your face is not your password
play

Your face is NOT your password Duc Nguyen Bkis, Vietnam 1 - PowerPoint PPT Presentation

Feb 11, 2023 •163 likes •571 views

Your face is NOT your password Duc Nguyen Bkis, Vietnam 1 Contents 1. Face recognition authentication and drawbacks 2. Test on Asus laptop 3. Why ? 4. Do the manufacturers know about it ? 5. Test on Lenovo and Toshiba laptops 6. Research results

  1. Your face is NOT your password Duc Nguyen Bkis, Vietnam 1

  2. Contents 1. Face recognition authentication and drawbacks 2. Test on Asus laptop 3. Why ? 4. Do the manufacturers know about it ? 5. Test on Lenovo and Toshiba laptops 6. Research results 7. Attack Scenarios 8. Live demonstration 9. Recommendation for manufacturers 10. Questions and Answers 2

  3. Contents 1. Face recognition authentication and drawbacks 2. Test on Asus laptop 3. Why ? 4. Do the manufacturers know about it ? 5. Test on Lenovo and Toshiba laptops 6. Research results 7. Attack Scenarios 8. Live demonstration 9. Recommendation for manufacturers 10. Questions and Answers 3

  4. Face Recognition • Face recognition is one of the biometric technologies • Face recognition has 2 applications: • Identification (Search for an unknown face in a database of faces…) • Access Control (Authentication in buildings, in computers …) • Bkis research focus on access control systems and their security drawbacks. 4

  5. Face recognition authentication • Let me show you a short video clip on Face Recognition Authentication Video • We have just seen an advertisement video of a new feature of current laptops, which is authentication using face recognition technology. • We observe that Candy, the owner of the laptop, does not have to type in her password to log in. She sits in front of the computer and let it recognize her face. 5

  6. Face recognition authentication • At the moment, there are 3 laptop manufacturers that make use of this technology in their products. • They are ASUS, TOSHIBA and LENOVO. 6

  7. Face recognition authentication • Develop their own software with their own algorithms Asus: Smart Logon Lenovo: Veriface Toshiba: Face Recognition 7

  8. Face Recognition Authentication • Drawbacks: Let’s see 8

  9. Contents 1. Face recognition authentication and drawbacks 2. Test on Asus laptop 3. Why ? 4. Do the manufacturers know about it ? 5. Test on Lenovo and Toshiba laptops 6. Research results 7. Attack Scenarios 8. Live demonstration 9. Recommendation for manufacturers 10. Questions and Answers 9

  10. Laptop: F6S Series , X80 Series Software: ASUS SmartLogin ver 1.0.0005 ASUS Link to the software 10

  11. Contents 1. Face recognition authentication and drawbacks 2. Test on Asus laptop 3. Why ? 4. Do the manufacturers know about it ? 5. Test on Lenovo and Toshiba laptops 6. Research results 7. Attack Scenarios 8. Live demonstration 9. Recommendation for manufacturers 10. Questions and Answers 11

  12. Why ? • The answer is that during the research on the algorithm on face recognition technology applied for laptops, we found that the algorithm has some weaknesses. • Based on that, a bad guy can create a fake face recognition. That can start from some simple pictures of the real owner, and combining with the manufacturer’s algorithm, they can create the fake face recognition, as you have just seen. 12

  13. Why ? Face Recognition drawbacks 1. Influences of changes in lighting • The basic algorithms have not worked well when there are changes in lighting. • In the latest performance measurement report of face recognition algorithms, the result was good only when the lighting did not change. • Will further modifications of the technology proposed by the three manufacturers solve this lighting problem? 13

  14. Why ? Face Recognition drawbacks 2. Influences of image capturing devices • Built-in cameras manufactured by those three companies have low resolution (0.3 Megapixel, 1.3 Megapixel and highest being 2.0 Megapixel). • Might low resolution images become flaws that can be taken advantage of? • It’s not the main reason of the vulnerability but it could make the algorithms easier to be broken. 14

