how to privately find double acquisitions in biometric
play

How to Privately Find Double Acquisitions in Biometric Databases - PowerPoint PPT Presentation

Aug 05, 2023 •9 likes •409 views

Introduction New Non-Crypto Solution Conclusion How to Privately Find Double Acquisitions in Biometric Databases Orr Dunkelman Department of Computer Science, University of Haifa January 15th, 2015 Joint works with Melissa Chase and

  1. Introduction New Non-Crypto Solution Conclusion How to Privately Find Double Acquisitions in Biometric Databases Orr Dunkelman Department of Computer Science, University of Haifa January 15th, 2015 Joint works with Melissa Chase and Margarita Osadchy Orr Dunkelman How to Privately Find Double Acquisitions in Biometric Databases 1/ 40

  2. Introduction New Non-Crypto Solution Conclusion Outline 1 Introduction The Israeli ID System The ID Card The Current ID Database 2 The New Proposal The New Proposed ID Card System The Advantages The Biometric Database What’s Wrong with the Biometric Database 3 Various Solutions to Preventing Double-Acquisition Solving the Issue with no Database 4 Privacy Preserving Biometric Database The First Solution A Few Words Concerning Consistent Biometric Sampling The Second Solution 5 Some Concluding Remarks Technical Summary Are the Sky Falling on Our Heads? Orr Dunkelman How to Privately Find Double Acquisitions in Biometric Databases 2/ 40

  3. Israel Card Database Introduction New Non-Crypto Solution Conclusion The Israeli ID System ◮ Any Israeli citizen is assigned a 9-digit ID number. ◮ Actually, there are 8 digits (the ninth serves for error detection). ◮ Once reaching the age of 16 an ID card may be issued (by the age of 18 it is mandatory). ◮ This ID card is supposed to be carried at all times for identification. ◮ In real life, the ID number is sufficient for any practical purpose. . . (similarly to SSN in the US) Orr Dunkelman How to Privately Find Double Acquisitions in Biometric Databases 3/ 40

  4. Israel Card Database Introduction New Non-Crypto Solution Conclusion The Israeli ID System (cont.) ◮ The ID card is an identification form. ◮ One can usually get away with showing other credentials (driving license, passport, etc.) ◮ For some rare cases, only the ID card is valid as a form of identification. Orr Dunkelman How to Privately Find Double Acquisitions in Biometric Databases 4/ 40

  5. Israel Card Database Introduction New Non-Crypto Solution Conclusion The Israeli ID Card ◮ Each ID card is actually a laminated card. ◮ Contains a picture, the ID number, and some fixed identification information. ◮ The card has an appendix which contains some additional information which may change over time (current address, kids, etc.). ◮ The appendix is a simple piece of paper with no practical identification value. Orr Dunkelman How to Privately Find Double Acquisitions in Biometric Databases 5/ 40

  6. Israel Card Database Introduction New Non-Crypto Solution Conclusion So What’s Wrong? ◮ ID card have no validity. This means that the picture can be 30 years old and the card still valid. . . ◮ Moreover, forging an Israeli ID card is not hard. ◮ Printing a new one from scratch is easy (requires a bit of practice). ◮ But actually taking someone else’s ID card and replacing the picture is extremely easy. So how come identity theft attacks are not a big issue in Israel? Orr Dunkelman How to Privately Find Double Acquisitions in Biometric Databases 6/ 40

  7. Israel Card Database Introduction New Non-Crypto Solution Conclusion Forging ID Cards in Israel ◮ Most fake ID cards are actually legitimate cards that were modified or abused. ◮ The reason the person who had “lost” the identity card does not complain about identity theft is because most fake ID cards are using: ◮ Dead people’s ID cards. ◮ ID cards of people who left Israel for good (with their consent). ◮ And usually the adversary is after the “government”: ◮ Collecting social security benefits (and similar support). ◮ Voting in the elections. . . and not after the person whose identity was stolen. ◮ And sometimes, they actually do the “victim” a good service. Orr Dunkelman How to Privately Find Double Acquisitions in Biometric Databases 7/ 40

