SlideShare une entreprise Scribd logo

Defending Biometric Security

Ned Hayes
Ned Hayes

Biometric exploits are here. Basic overview of attack vectors and how to confront these attacks and harden your biometric-secured systems.

Technologie
1  sur  39
Télécharger pour lire hors ligne
Defending Biometric Security Identity Locker Ned Hayes, Founder @nedworking / ned@identity-locker.com ™
Biometric Exploits are Here
Biometric Exploits are Here • Biometric exploits are here now, and they can be pervasive
Biometric Exploits are Here • Biometric exploits are here now, and they can be pervasive The Threats to Biometric Security
Identity Locker Biometric Exploits
Biometric Exploits • Fingerprints • Facial Recognition • Iris Scans
Fingerprints on Device Just asking to be broken: • Insecure storage on device Insecure storage in cloud • On-device enclave easily hacked / not encrypted
Basic Exploit that actually works (on some Android phones) • Asdf • Etched PCB & Alumninum Foil (Starbug) • asdf
How to Hack Fingerprints • Asdf • Etched PCB & Alumninum Foil (Starbug) • asdf
Update on Fingerprints The Big Exploit (2018) • Deep Master Print – Philip Bontrager & Academic Team at NYU • A machine learning driven exploit that analyzed a number of fingerprints in order to build a 3D model fingerprint that matches a large portion of fingers used on for secure login on devices today.
Facial Recognition Exploits • Facial scans work by matching characteristics of a face to a template enrolled in a DB. Basic “blocks” on face recognizers are known: • Adding obfuscation and visual confusion • Even wearing a hat and sunglasses can muck up a facial scan • Downside of most facial “obfuscation” hacks is that it can be recognized by other human beings More advanced exploits to fake the results: • Machine learning derived fake faces • AI-driven creation of face from multiple angles • 3D printing of 3D faces, with fake liveliness (hard to do, but academics have proven it’s doable)
How to Stop a Facial Scan: Obfuscation
Evolution of Facial Recog Exploits * * Original work by Yi Xu, True Price, Jan-Michael Frahm, and Fabian Monrose Department of Computer Science, University of North Carolina at Chapel Hill USENIX Security
Evolution of Facial Recog Exploits * * Original work by Yi Xu, True Price, Jan-Michael Frahm, and Fabian Monrose Department of Computer Science, University of North Carolina at Chapel Hill USENIX Security
Evolution of Facial Recog Exploits * * Original work by Yi Xu, True Price, Jan-Michael Frahm, and Fabian Monrose Department of Computer Science, University of North Carolina at Chapel Hill USENIX Security
How to Fake a Facial Scan: 3D Heads • Reproduction of Facial Recog Areas only (higher fidelity)_
Iris Scan Exploits • Iris scans appear to be highly secure, because it is scanning a unique body part under high resolution. However, it can be hacked: • Contact Lens can fake an iris • Upload of a infrared scan of a person’s face (no access to reference data, instead, just an infrared scan of a eye at high rez) • Requires technical expertise • Newer hacks require a scan of the iris – hack of reference data
Iris Scan Exploits • Examples: Eye spy By Chaim Gartenberg @cgartenberg May 23, 2017, 10:37am EDT TECH SAMSUNG CYBERSECURITY Hacker beats Galaxy S8 iris scanner using an IR image and a contact lens 11 Based on name alone, the futuristic iris-scanning feature on the Galaxy S8 sounds like it would be the most secure way to lock your phone. Hacker Jan Krissler, who goes by the name Starbug, shows in a recent video that, despite the impressive technology in unlocking your phone with your eyes, the security system can be beaten with a relatively low-tech hack. As the video shows, Starbug is able to take a infrared picture of a person’s face using the night mode setting on a regular point and shoot camera. Print it out on an ordinary laser printer and it fools the camera by placing a contact lens over the image to give it the appearance of an actual human eye. While it certainly is a little more effort than, say, (https://1.bp.blogspot.com/-rSiTjwXZmT4/VPmbURLovxI/AAAAAAAAiH0/jB3L24BeGO0/s728- e100/iris-biometric-security-system.jpg) Hacker Finds a Simple Way to Fool IRIS Biometric Security Systems March 06, 2015 Swati Khandelwal Biometric security systems that involve person's unique identi cation (ID), such as Retinal, IRIS, Fingerprint or DNA, are still evolving to change our lives for the better even though the biometric scanning technology still has many concerns such as information privacy, and physical privacy. In past years, Fingerprint security system (https://thehackernews.com/2013/09/ nally- iphones- ngerprint-scanner.html) , which is widely used in different applications such as smartphones and judicial systems to record users' information and verify person's identity, were bypassed several times by various security researches, and now, IRIS scanner claimed to be defeated.
Veins / Palm Exploits • Vein / Palm scans were thought to be highly secure alternative to fingerprints • Turns out that these can be hacked as well (with reference data)
Veins/ Palms Exploits
Identity Locker Attack Vectors for Biometrics
Biometric Identity Processing System • Input Data (1) • Input Data (1a) • Reference Data (1b) • Sensor (2) • Software (3) • Matcher • Threshold Sensor Software Preprocessing Matching Database (2) (3) (1b)(1a) Input Data (1a) Structure of this system originally outlined in this format by Starbug, 2014
3 Types of Attacks Sensor Software Preprocessing Matching Database (2) (3) (1b)(1a) Input Data (1a)• Attack the Input Data (1) • Input Data (1a) • Reference Data (1b) • Attack using the Sensor (2) • Attack the Software (3) • Matcher • Threshold Sensor Software Preprocessing Matching Database