  15. Why ? Face Recognition drawbacks 3. Influences of Image Processing • All of the algorithms use digitalized images, which go through image processing. • This is the weakest security flaw in face recognition systems. 15

  16. Why ? Face Authentication System Face Recognition Bypass Model How to have special images ? We will discuss more details later 16

  17. Contents 1. Face recognition authentication and drawbacks 2. Test on Asus laptop 3. Why ? 4. Do the manufacturers know about it ? 5. Test on Lenovo and Toshiba laptops 6. Research results 7. Attack Scenarios 8. Live demonstration 9. Recommendation for manufacturers 10. Questions and Answers 17

  18. Do the manufacturers know about it ? • When the manufacturers introduced this feature into these all laptops, did they recognize its weaknesses ? • And to find out the answer, let me invite you to see another video clip. • Watch the Video 18

  19. Do the manufacturers know about it ? • Yes • The manufacturers have already paid attention to this issue. • However, the algorithm has a fundamental flaw. • Even though they have applied more technical modifications to reduce the weakness, they have not been able to solve it completely. • It is not secure enough to serve as a security feature as advertised by manufacturers. 19

  20. Contents 1. Face recognition authentication and drawbacks 2. Test on Asus laptop 3. Why ? 4. Do the manufacturers know about it ? 5. Test on Lenovo and Toshiba laptops 6. Research results 7. Attack Scenarios 8. Live demonstration 9. Recommendation for manufacturers 10. Questions and Answers 20

  21. Laptop: L310 , M300 Software: Toshiba Face Recognition ver 2.0.2.32 TOSHIBA 21

  22. Laptop: Lenovo Y410 , Y430 Software: Lenovo Veriface III Lenovo 22

  23. Contents 1. Face recognition authentication and drawbacks 2. Test on Asus laptop 3. Why ? 4. Do the manufacturers know about it ? 5. Test on Lenovo and Toshiba laptops 6. Research results 7. Attack Scenarios 8. Live demonstration 9. Recommendation for manufacturers 10. Questions and Answers 23

  24. Research results The Rate of Bypass Face Recognition Authentication Mechanism Lenovo Asus Toshiba Gray Color Gray Color Gray Color Image Image Image Image Image Image BruteForce High High - High - High No BruteForce High High - Medium - Low • Gray image • Color image • Brute Force • No Brute Force 24

  25. Contents 1. Face recognition authentication and drawbacks 2. Test on Asus laptop 3. Why ? 4. Do the manufacturers know about it ? 5. Test on Lenovo and Toshiba laptops 6. Research results 7. Attack Scenarios 8. Live demonstration 9. Recommendation for manufacturers 10. Questions and Answers 25

  26. Attack Scenarios 1. Obtain images of owner’s face. 2. Regenerate the fake face recognition suite  Special images. 3. Bypass the face authentication using these images 26

  27. Attack Scenarios Video chat: MSN, Yahoo Messenger, AOL, Skype… Internet : Flickr, Yahoo Blog, Facebook … Tele cameras: capturing from the far distance Invite owner to take a photograph with him/her … 27

  28. Attack Scenarios 28

  29. Attack Scenarios • This attack method is more difficult to notice: There is no change in your systems, and you still believe that your laptop is being protected, without knowing that somebody has logged on to your laptop with your photo. • Different from someone resetting your password or connecting your laptop’s hard drive to his computer. 29

  30. Contents 1. Face recognition authentication and drawbacks 2. Test on Asus laptop 3. Why ? 4. Do the manufacturers know about it ? 5. Test on Lenovo and Toshiba laptops 6. Research results 7. Attack Scenarios 8. Live demonstration 9. Recommendation for manufacturers 10. Questions and Answers 30

  31. Live demonstration • Method of testing • Lenovo Y430 31

  32. Live demonstration • While we are waiting for the result of creating the fake face recognition picture, we shall watch another short video. • Watch the Video 32

  33. Contents 1. Face recognition authentication and drawbacks 2. Test on Asus laptop 3. Why ? 4. Do the manufacturers know about it ? 5. Test on Lenovo and Toshiba laptops 6. Research results 7. Attack Scenarios 8. Live demonstration 9. Recommendation for manufacturers 10. Questions and Answers 33

