Security of Biometric Systems A Short Introduction Kevin Atighehchi - - PowerPoint PPT Presentation

security of biometric systems
SMART_READER_LITE
LIVE PREVIEW

Security of Biometric Systems A Short Introduction Kevin Atighehchi - - PowerPoint PPT Presentation

Nov 20, 2023 155 likes •341 views

Security of Biometric Systems A Short Introduction Kevin Atighehchi Universit Clermont Auvergne kevin.atighehchi@uca.fr February 20, 2020 Kevin Atighehchi (UCA) LIMOS February 20, 2020 1 / 17 Introduction Automated Border Control 2 /

slide-1
SLIDE 1

Security of Biometric Systems

A Short Introduction Kevin Atighehchi

Université Clermont Auvergne kevin.atighehchi@uca.fr

February 20, 2020

Kevin Atighehchi (UCA) LIMOS February 20, 2020 1 / 17

slide-2
SLIDE 2

Introduction

Automated Border Control

2 / 17

slide-3
SLIDE 3

Introduction Authentication Factors

Authentication Factors

  • Something I know (password, PIN code, ...)
  • Something I possess (USB key, smart card, smartphone, ...)
  • Something I am (morphological, behavioural, biological data)

3 / 17

slide-4
SLIDE 4

Introduction Authentication Factors

Biometric Modalities

4 / 17

slide-5
SLIDE 5

Introduction Principle of a Biometric System

Principle of a Biometric System

Two steps:

  • Enrollment (sensing, processing, storage, at earlier time)
  • Verification or identification (at later time)

5 / 17

slide-6
SLIDE 6

Introduction Principle of a Biometric System

Decision

How to decide if the claimed identity is correct? Suppose SCORE is a similarity matcher of biometric templates. IF SCORE(REFERENCE TEMPLATE, CAPTURED TEMPLATE) > THRESHOLD ACCEPT ELSE REJECT THRESHOLD value is set according to the application

6 / 17

slide-7
SLIDE 7

Introduction Privacy Issues

Protection des données biométriques

Motivation

Legislative and regulatory context:

  • GDPR
  • Loi Informatique et Libertés (update for compliance with GDPR)
  • Privacy-by-design, privacy-by-default

Biometric data:

  • A long-term and unique personal identifier
  • A non-revocable data
  • Whence categorized as a highly sensitive and private data

7 / 17

slide-8
SLIDE 8

Introduction Vulnerabilities

Vulnerabilities of a Biometric System

Attack points (Model of Ratha et al., 2001)

1: Sensor attacks 2, 4, 6: Communication channel attacks (eavesdropping, interruption, modification, replay) 3, 5, 8: Attacks on the processing modules (malware injection to control the initial module) 7: Attacks on the templates (compromise of the database)

8 / 17

slide-9
SLIDE 9

Introduction Attack Examples

Sensor Attack: Make-up

9 / 17

slide-10
SLIDE 10

Introduction Attack Examples

Sensor Attack: FaceID Spoofing

10 / 17

slide-11
SLIDE 11

Introduction Attack Examples

Attack on the Decision Module

The matcher result (accept or reject) can be overridden by the attacker.

11 / 17

slide-12
SLIDE 12

Introduction Attack Examples

Attacks on the Matcher: Hill-Climbing

The reference template T is compared with the fresh template T ′, using a metric distance d and a threshold τ. If d(T, T ′) ≤ τ, access to the system is granted. Assumption: The distance is leaked. Let T, T ′ ∈ Fn

2 and d the Hamming distance. If each time an

authentication attempt the adversary makes he learns the resulting score, then he can recover the template T with only n + 1 attempts. To compare with the ∼ 2n−t attempts that require a brute-force attack when the distance is not leaked.

12 / 17

slide-13
SLIDE 13

Introduction Attack Examples

Biometrics with standard cryptography

Assumption: the reference biometric template is encrypted with a standard algorithm (AES), by the user (or by the server after a secure transmission), prior its storage on the server.

1 Enrolment phase: The server encrypts the biometric reference

template T, sent by the user (variant: the user encrypts his template T and sends it to the server).

2 Verification phase: The user sends a fresh template T ′ to the server.

The server decrypts the reference template T and compares it with T ′. Insights:

  • Biometric templates are not protected during the verification. If the

server is compromised, the biometric template is compromised.

  • Standard cryptography does not preserve distances.

13 / 17

slide-14
SLIDE 14

Introduction Attack Examples

Template Database Integrity

Assumptions:

  • The templates of the database are separately protected in integrity,

i.e. a MAC or a digital signature is computed on each template (along with the user ID).

  • The adversary is a user of the system.

Insights:

  • The adversary could swap its own pair of template/MAC with the pair
  • f another user.
  • The data structure should be authenticated as well.

14 / 17

slide-15
SLIDE 15

Introduction Security

PET and Security Criteria

Crypto-biometric schemes are used to protect biometric templates and are included in the Privacy Enhancing Techonologies, standardized in ISO 24745 (2011). Required criteria in ISO 24745:

  • Performances
  • Irreversibility
  • Unlinkability/diversity (Indistinguishability)
  • Revocability/renewability

15 / 17

slide-16
SLIDE 16

Examples of mechanisms

Protection of biometric data

Motivation and examples of primitives

Biometric data require special treatments adapted to their level of sensitivity:

  • Protection against a passive attacker
  • Protection against an active attacker
  • With a variety of assumptions regarding the communicating systems:
  • Honest-but-curious server
  • Server compromise
  • Authentication device stolen (e.g. smartphone)

Some mechanisms:

  • Fuzzy {Commitment, Vault, Extractor}
  • Computations in the encrypted domain
  • Secure Multi-Party Computation
  • Cancelable biometric transformations

16 / 17

slide-17
SLIDE 17

Questions

Thanks for your attention... Questions?

17 / 17