1. Attack Via Input Data • Attack the Input Data (1) • Input Data (1a) • Most Common Attack Vector: Easiest and most accessible vulnerability • Reference Data (1b) • No Attacks recently directly along this vector • But high-fidelity hacks require access to cracked original Reference data Sensor Database (1b )(1a) Software Input Data Reference Data (1a)
2. Attack Via Sensor • Attack the Input Data (1) • Input Data (1a) • Reference Data (1b) • Attack using the Sensor (2) Sensor Software Preprocessing Database (2) (1b)(1a) Input Data (1a)
2. Attack Via Software • Attack the Input Data (1) • Input Data (1a) • Reference Data (1b) • Attack using the Sensor (2) • Attack the Software (3) • Matcher • Threshold Sensor Software Preprocessing Matching Database (2) (3) (1b)(1a) Input Data (1a)
Identity Locker Defending Against Biometric Hacks
Multi-factor authentication • NIRVANA: Multiple biometrics + Identity Face match / PIV-I card check validation by an in-person check with actual human (military grade) • BETTER FOR BUSINESS: Multi-factor authentication which includes but does not privilege biometrics – treats data knowledge as equivalent • Multiple biometrics + PIN/Login / Passcode • PRETTY GOOD SECURITY: Multi-factor biometric security which occurs simultaneously (pretty hard to hack all in sync) • Fingerprints + Facial Recognition + Iris + Audio Recognition • Note: Requires enrollment/login stations capable of handling multiple biometrics BEST BETTER GOOD
High fidelity / Multi-finger enrollment • Most fingerprint systems (on device) only collect and store a few millimeters of a fingertip. • This small sample set is relatively easy to replicate and use in a hack. • To prevent this hack, use a higher fidelity enrollment system that enrolls more area of the finger and more fingers on each hand. VS. Collect much more data, match on many more points
Facial Recognition • Facial recognition systems also operate off a limited template • Adding complexity to the input is useful - ensure you are capturing not only the front face, but also the side, the back, as much movement as possible • Add Liveliness detection + multi-angles • Collect much more data, match on many more points VS.
Software How to Prevent 3 Types of Attacks • Complicate/Harden the Input Data (1) • Provide Observation of Sensor (2) • Harden the Software (3) Preprocessing Matching Database (2) (1b)(1a) Input Data (1a) (3) Sensor
1. Harden/Complicate Input Data • Complicate/Harden the Input Data (1) • Input Data (1a) Database (1a) Input Data (1a) Sensor Software
1. Harden/Complicate Input Data • Complicate/Harden the Input Data (1) • Input Data (1a) • Add multiple biometrics that login simultaneously (not sequentially) • Require higher fidelity enrollment and more data from each biometric • Add more minutiae as input data Database (1b)(1a) Input Data (1a) Input Data + Sensor Software
2. Add Observation of Sensor Database (2) (1b)(1a) Input Data (1a)• Complicate/Harden the Input Data (1) • Provide Observation of Sensor (2) • IDEAL – IN PERSON: Have an actual person observe both enrollments and login (this can be done remotely & off-shore) • RANDOM SCREENS: Randomly audit logins with human observation • AI OBSERVATION: Add layer of observational video and AI to check humans at the enrollment station and actions at station. Check multiple signifiers of actual human activity (voice, movement, approach to station, etc.) Sensor Software
2. Add Observation of Sensor • Complicate/Harden the Input Data (1) • Provide Observation of Sensor (2) • IDEAL – IN PERSON: Have an actual person observe both enrollments and login (this can be done remotely & off-shore) • RANDOM SCREENS: Randomly audit logins with human observation • AI OBSERVATION: Add layer of observational video and AI to check humans at the enrollment station and actions at station. Check multiple signifiers of actual human activity (voice, movement, approach to station, etc.) Sensor Database (2) (1b)(1a) Input Data (1a) Software
Software 3. Harden the Software Sensor Preprocessing Matching Database (2) (3) (1b)(1a) Input Data (1a) • Complicate/Harden the Input Data (1) • Communication Data (1a) • Reference Data (1b) • Provide Observation of Sensor (2) • Harden the Software (3) • THRESHOLD: ideal to raise threshold to accommodate high fidelity logins (adds enrollment and login time obviating some reasons to use biometrics in the first place) • PROCESSING: use hardened pre-processing with templates that provide encrypted matching algorithms / store templates securely • MULTI-FACTOR MATCHING: Match against multiple biometrics simultaneously, not just one input at a time.
Software 3. Harden the Software • Complicate/Harden the Input Data (1) • Communication Data (1a) • Reference Data (1b) • Provide Observation of Sensor (2) • Harden the Software (3) • THRESHOLD: ideal to raise threshold to accommodate high fidelity logins (adds enrollment and login time obviating some reasons to use biometrics in the first place) • PROCESSING: use hardened pre-processing with templates that provide encrypted matching algorithms / store templates securely • MULTI-FACTOR MATCHING: Match against multiple biometrics simultaneously, not just one input at a time. Sensor Preprocessing Database (2) (1b)(1a) Input Data (1a) MatchingMatchingMatchingMatching (3)
Software A Hardened Biometrics System More complicated, but much more secure • Complicate/Harden the Input Data (1) • Includes multiple bio inputs • Enroll at higher fidelity / more minutiae • Provide Observation of Sensor (2) • Includes observational data (actual human ideal) • Harden the Software (3) • Higher threshold for enrollment/login • Includes encrypted template DB • Includes multi-factor matching Sensor Preprocessing Matching Database (2) (1b) (1a) Input Data (1a) (3) MatchingMatchingMatching
Defending Biometric Security Identity Locker Ned Hayes, Founder @nedworking / ned@identity-locker.com ™