  34. Recommendation for manufacturers • When we found out about the vulnerability, we sent warnings to manufacturers: Asus, Lenovo, and Toshiba. • However, they have not given any official response yet. • This is an irresponsible act of these three manufacturers toward their customers. 34

  35. Recommendation for manufacturers • Our research results show that the face recognition technology being used by Asus, Lenovo and Toshiba is not secure enough to protect users. • We assert that, there is no way to fix this vulnerability. 35

  36. Recommendation for manufacturers • Below are our recommendations to the manufacturers Asus, Lenovo, Toshiba: 1. Stop developing this technology and remove it from all the models of their laptops. 2. Give an official advisory to global users: Stop using this function. 36

  37. Contents 1. Face recognition authentication and drawbacks 2. Test on Asus laptop 3. Why ? 4. Do the manufacturers know about it ? 5. Test on Lenovo and Toshiba laptops 6. Live demonstration 7. Research results 8. Attack Scenarios 9. Recommendation for manufacturers 10. Questions and Answers 37

  38. Questions and Answers 38

  39. Contact Information • Mr. Duc Nguyen • Manager of Application Security Department • Email: DucNM@bkav.com.vn • Bkis, Vietnam • www.bkis.vn, www.bkav.com.vn 39

  40. Thank you for listening ! 40

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Face detection, local features face alignment, and Face detection

Face detection, local features face alignment, and Face detection

12/6/2013 Lecture overview Brief introduction to Face detection, local features face alignment, and Face detection http://www.ima.umn.edu/2008-2009/MM8.5-14.09/activities/Wohlberg-Brendt/sift.png face image parsing

238 views • 11 slides
Face Cover Face Coverings In School Guidelines Face Coverings Face Coverings and PPE Cloth

Face Cover Face Coverings In School Guidelines Face Coverings Face Coverings and PPE Cloth

Face Cover Face Coverings In School Guidelines Face Coverings Face Coverings and PPE Cloth face coverings protect others if the wearer is infected with SARS CoV-2 and is not aware. Cloth masks may offer some level of protection for the

197 views • 5 slides
Team Password Manager Password Management Software for Groups http://teampasswordmanager.com

Team Password Manager Password Management Software for Groups http://teampasswordmanager.com

Team Password Manager Password Management Software for Groups http://teampasswordmanager.com What is Team Password Manager - Password manager for groups and projects - Uses projects to group passwords - Secure, fine grained password sharing -

712 views • 9 slides
Cisco Passwords - Enforcing Minimum Password Length Common Types of Password Attacks Brute-Force

Cisco Passwords - Enforcing Minimum Password Length Common Types of Password Attacks Brute-Force

Cisco Passwords - Enforcing Minimum Password Length Common Types of Password Attacks Brute-Force Attack - tries every possible character combination as a password. To recover a single-letter password would require up to 26 combinations. A

415 views • 8 slides
Face Recogni+on CSE 576 Face recogni+on: once youve

Face Recogni+on CSE 576 Face recogni+on: once youve

Face Recogni+on CSE 576 Face recogni+on: once youve detected and cropped a face, try to recognize it Detection Recognition Sally Face recogni+on:

648 views • 29 slides
To provide you with a comprehensive overview on conducting effective face-to face contacts

To provide you with a comprehensive overview on conducting effective face-to face contacts

To provide you with a comprehensive overview on conducting effective face-to face contacts with RSOs, to include: How to prepare for face-to-face verification checks; What to look for while conducting the face-to-face contacts;

549 views • 34 slides
Understand Face with GPU and beyond Shuchang ZHOU zsc@megvii.com Jan. 27, 2015 Face Average

Understand Face with GPU and beyond Shuchang ZHOU zsc@megvii.com Jan. 27, 2015 Face Average