  8. Israel Card Database Introduction New Non-Crypto Solution Conclusion The Security Threat ◮ Besides these issues, Israeli IDs are extremely useful to people who try to enter Israel illegally. ◮ These people usually obtain a completely fake ID, and use it at security check points or when the police stops them for interrogation. ◮ These cases are usually easy to detect: ◮ Sometimes the person is too young (or too old) for the claimed date of birth. ◮ Sometimes the checksum is wrong. ◮ The policeman/solider can query the database. Orr Dunkelman How to Privately Find Double Acquisitions in Biometric Databases 8/ 40

  9. Israel Card Database Introduction New Non-Crypto Solution Conclusion The Current ID Database ◮ Currently, the Israeli Ministry of Interior Affairs has a database about the entire Israeli population. ◮ This database contains all identification details, as well as family relations. ◮ It is composed of private and sensitive information (according to the Israeli law). ◮ Some parts of the database are given to various entities (banks, insurance companies, political parties). ◮ The database was supposed to be kept secret, but since several years now, it is possible to find the full database online. It is also updated every now and then. ◮ Recently, (one of the) responsibles for the 2005 leak was sentenced to prison. Orr Dunkelman How to Privately Find Double Acquisitions in Biometric Databases 9/ 40

  10. System Advantages Database Wrong Introduction New Non-Crypto Solution Conclusion The New Proposed ID Card System ◮ To overcome these issues, the Israeli parliament has discussed a new law concerning the ID System. ◮ The law suggests three methods to fight the counterfeit ID cards by offering three mechanisms: ◮ The use of new ID cards which contain a smart card. ◮ The use of biometric information for identification. The information will be stored on the smart card, signed by the state. ◮ The establishment of a database containing the biometric information of all citizens. Orr Dunkelman How to Privately Find Double Acquisitions in Biometric Databases 10/ 40

  11. System Advantages Database Wrong Introduction New Non-Crypto Solution Conclusion The Good Parts ◮ Verifying the authenticity of ID cards will become simple. ◮ Identifying whether the person matches the ID will become simple. ◮ The new ID cards will have an expiry date . ◮ Hopefully, many fraudulent people will be purged from the database. Orr Dunkelman How to Privately Find Double Acquisitions in Biometric Databases 11/ 40

  12. System Advantages Database Wrong Introduction New Non-Crypto Solution Conclusion Purging “Nonexistent” Entities ◮ The idea is that the nonexistent entities will not be issued a new ID card, as they cannot arrive to the acquisition stations. ◮ However, it is very obvious that the holders of the forged cards will be able to arrive and claim a false new ID card. ◮ For that, during the first acquisition of a person, the identification will not be based solely on the information from the Ministry of Interior Affairs. ◮ In other words, they will be given access to more private data. . . ◮ At the end, if you have the cooperation of the person whose ID you are stealing, you can succeed in obtaining an additional ID card. Orr Dunkelman How to Privately Find Double Acquisitions in Biometric Databases 12/ 40

  13. System Advantages Database Wrong Introduction New Non-Crypto Solution Conclusion Biometric Database ◮ To solve the issue of one person holding multiple ID cards (up to people who change their declared identity once) a biometric database will be used. ◮ During the acquisition process, each citizen’s biometrics will be measured and stored in the database. ◮ Then, collisions in the database will be found using simple forensics tools. ◮ Also useful to identify people once the ID card is lost (or stolen). Orr Dunkelman How to Privately Find Double Acquisitions in Biometric Databases 13/ 40

  14. System Advantages Database Wrong Introduction New Non-Crypto Solution Conclusion The Biometric Data ◮ The Israeli law dictates that the biometric data will be composed of: ◮ High resolution photo of the face, ◮ Fingerprints of both index fingers (left/right). Orr Dunkelman How to Privately Find Double Acquisitions in Biometric Databases 14/ 40