Recommandé

Biometric security
Biometric securityBiometric security
Biometric securityTanner Stuewe
 
Biometric
Biometric Biometric
Biometric Vinay Gupta
 
Biometric security using cryptography
Biometric security using cryptographyBiometric security using cryptography
Biometric security using cryptographySampat Patnaik
 
Biometric Security advantages and disadvantages
Biometric Security advantages and disadvantagesBiometric Security advantages and disadvantages
Biometric Security advantages and disadvantagesPrabh Jeet
 
Biometric security tech
Biometric security techBiometric security tech
Biometric security techmmubashirkhan
 
Biometrics security
Biometrics securityBiometrics security
Biometrics securityVuda Sreenivasarao
 
Biometrics
BiometricsBiometrics
BiometricsAlan Leewllyn Bivera
 
Ubiquitous security- is it just biometrics?
Ubiquitous security- is it just biometrics?Ubiquitous security- is it just biometrics?
Ubiquitous security- is it just biometrics?Siddharth Kishan
 

Recommandé

Biometric security
Biometric securityBiometric security
Biometric securityTanner Stuewe
 
Biometric
Biometric Biometric
Biometric Vinay Gupta
 
Biometric security using cryptography
Biometric security using cryptographyBiometric security using cryptography
Biometric security using cryptographySampat Patnaik
 
Biometric Security advantages and disadvantages
Biometric Security advantages and disadvantagesBiometric Security advantages and disadvantages
Biometric Security advantages and disadvantagesPrabh Jeet
 
Biometric security tech
Biometric security techBiometric security tech
Biometric security techmmubashirkhan
 
Biometrics security
Biometrics securityBiometrics security
Biometrics securityVuda Sreenivasarao
 
Biometrics
BiometricsBiometrics
BiometricsAlan Leewllyn Bivera
 
Ubiquitous security- is it just biometrics?
Ubiquitous security- is it just biometrics?Ubiquitous security- is it just biometrics?
Ubiquitous security- is it just biometrics?Siddharth Kishan
 
Biometric Security Mobile
Biometric Security MobileBiometric Security Mobile
Biometric Security MobileJerry Ruggieri
 
Biometricstechnology in iot and machine learning
Biometricstechnology in iot and machine learningBiometricstechnology in iot and machine learning
Biometricstechnology in iot and machine learningAnkit Gupta
 
Biometrics Technology In the 21st Century
Biometrics Technology In the 21st CenturyBiometrics Technology In the 21st Century
Biometrics Technology In the 21st CenturyStar Link Communication Pvt Ltd
 
Biometrics ppt
Biometrics pptBiometrics ppt
Biometrics pptRaga Deepthi
 
Case study on Usage of Biometrics (Cryptography)
Case study on Usage of Biometrics (Cryptography)Case study on Usage of Biometrics (Cryptography)
Case study on Usage of Biometrics (Cryptography)Bhargav Amin
 
Biometric Authentication Technology - Report
Biometric Authentication Technology - ReportBiometric Authentication Technology - Report
Biometric Authentication Technology - ReportNavin Kumar
 
