be spoofed?

5. >

6.  Small experiment done at W&J College  January 2006  Aimed to spoof fingerprints using common household items  Total Cost: $12.82  Cast:  Play-Doh  Gummy bears  Model Magic  Silly Putty  Modeling clay  Tac N’ Stik  Mold:  Paraffin wax http://www.washjeff.edu/users/ahollandminkley/Biometric/index.html

7.  Devices  Microsoft Fingerprint Reader  APC Biometric Security device

8.  What failed…  One-step method of taking a print directly from the source (no cast)  Gummy bears: Myth busted! ▪ Wouldn’t even hold a fingerprint  Tac N’ Stik worked too well ▪ Picked up old prints from the scanner  Silly putty stuck to the device  Play-Doh was too soft to withstand pressure

9.  Success!  Very soft piece of wax flattened against hard surface  Press the finger to be molded for 5 minutes  Transfer wax to freezer for 10-15 minutes  Firmly press modeling material into cast  Press against the fingerprint reader  Replicated several times

11.  Modified approach on the APC device  Requires less pressure so Play-Doh can be used  Form the Play-Doh around the scanner surface  Then place the flat surface in the cast  More patience required to get authorized  After time, the mold becomes too soft to use

12.  Caveats  Molding material becomes firm and brittle quickly ▪ Hard to make a cast ahead of time  Very high quality mold is required ▪ Attacker may need more advanced materials  All molds were of the thumb ▪ Smaller prints may cause additional problems

13.  The main usability factors for fingerprints:  Scanner height/angle  Training conditions  Age  Habituation  Supervision

14.  Height/Angle  Efficiency (time) not significantly affected by height or angle  Quality significantly affected by height but not angle ▪ Still hard to determine optimal height  Overall satisfaction affected by height, angle, and user height http://zing.ncsl.nist.gov/biousa/docs/NISTIR-7504%20height%20angle.pdf

15.  Age  18-25 age range gave consistent good prints  Prints get worse as age increases  Men overall better than women  Habituation  No trend to print quality over time  Users didn’t know how to fix bad prints http://zing.ncsl.nist.gov/biousa/docs/WP302_Theofanos.pdf

16.  Training/Supervision  Poster had worst success rate: 56%  Verbal vs. video instruction had equal success  Assistance significantly increased success rate ▪ 78% without assistance ▪ 98% with assistance http://zing.ncsl.nist.gov/biousa/docs/NISTIR-7403-Ten-Print-Study-03052007.pdf

17.  Can better usability solve the spoofing problem?  It can help  Smaller scanning area  Slap vs. roll  Better algorithms with better feedback