  15. System Advantages Database Wrong Introduction New Non-Crypto Solution Conclusion Privacy Concerns ◮ Private sensitive information will be kept by people who failed to safely keep other sensitive information. ◮ Many other entities will be given access to the database (the police will be granted full access, other entities may accept some restricted access rights). ◮ Database leakage means that everyone has access to your private biometric data. ◮ Finally, one could perform reverse queries — given biometric data, identify the person who owns it. . . Orr Dunkelman How to Privately Find Double Acquisitions in Biometric Databases 15/ 40

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Wearable Computers For Biometric Data Why Biometric Data? People want to win ! Why Biometric

Wearable Computers For Biometric Data Why Biometric Data? People want to win ! Why Biometric

Wearable Computers For Biometric Data Why Biometric Data? People want to win ! Why Biometric Data? Athletes need real-time feedback to improve ! You only improve what you measure What is Biometric Data? Cycle Monitors 20M 10M 1980 1990

458 views • 20 slides
BIAS BIAS Biometric Identity Assurance Services 6 March 2009 Catherine Tilton W3C Workshop on

BIAS BIAS Biometric Identity Assurance Services 6 March 2009 Catherine Tilton W3C Workshop on

BIAS BIAS Biometric Identity Assurance Services 6 March 2009 Catherine Tilton W3C Workshop on SIV Biometric services Whats missing? Biometric Applications Biometric Resources ? ANSI/NIST-ITL 1-2000/6 ? BioAPI/BIP ? Other ?

257 views • 13 slides
1 Biometric Encryption Aims www.ipc.on.ca Aims Protect the biometric data and

1 Biometric Encryption Aims www.ipc.on.ca Aims Protect the biometric data and

Content Motivation Biometric Encryption in 3D Face Biometric encryption in 3D Face Outlook Michiel van der Veen 3D Face end-user meeting March 22, Darmstadt, Germany 2 3D Face end-user meeting (March 22, 2007,

585 views • 5 slides
Privately Developed Privately Developed Groundwater Recharge Dave Tuthill, Ph.D., P.E. August

Privately Developed Privately Developed Groundwater Recharge Dave Tuthill, Ph.D., P.E. August

Idaho Section Privately Developed Privately Developed Groundwater Recharge Dave Tuthill, Ph.D., P.E. August 2, 2018 Topics 1. Why Privately Develop Managed Aquifer Recharge? 2. What are: Recharge Development Corporation

406 views • 22 slides
Biometric Security Roles & Resources Part 2 BIAS Cathy Tilton Chair, BIAS

Biometric Security Roles & Resources Part 2 BIAS Cathy Tilton Chair, BIAS

Biometric Security Roles & Resources Part 2 BIAS Cathy Tilton Chair, BIAS Integration TC VP, Standards & Emerging Tech, Daon www.oasis-open.org Biometric Identity Assurance Services (BIAS) Biometric Applications

723 views • 34 slides
Biometrics Outline Biometrics What is a Biometric Signature? What is an Authentication

Biometrics Outline Biometrics What is a Biometric Signature? What is an Authentication

Biometrics Outline Biometrics What is a Biometric Signature? What is an Authentication System? How does a Biometric System work? Biometric Comparisons Types of Biometrics Fingerprint-Scan Iris-Scan 2 BIOMETRICS

568 views • 36 slides
Structuring Affordable Acquisitions Optima Corporate Finance Our Services Acquisitions Have

Structuring Affordable Acquisitions Optima Corporate Finance Our Services Acquisitions Have

Structuring Affordable Acquisitions Optima Corporate Finance Our Services Acquisitions Have acted for a range of public and private companies in identifying acquisition targets negotiating & structuring terms and project managing deals to

124 views • 9 slides
INTERNATIONAL ACQUISITIONS: THE KEY TO SUCCESS IN THE EXPERIENCE OF ITALIAN COMPANIES Gianluca

INTERNATIONAL ACQUISITIONS: THE KEY TO SUCCESS IN THE EXPERIENCE OF ITALIAN COMPANIES Gianluca

International Acquisitions INTERNATIONAL ACQUISITIONS: THE KEY TO SUCCESS IN THE EXPERIENCE OF ITALIAN COMPANIES Gianluca Colombo, Valter Conca (*) Abstract Cross-border acquisitions often imply post-merger integration problems and cultural