Understand Face with GPU and beyond Shuchang ZHOU zsc@megvii.com Jan. 27, 2015 Face Average of 4839 aligned faces Brain Courtesy of Geoffrey Hinton http://www.zonaeuropa.com/ Face Detection http://en.wikipedia.org/wiki/Pareidolia Face

439 views • 28 slides
Is Password InSecurity Inevitable? Cryptographic Enhancements to Password Protocols Hugo

Is Password InSecurity Inevitable? Cryptographic Enhancements to Password Protocols Hugo

Is Password InSecurity Inevitable? Cryptographic Enhancements to Password Protocols Hugo Krawczyk (IBM Research) Works with Stanislaw Jarecki, Jiayu Xu (UC Irvine) Aggelos Kiayas (U Edinburgh) Nitesh Saxena, Maliheh Shirvanian (UA Birmingham)

750 views • 32 slides
Password, Authentication, Password Managers Week 4 Frank Chen | Spring 2017 Frank Chen | Spring

Password, Authentication, Password Managers Week 4 Frank Chen | Spring 2017 Frank Chen | Spring

LastPass, a Password Manager Application CS 88S Password, Authentication, Password Managers Week 4 Frank Chen | Spring 2017 Frank Chen | Spring 2017 Agenda Review last weeks material Some Definitions Password in the Cloud

584 views • 47 slides
LastPass An Introduction to Password Managers Why do I need a Password manager? Email is your

LastPass An Introduction to Password Managers Why do I need a Password manager? Email is your

LastPass An Introduction to Password Managers Why do I need a Password manager? Email is your Master Key When you forget a password, they send a reset link to your email. Anyone with access to your email has the power to reset your other

549 views • 31 slides
Multibiometrics for Face Recognition 3D Face Project End User Meeting 2007-03-22 /

Multibiometrics for Face Recognition 3D Face Project End User Meeting 2007-03-22 /

Multibiometrics for Face Recognition 3D Face Project End User Meeting 2007-03-22 / Darmstadt Volker Kempert (Cognitec Systems GmbH) Agenda Multibiometrics in general Multibiometrics related to the face Biometric Face

499 views • 16 slides
Proactive Password Checking Analyze proposed password for goodness Always invoked

Proactive Password Checking Analyze proposed password for goodness Always invoked

Proactive Password Checking Analyze proposed password for goodness Always invoked Can detect, reject bad passwords for an appropriate definition of bad Discriminate on per-user, per-site basis Needs to do

363 views • 21 slides
Day 3 If you are still using the default password that was assigned when your account was

Day 3 If you are still using the default password that was assigned when your account was

Day 3 If you are still using the default password that was assigned when your account was created, CHANGE IT NOW! (It can be the same as your email password.) Day 3 Steps in compiling: (Optional preprocessing) Lexical analysis

483 views • 17 slides
Measuring password strength by simulating password-cracking algorithms Saranga Komanduri Patrick

Measuring password strength by simulating password-cracking algorithms Saranga Komanduri Patrick

Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms Saranga Komanduri Patrick Gage Kelley, Michelle L. Mazurek, Richard Shay, Tim Vidas, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor,

1.88k views • 85 slides
Open source password manager for teams 80% of security incidents are due to poor password

Open source password manager for teams 80% of security incidents are due to poor password

Open source password manager for teams 80% of security incidents are due to poor password management policies. ~ Trustwave Each year, over 125 millions hours of productivity are lost due to passwords management problematics. ~

950 views • 25 slides
MEDICAL FACE MASK BFE 95% AT 3 MICRONS | PFE 95% AT 0.1 MICRONS Our standard 3-ply face

MEDICAL FACE MASK BFE 95% AT 3 MICRONS | PFE 95% AT 0.1 MICRONS Our standard 3-ply face

MEDICAL FACE MASK BFE 95% AT 3 MICRONS | PFE 95% AT 0.1 MICRONS Our standard 3-ply face masks provide basic Product Type : 3-Ply Disposable Medical Face Mask (Non-Sterile) protection for medical staff. They are suitable Quality

238 views • 3 slides
Private Digital Identity on Blockchain Tom Hamer, Kerry Taylor, Kee Siong Ng, Alwen Tiu The