Biometrics
BiometricsBiometrics
Biometricsmeeravali shaik
 
Biometric Security Systems ppt
Biometric Security Systems pptBiometric Security Systems ppt
Biometric Security Systems pptOECLIB Odisha Electronics Control Library
 
Biometrics Pros & cons
Biometrics Pros & consBiometrics Pros & cons
Biometrics Pros & consGagan Gowda
 
Biometrics techniques
Biometrics techniquesBiometrics techniques
Biometrics techniquesjackofhearty1
 
Using (Bio)Metrics To Predict Code Quality Online
Using (Bio)Metrics To Predict Code Quality OnlineUsing (Bio)Metrics To Predict Code Quality Online
Using (Bio)Metrics To Predict Code Quality Onlines-mueller
 
Biometric Systems
Biometric SystemsBiometric Systems
Biometric SystemsSn Moddho
 
Biometric authentication
Biometric authenticationBiometric authentication
Biometric authenticationAbduhalim Beknazarov
 
Biometrics technology
Biometrics technology Biometrics technology
Biometrics technology Niharika Gupta
 
Biometrics
BiometricsBiometrics
BiometricsShubham Singh
 
Biometric Authentication PPT
Biometric Authentication PPTBiometric Authentication PPT
Biometric Authentication PPTOECLIB Odisha Electronics Control Library
 
Biometrics
BiometricsBiometrics
BiometricsPriyanka Sharma
 
Biometric
Biometric Biometric
Biometric Pratish Sardar
 
Biometric authentication ppt by navin 6 feb
Biometric authentication ppt by navin 6 febBiometric authentication ppt by navin 6 feb
Biometric authentication ppt by navin 6 febNavin Kumar
 
Biometric security system
Biometric security systemBiometric security system
Biometric security systemMithun Paul
 
Biometrics/fingerprint sensors
Biometrics/fingerprint sensorsBiometrics/fingerprint sensors
Biometrics/fingerprint sensorsJeffrey Funk
 
Best Practices in IBM i Security
Best Practices in IBM i SecurityBest Practices in IBM i Security
Best Practices in IBM i SecurityPrecisely
 

Contenu connexe

Tendances

Biometric Security Mobile
Biometric Security MobileBiometric Security Mobile
Biometric Security MobileJerry Ruggieri
 
Biometricstechnology in iot and machine learning
Biometricstechnology in iot and machine learningBiometricstechnology in iot and machine learning
Biometricstechnology in iot and machine learningAnkit Gupta
 
Case study on Usage of Biometrics (Cryptography)
Case study on Usage of Biometrics (Cryptography)Case study on Usage of Biometrics (Cryptography)
Case study on Usage of Biometrics (Cryptography)Bhargav Amin
 
Biometric Authentication Technology - Report
Biometric Authentication Technology - ReportBiometric Authentication Technology - Report
Biometric Authentication Technology - ReportNavin Kumar
 
Biometrics Pros & cons
Biometrics Pros & consBiometrics Pros & cons
Biometrics Pros & consGagan Gowda
 
Biometrics techniques
Biometrics techniquesBiometrics techniques
Biometrics techniquesjackofhearty1
 
Using (Bio)Metrics To Predict Code Quality Online
Using (Bio)Metrics To Predict Code Quality OnlineUsing (Bio)Metrics To Predict Code Quality Online
Using (Bio)Metrics To Predict Code Quality Onlines-mueller
 
Biometric Systems
Biometric SystemsBiometric Systems
Biometric SystemsSn Moddho
 
Biometrics technology
Biometrics technology Biometrics technology
Biometrics technology Niharika Gupta
 
Biometric authentication ppt by navin 6 feb
Biometric authentication ppt by navin 6 febBiometric authentication ppt by navin 6 feb
Biometric authentication ppt by navin 6 febNavin Kumar
 
Biometric security system
Biometric security systemBiometric security system
Biometric security systemMithun Paul
 

Tendances (20)

Biometric Security Mobile
Biometric Security MobileBiometric Security Mobile
Biometric Security Mobile
 
Biometricstechnology in iot and machine learning
Biometricstechnology in iot and machine learningBiometricstechnology in iot and machine learning
Biometricstechnology in iot and machine learning
 
Biometrics Technology In the 21st Century
Biometrics Technology In the 21st CenturyBiometrics Technology In the 21st Century
Biometrics Technology In the 21st Century
 
Biometrics ppt
Biometrics pptBiometrics ppt
Biometrics ppt
 
Case study on Usage of Biometrics (Cryptography)
Case study on Usage of Biometrics (Cryptography)Case study on Usage of Biometrics (Cryptography)
Case study on Usage of Biometrics (Cryptography)
 
Biometric Authentication Technology - Report
Biometric Authentication Technology - ReportBiometric Authentication Technology - Report
Biometric Authentication Technology - Report
 