477 views • 34 slides
Biometric Analytics Cost Estimating Joseph Sarage and Sean McKenna Biometric Analytics Cost

Biometric Analytics Cost Estimating Joseph Sarage and Sean McKenna Biometric Analytics Cost

J u n e 1 1 , 2 0 1 5 Biometric Analytics Cost Estimating Joseph Sarage and Sean McKenna Biometric Analytics Cost Estimating Background + Approach + Case Study + Final Words + Q & A + 1 Booz Allen Internal Background:

679 views • 22 slides
How to Evaluate Transformation Based Cancelable Biometric Systems? R. Belguechi, E. Cherrier and

How to Evaluate Transformation Based Cancelable Biometric Systems? R. Belguechi, E. Cherrier and

How to Evaluate Transformation Based Cancelable Biometric Systems? R. Belguechi, E. Cherrier and C. Rosenberger GREYC Research Lab, ENSICAEN - CNRS University of Caen, FRANCE NIST International Biometric Performance Testing Conference 2012

682 views • 31 slides
CBEFF CBEFF Common Biometric Exchange Formats Framework Common Biometric Exchange Formats

CBEFF CBEFF Common Biometric Exchange Formats Framework Common Biometric Exchange Formats

CBEFF CBEFF Common Biometric Exchange Formats Framework Common Biometric Exchange Formats Framework 6 March 2009 Catherine Tilton W3C Workshop on SIV What is a CBEFF? CBEFF describes a structure and set of metadata elements necessary to

173 views • 13 slides
On the Resilience of Biometric Authentication Systems against Random Inputs Benjamin Zhao ,

On the Resilience of Biometric Authentication Systems against Random Inputs Benjamin Zhao ,

On the Resilience of Biometric Authentication Systems against Random Inputs Benjamin Zhao , Hassan Asghar, Dali Kaafar Biometric Authentication: Overview Metrics Face Feature Extraction FRR, Engineered FPR, Embeddings EER,

547 views • 25 slides
Observing Biometric Voter Registration What to look for? Workshop on BVR, Zimbabwe, August

Observing Biometric Voter Registration What to look for? Workshop on BVR, Zimbabwe, August

20170830 Observing Biometric Voter Registration What to look for? Workshop on BVR, Zimbabwe, August 2017 What to Observe? Analysis of the Framework Observation of the VR Operation Observation of the biometric component

224 views • 9 slides
Using biometric gadgets for express-tests in the UX/UI research Dmitriy Kostiuk, Anastasia

Using biometric gadgets for express-tests in the UX/UI research Dmitriy Kostiuk, Anastasia

Using biometric gadgets for express-tests in the UX/UI research Dmitriy Kostiuk, Anastasia Markina, Alexandr Dubitsky Biometrics in usability Biometric measuring tools have recently undergone a new wave of attention in the usability

477 views • 19 slides
Biometric T echnologies Dr. Issa Traore ECE Department, University of Victoria Information

Biometric T echnologies Dr. Issa Traore ECE Department, University of Victoria Information

Biometric T echnologies Dr. Issa Traore ECE Department, University of Victoria Information Security and Object T echnology (ISOT) Lab http://www.isot.ece.uvic.ca 1 Agenda Introduction Applications Requirements Biometric

268 views • 16 slides
Identity in the Information Society: Exploring Legal Approaches to the Use of Biometric Data

Identity in the Information Society: Exploring Legal Approaches to the Use of Biometric Data

Identity in the Information Society: Exploring Legal Approaches to the Use of Biometric Data Annemarie Sprokkereef ICS - University of Leeds TILT- University of Tilburg What is Biometrics? Biometric technology identifies individuals by

614 views • 12 slides
Efficient Privacy-Preserving Biometric Identification Yan Huang Lior Malka David Evans Jonathan