Private Digital Identity on Blockchain Tom Hamer, Kerry Taylor, Kee Siong Ng, Alwen Tiu The

Private Digital Identity on Blockchain Tom Hamer, Kerry Taylor, Kee Siong Ng, Alwen Tiu The Global Identity Crisis In order to access critical services such as finance and social security, people need to have an identity 1.5 billion

857 views • 24 slides
How to Privately Find Double Acquisitions in Biometric Databases Orr Dunkelman Department of

How to Privately Find Double Acquisitions in Biometric Databases Orr Dunkelman Department of

Introduction New Non-Crypto Solution Conclusion How to Privately Find Double Acquisitions in Biometric Databases Orr Dunkelman Department of Computer Science, University of Haifa January 15th, 2015 Joint works with Melissa Chase and

409 views • 40 slides
Efficient Privacy-Preserving Biometric Identification Yan Huang Lior Malka David Evans Jonathan

Efficient Privacy-Preserving Biometric Identification Yan Huang Lior Malka David Evans Jonathan

Efficient Privacy-Preserving Biometric Identification Yan Huang Lior Malka David Evans Jonathan Katz http://www.mightbeevil.org/secure-biometrics/ Feb 9, 2011 Motivating Scenario: Private No-Fly Checking Threat Models Semi-honest adversary

1.4k views • 40 slides
Unique Identification Number Project: Unique Identification Number Project: Challenges and

Unique Identification Number Project: Unique Identification Number Project: Challenges and

Unique Identification Number Project: Unique Identification Number Project: Challenges and Recommendations Challenges and Recommendations Challenges and Recommendations Challenges and Recommendations Authors: Haricharan Rengamani*,

357 views • 21 slides
AN OVERVIEW OF THE BRAZILIAN ACADEMIC SECURITY LANDSCAPE 2 AN OVERVIEW OF THE BRAZILIAN ACADEMIC

AN OVERVIEW OF THE BRAZILIAN ACADEMIC SECURITY LANDSCAPE 2 AN OVERVIEW OF THE BRAZILIAN ACADEMIC

MARINHO.BARCELLOS@UFRGS.BR AN OVERVIEW OF THE BRAZILIAN ACADEMIC SECURITY LANDSCAPE 2 AN OVERVIEW OF THE BRAZILIAN ACADEMIC SECURITY LANDSCAPE OVERVIEW CESeg SIG SBSeg symposium Cyber security document issued by CESeg 3 AN

542 views • 21 slides
OpenBR Open Source Biometric Recognition and Beyond Josh Klontz www.openbiometrics.org

OpenBR Open Source Biometric Recognition and Beyond Josh Klontz www.openbiometrics.org

OpenBR Open Source Biometric Recognition and Beyond Josh Klontz www.openbiometrics.org February 17, 2013 J. Klontz OpenBR February 17, 2013 1 / 18 Why Open Source? J. Klontz OpenBR February 17, 2013 2 / 18 Why Open Source?

635 views • 51 slides
Biometric Authentication Revisited: Understanding the Impact of Wolves in Sheeps clothing in

Biometric Authentication Revisited: Understanding the Impact of Wolves in Sheeps clothing in

Biometric Authentication Revisited: Understanding the Impact of Wolves in Sheeps clothing in Sheeps clothing Lucas Ballard, Fabian Monrose, Daniel Lopresti Presented by : Anuj Sawani 1 Biometrics What is it? identifying, or

884 views • 15 slides
Metadata Filtering for User-friendly Central Biometric Authentication CHRISTIAN GEHRMANN, MARCUS

Metadata Filtering for User-friendly Central Biometric Authentication CHRISTIAN GEHRMANN, MARCUS

Metadata Filtering for User-friendly Central Biometric Authentication CHRISTIAN GEHRMANN, MARCUS RODAN AND NIKLAS JNSSON This presentation contains material from the following publication (to appear): C. Gehrmann, M. Rodan and N. Jnsson,

381 views • 22 slides

More recommend