Biometrics
BiometricsBiometrics
Biometrics
 
Biometric Security Systems ppt
Biometric Security Systems pptBiometric Security Systems ppt
Biometric Security Systems ppt
 
Biometrics Pros & cons
Biometrics Pros & consBiometrics Pros & cons
Biometrics Pros & cons
 
Biometrics techniques
Biometrics techniquesBiometrics techniques
Biometrics techniques
 
Using (Bio)Metrics To Predict Code Quality Online
Using (Bio)Metrics To Predict Code Quality OnlineUsing (Bio)Metrics To Predict Code Quality Online
Using (Bio)Metrics To Predict Code Quality Online
 
Biometric Systems
Biometric SystemsBiometric Systems
Biometric Systems
 
Biometric authentication
Biometric authenticationBiometric authentication
Biometric authentication
 
Biometrics technology
Biometrics technology Biometrics technology
Biometrics technology
 
Biometrics
BiometricsBiometrics
Biometrics
 
Biometric Authentication PPT
Biometric Authentication PPTBiometric Authentication PPT
Biometric Authentication PPT
 
Biometrics
BiometricsBiometrics
Biometrics
 
Biometric
Biometric Biometric
Biometric
 
Biometric authentication ppt by navin 6 feb
Biometric authentication ppt by navin 6 febBiometric authentication ppt by navin 6 feb
Biometric authentication ppt by navin 6 feb
 
Biometric security system
Biometric security systemBiometric security system
Biometric security system
 

Similaire à Defending Biometric Security

Biometrics/fingerprint sensors
Biometrics/fingerprint sensorsBiometrics/fingerprint sensors
Biometrics/fingerprint sensorsJeffrey Funk
 
Best Practices in IBM i Security
Best Practices in IBM i SecurityBest Practices in IBM i Security
Best Practices in IBM i SecurityPrecisely
 
Cyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxCyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxRoshni814224
 
Offensive malware usage and defense
Offensive malware usage and defenseOffensive malware usage and defense
Offensive malware usage and defenseChristiaan Beek
 
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10thCYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10thUnited Technology Group (UTG)
 
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...APNIC
 
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)HITCON GIRLS
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsZivaro Inc
 
Hack one iot device, break them all!
Hack one iot device, break them all!Hack one iot device, break them all!
Hack one iot device, break them all!Justin Black
 
Cyber security with ai
Cyber security with aiCyber security with ai
Cyber security with aiBurhan Ahmed
 
Marcos de Pedro Neoris authenware_cybersecurity step1
Marcos de Pedro Neoris authenware_cybersecurity step1Marcos de Pedro Neoris authenware_cybersecurity step1
Marcos de Pedro Neoris authenware_cybersecurity step1Marcos De Pedro
 
Using Big Data to Counteract Advanced Threats
Using Big Data to Counteract Advanced ThreatsUsing Big Data to Counteract Advanced Threats
Using Big Data to Counteract Advanced ThreatsZivaro Inc
 
It's about biometric system L10A_Savvides_Biometrics.pdf
It's about biometric system L10A_Savvides_Biometrics.pdfIt's about biometric system L10A_Savvides_Biometrics.pdf
It's about biometric system L10A_Savvides_Biometrics.pdfpreethi3173
 
Disrupt Hackers With Robust User Authentication
Disrupt Hackers With Robust User AuthenticationDisrupt Hackers With Robust User Authentication
Disrupt Hackers With Robust User AuthenticationIntel IT Center
 
Fully Integrated Defense Operation
Fully Integrated Defense OperationFully Integrated Defense Operation
Fully Integrated Defense OperationRob Fry
 
Discover advanced threats with threat intelligence - Jeremy Li
Discover advanced threats with threat intelligence - Jeremy LiDiscover advanced threats with threat intelligence - Jeremy Li
Discover advanced threats with threat intelligence - Jeremy LiJeremy Li
 
Stopping zero day threats
Stopping zero day threatsStopping zero day threats
Stopping zero day threatsZscaler
 
Developing A Cyber Security Incident Response Program
Developing A Cyber Security Incident Response ProgramDeveloping A Cyber Security Incident Response Program
Developing A Cyber Security Incident Response ProgramBGA Cyber Security
 
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...AI Frontiers
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the CloudAlert Logic
 

Similaire à Defending Biometric Security (20)

Biometrics/fingerprint sensors
Biometrics/fingerprint sensorsBiometrics/fingerprint sensors
Biometrics/fingerprint sensors
 
Best Practices in IBM i Security
Best Practices in IBM i SecurityBest Practices in IBM i Security
Best Practices in IBM i Security
 
Cyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxCyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptx
 
Offensive malware usage and defense
Offensive malware usage and defenseOffensive malware usage and defense
Offensive malware usage and defense
 
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10thCYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
 
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
 
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
 
Hack one iot device, break them all!
Hack one iot device, break them all!Hack one iot device, break them all!
Hack one iot device, break them all!
 