Efficient Privacy-Preserving Biometric Identification Yan Huang Lior Malka David Evans Jonathan

Efficient Privacy-Preserving Biometric Identification Yan Huang Lior Malka David Evans Jonathan Katz http://www.mightbeevil.org/secure-biometrics/ Feb 9, 2011 Motivating Scenario: Private No-Fly Checking Threat Models Semi-honest adversary

1.4k views • 40 slides
Unique Identification Number Project: Unique Identification Number Project: Challenges and

Unique Identification Number Project: Unique Identification Number Project: Challenges and

Unique Identification Number Project: Unique Identification Number Project: Challenges and Recommendations Challenges and Recommendations Challenges and Recommendations Challenges and Recommendations Authors: Haricharan Rengamani*,

357 views • 21 slides
Biometrics and secondary authentication. Victoria Cepeda March 11, 2015 Some slides adapted

Biometrics and secondary authentication. Victoria Cepeda March 11, 2015 Some slides adapted

Biometrics and secondary authentication. Victoria Cepeda March 11, 2015 Some slides adapted from Michelle Mazurek, Lorrie Cranor,Blase Ur, Chandrasekhar Bhagavatula and Stephen Siena Authentication in simple terms Positive verification of

991 views • 44 slides
Session 7 Authentication and Access Control Sbastien Combfis Fall 2019 This work is

Session 7 Authentication and Access Control Sbastien Combfis Fall 2019 This work is

I5020 Computer Security Session 7 Authentication and Access Control Sbastien Combfis Fall 2019 This work is licensed under a Creative Commons Attribution NonCommercial NoDerivatives 4.0 International License. User Authentication

862 views • 43 slides
Private Digital Identity on Blockchain Tom Hamer, Kerry Taylor, Kee Siong Ng, Alwen Tiu The

Private Digital Identity on Blockchain Tom Hamer, Kerry Taylor, Kee Siong Ng, Alwen Tiu The

Private Digital Identity on Blockchain Tom Hamer, Kerry Taylor, Kee Siong Ng, Alwen Tiu The Global Identity Crisis In order to access critical services such as finance and social security, people need to have an identity 1.5 billion

857 views • 24 slides
Your face is NOT your password Duc Nguyen Bkis, Vietnam 1 Contents 1. Face recognition

Your face is NOT your password Duc Nguyen Bkis, Vietnam 1 Contents 1. Face recognition

Your face is NOT your password Duc Nguyen Bkis, Vietnam 1 Contents 1. Face recognition authentication and drawbacks 2. Test on Asus laptop 3. Why ? 4. Do the manufacturers know about it ? 5. Test on Lenovo and Toshiba laptops 6. Research results

571 views • 40 slides
AN OVERVIEW OF THE BRAZILIAN ACADEMIC SECURITY LANDSCAPE 2 AN OVERVIEW OF THE BRAZILIAN ACADEMIC

AN OVERVIEW OF THE BRAZILIAN ACADEMIC SECURITY LANDSCAPE 2 AN OVERVIEW OF THE BRAZILIAN ACADEMIC

MARINHO.BARCELLOS@UFRGS.BR AN OVERVIEW OF THE BRAZILIAN ACADEMIC SECURITY LANDSCAPE 2 AN OVERVIEW OF THE BRAZILIAN ACADEMIC SECURITY LANDSCAPE OVERVIEW CESeg SIG SBSeg symposium Cyber security document issued by CESeg 3 AN

542 views • 21 slides
OpenBR Open Source Biometric Recognition and Beyond Josh Klontz www.openbiometrics.org

OpenBR Open Source Biometric Recognition and Beyond Josh Klontz www.openbiometrics.org

OpenBR Open Source Biometric Recognition and Beyond Josh Klontz www.openbiometrics.org February 17, 2013 J. Klontz OpenBR February 17, 2013 1 / 18 Why Open Source? J. Klontz OpenBR February 17, 2013 2 / 18 Why Open Source?

635 views • 51 slides

More recommend