Cyber security with ai
Cyber security with aiCyber security with ai
Cyber security with ai
 
Marcos de Pedro Neoris authenware_cybersecurity step1
Marcos de Pedro Neoris authenware_cybersecurity step1Marcos de Pedro Neoris authenware_cybersecurity step1
Marcos de Pedro Neoris authenware_cybersecurity step1
 
Using Big Data to Counteract Advanced Threats
Using Big Data to Counteract Advanced ThreatsUsing Big Data to Counteract Advanced Threats
Using Big Data to Counteract Advanced Threats
 
It's about biometric system L10A_Savvides_Biometrics.pdf
It's about biometric system L10A_Savvides_Biometrics.pdfIt's about biometric system L10A_Savvides_Biometrics.pdf
It's about biometric system L10A_Savvides_Biometrics.pdf
 
Disrupt Hackers With Robust User Authentication
Disrupt Hackers With Robust User AuthenticationDisrupt Hackers With Robust User Authentication
Disrupt Hackers With Robust User Authentication
 
Fully Integrated Defense Operation
Fully Integrated Defense OperationFully Integrated Defense Operation
Fully Integrated Defense Operation
 
Discover advanced threats with threat intelligence - Jeremy Li
Discover advanced threats with threat intelligence - Jeremy LiDiscover advanced threats with threat intelligence - Jeremy Li
Discover advanced threats with threat intelligence - Jeremy Li
 
Stopping zero day threats
Stopping zero day threatsStopping zero day threats
Stopping zero day threats
 
Developing A Cyber Security Incident Response Program
Developing A Cyber Security Incident Response ProgramDeveloping A Cyber Security Incident Response Program
Developing A Cyber Security Incident Response Program
 
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
 

Dernier

UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2DianaGray10
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesThousandEyes
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform EngineeringJemma Hussein Allen
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...Product School
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...Product School
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backElena Simperl
 
НАДІЯ ФЕДЮШКО БАЦ «Професійне зростання QA спеціаліста»
НАДІЯ ФЕДЮШКО БАЦ «Професійне зростання QA спеціаліста»НАДІЯ ФЕДЮШКО БАЦ «Професійне зростання QA спеціаліста»
НАДІЯ ФЕДЮШКО БАЦ «Професійне зростання QA спеціаліста»QADay
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlPeter Udo Diehl
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...Product School
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Alison B. Lowndes
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...Sri Ambati
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...Product School
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaRTTS
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1DianaGray10
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Product School
 

Dernier (20)

UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
НАДІЯ ФЕДЮШКО БАЦ «Професійне зростання QA спеціаліста»
НАДІЯ ФЕДЮШКО БАЦ «Професійне зростання QA спеціаліста»НАДІЯ ФЕДЮШКО БАЦ «Професійне зростання QA спеціаліста»
НАДІЯ ФЕДЮШКО БАЦ «Професійне зростання QA спеціаліста»
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 

Defending Biometric Security

  • 1. Defending Biometric Security Identity Locker Ned Hayes, Founder @nedworking / ned@identity-locker.com ™
  • 3. Biometric Exploits are Here • Biometric exploits are here now, and they can be pervasive
  • 4. Biometric Exploits are Here • Biometric exploits are here now, and they can be pervasive The Threats to Biometric Security
  • 6. Biometric Exploits • Fingerprints • Facial Recognition • Iris Scans
  • 7. Fingerprints on Device Just asking to be broken: • Insecure storage on device Insecure storage in cloud • On-device enclave easily hacked / not encrypted
  • 8. Basic Exploit that actually works (on some Android phones) • Asdf • Etched PCB & Alumninum Foil (Starbug) • asdf
  • 9. How to Hack Fingerprints • Asdf • Etched PCB & Alumninum Foil (Starbug) • asdf
  • 10. Update on Fingerprints The Big Exploit (2018) • Deep Master Print – Philip Bontrager & Academic Team at NYU • A machine learning driven exploit that analyzed a number of fingerprints in order to build a 3D model fingerprint that matches a large portion of fingers used on for secure login on devices today.
  • 11. Facial Recognition Exploits • Facial scans work by matching characteristics of a face to a template enrolled in a DB. Basic “blocks” on face recognizers are known: • Adding obfuscation and visual confusion • Even wearing a hat and sunglasses can muck up a facial scan • Downside of most facial “obfuscation” hacks is that it can be recognized by other human beings More advanced exploits to fake the results: • Machine learning derived fake faces • AI-driven creation of face from multiple angles • 3D printing of 3D faces, with fake liveliness (hard to do, but academics have proven it’s doable)
  • 12. How to Stop a Facial Scan: Obfuscation
  • 13. Evolution of Facial Recog Exploits * * Original work by Yi Xu, True Price, Jan-Michael Frahm, and Fabian Monrose Department of Computer Science, University of North Carolina at Chapel Hill USENIX Security
  • 14. Evolution of Facial Recog Exploits * * Original work by Yi Xu, True Price, Jan-Michael Frahm, and Fabian Monrose Department of Computer Science, University of North Carolina at Chapel Hill USENIX Security
  • 15. Evolution of Facial Recog Exploits * * Original work by Yi Xu, True Price, Jan-Michael Frahm, and Fabian Monrose Department of Computer Science, University of North Carolina at Chapel Hill USENIX Security
  • 16. How to Fake a Facial Scan: 3D Heads • Reproduction of Facial Recog Areas only (higher fidelity)_
  • 17. Iris Scan Exploits • Iris scans appear to be highly secure, because it is scanning a unique body part under high resolution. However, it can be hacked: • Contact Lens can fake an iris • Upload of a infrared scan of a person’s face (no access to reference data, instead, just an infrared scan of a eye at high rez) • Requires technical expertise • Newer hacks require a scan of the iris – hack of reference data
  • 18. Iris Scan Exploits • Examples: Eye spy By Chaim Gartenberg @cgartenberg May 23, 2017, 10:37am EDT TECH SAMSUNG CYBERSECURITY Hacker beats Galaxy S8 iris scanner using an IR image and a contact lens 11 Based on name alone, the futuristic iris-scanning feature on the Galaxy S8 sounds like it would be the most secure way to lock your phone. Hacker Jan Krissler, who goes by the name Starbug, shows in a recent video that, despite the impressive technology in unlocking your phone with your eyes, the security system can be beaten with a relatively low-tech hack. As the video shows, Starbug is able to take a infrared picture of a person’s face using the night mode setting on a regular point and shoot camera. Print it out on an ordinary laser printer and it fools the camera by placing a contact lens over the image to give it the appearance of an actual human eye. While it certainly is a little more effort than, say, (https://1.bp.blogspot.com/-rSiTjwXZmT4/VPmbURLovxI/AAAAAAAAiH0/jB3L24BeGO0/s728- e100/iris-biometric-security-system.jpg) Hacker Finds a Simple Way to Fool IRIS Biometric Security Systems March 06, 2015 Swati Khandelwal Biometric security systems that involve person's unique identi cation (ID), such as Retinal, IRIS, Fingerprint or DNA, are still evolving to change our lives for the better even though the biometric scanning technology still has many concerns such as information privacy, and physical privacy. In past years, Fingerprint security system (https://thehackernews.com/2013/09/ nally- iphones- ngerprint-scanner.html) , which is widely used in different applications such as smartphones and judicial systems to record users' information and verify person's identity, were bypassed several times by various security researches, and now, IRIS scanner claimed to be defeated.
  • 19. Veins / Palm Exploits • Vein / Palm scans were thought to be highly secure alternative to fingerprints • Turns out that these can be hacked as well (with reference data)
  • 22. Biometric Identity Processing System • Input Data (1) • Input Data (1a) • Reference Data (1b) • Sensor (2) • Software (3) • Matcher • Threshold Sensor Software Preprocessing Matching Database (2) (3) (1b)(1a) Input Data (1a) Structure of this system originally outlined in this format by Starbug, 2014
  • 23. 3 Types of Attacks Sensor Software Preprocessing Matching Database (2) (3) (1b)(1a) Input Data (1a)• Attack the Input Data (1) • Input Data (1a) • Reference Data (1b) • Attack using the Sensor (2) • Attack the Software (3) • Matcher • Threshold Sensor Software Preprocessing Matching Database
  • 24. 1. Attack Via Input Data • Attack the Input Data (1) • Input Data (1a) • Most Common Attack Vector: Easiest and most accessible vulnerability • Reference Data (1b) • No Attacks recently directly along this vector • But high-fidelity hacks require access to cracked original Reference data Sensor Database (1b )(1a) Software Input Data Reference Data (1a)
  • 25. 2. Attack Via Sensor • Attack the Input Data (1) • Input Data (1a) • Reference Data (1b) • Attack using the Sensor (2) Sensor Software Preprocessing Database (2) (1b)(1a) Input Data (1a)
  • 26. 2. Attack Via Software • Attack the Input Data (1) • Input Data (1a) • Reference Data (1b) • Attack using the Sensor (2) • Attack the Software (3) • Matcher • Threshold Sensor Software Preprocessing Matching Database (2) (3) (1b)(1a) Input Data (1a)
  • 28. Multi-factor authentication • NIRVANA: Multiple biometrics + Identity Face match / PIV-I card check validation by an in-person check with actual human (military grade) • BETTER FOR BUSINESS: Multi-factor authentication which includes but does not privilege biometrics – treats data knowledge as equivalent • Multiple biometrics + PIN/Login / Passcode • PRETTY GOOD SECURITY: Multi-factor biometric security which occurs simultaneously (pretty hard to hack all in sync) • Fingerprints + Facial Recognition + Iris + Audio Recognition • Note: Requires enrollment/login stations capable of handling multiple biometrics BEST BETTER GOOD
  • 29. High fidelity / Multi-finger enrollment • Most fingerprint systems (on device) only collect and store a few millimeters of a fingertip. • This small sample set is relatively easy to replicate and use in a hack. • To prevent this hack, use a higher fidelity enrollment system that enrolls more area of the finger and more fingers on each hand. VS. Collect much more data, match on many more points
  • 30. Facial Recognition • Facial recognition systems also operate off a limited template • Adding complexity to the input is useful - ensure you are capturing not only the front face, but also the side, the back, as much movement as possible • Add Liveliness detection + multi-angles • Collect much more data, match on many more points VS.
  • 31. Software How to Prevent 3 Types of Attacks • Complicate/Harden the Input Data (1) • Provide Observation of Sensor (2) • Harden the Software (3) Preprocessing Matching Database (2) (1b)(1a) Input Data (1a) (3) Sensor
  • 32. 1. Harden/Complicate Input Data • Complicate/Harden the Input Data (1) • Input Data (1a) Database (1a) Input Data (1a) Sensor Software
  • 33. 1. Harden/Complicate Input Data • Complicate/Harden the Input Data (1) • Input Data (1a) • Add multiple biometrics that login simultaneously (not sequentially) • Require higher fidelity enrollment and more data from each biometric • Add more minutiae as input data Database (1b)(1a) Input Data (1a) Input Data + Sensor Software
  • 34. 2. Add Observation of Sensor Database (2) (1b)(1a) Input Data (1a)• Complicate/Harden the Input Data (1) • Provide Observation of Sensor (2) • IDEAL – IN PERSON: Have an actual person observe both enrollments and login (this can be done remotely & off-shore) • RANDOM SCREENS: Randomly audit logins with human observation • AI OBSERVATION: Add layer of observational video and AI to check humans at the enrollment station and actions at station. Check multiple signifiers of actual human activity (voice, movement, approach to station, etc.) Sensor Software
  • 35. 2. Add Observation of Sensor • Complicate/Harden the Input Data (1) • Provide Observation of Sensor (2) • IDEAL – IN PERSON: Have an actual person observe both enrollments and login (this can be done remotely & off-shore) • RANDOM SCREENS: Randomly audit logins with human observation • AI OBSERVATION: Add layer of observational video and AI to check humans at the enrollment station and actions at station. Check multiple signifiers of actual human activity (voice, movement, approach to station, etc.) Sensor Database (2) (1b)(1a) Input Data (1a) Software
  • 36. Software 3. Harden the Software Sensor Preprocessing Matching Database (2) (3) (1b)(1a) Input Data (1a) • Complicate/Harden the Input Data (1) • Communication Data (1a) • Reference Data (1b) • Provide Observation of Sensor (2) • Harden the Software (3) • THRESHOLD: ideal to raise threshold to accommodate high fidelity logins (adds enrollment and login time obviating some reasons to use biometrics in the first place) • PROCESSING: use hardened pre-processing with templates that provide encrypted matching algorithms / store templates securely • MULTI-FACTOR MATCHING: Match against multiple biometrics simultaneously, not just one input at a time.
  • 37. Software 3. Harden the Software • Complicate/Harden the Input Data (1) • Communication Data (1a) • Reference Data (1b) • Provide Observation of Sensor (2) • Harden the Software (3) • THRESHOLD: ideal to raise threshold to accommodate high fidelity logins (adds enrollment and login time obviating some reasons to use biometrics in the first place) • PROCESSING: use hardened pre-processing with templates that provide encrypted matching algorithms / store templates securely • MULTI-FACTOR MATCHING: Match against multiple biometrics simultaneously, not just one input at a time. Sensor Preprocessing Database (2) (1b)(1a) Input Data (1a) MatchingMatchingMatchingMatching (3)
  • 38. Software A Hardened Biometrics System More complicated, but much more secure • Complicate/Harden the Input Data (1) • Includes multiple bio inputs • Enroll at higher fidelity / more minutiae • Provide Observation of Sensor (2) • Includes observational data (actual human ideal) • Harden the Software (3) • Higher threshold for enrollment/login • Includes encrypted template DB • Includes multi-factor matching Sensor Preprocessing Matching Database (2) (1b) (1a) Input Data (1a) (3) MatchingMatchingMatching
  • 39. Defending Biometric Security Identity Locker Ned Hayes, Founder @nedworking / ned@identity-locker.com ™