Brent Kennedy
Overview
Security Issues
Usability Issues
Bring it all together
Discussion
Sequence of ridges and valleys
No two fingerprints can be exactly the same
Even two imprints from the same finger are
different
Reliable and efficient biometric
Still are cons
Scanners work by imaging the print and using
an algorithm to compare images
http://denis.biometric
-
fingerprint.com/?cat=7
http://en.wikipedia.org/wiki/Fingerprint
Storage
How are the fingerprints stored?
Who can access them?
Privacy
Can fingerprints lead to more information?
Device
Is it susceptible to over the shoulder peeks?
Does it leave a trace?
Can it be spoofed?
>
Small experiment
done at W&J College
January 2006
Aimed to spoof
fingerprints using
common household
items
Total Cost: $12.82
Cast:
Play
-
Doh
Gummy bears
Model Magic
Silly Putty
Modeling clay
Tac
N’
Stik
Mold:
Paraffin wax
http://www.washjeff.edu/users/ahollandminkley/Biometric/index.html
Devices
Microsoft Fingerprint Reader
APC Biometric Security device
What failed…
One
-
step method of taking a print directly from
the source (no cast)
Gummy bears: Myth busted!
▪
Wouldn’t even hold a fingerprint
Tac
N’
Stik
worked too well
▪
Picked up old prints from the scanner
Silly putty stuck to the device
Play
-
Doh
was too soft to withstand pressure
Success!
Very soft piece of wax flattened against hard
surface
Press the finger to be molded for 5 minutes
Transfer wax to freezer for 10
-
15 minutes
Firmly press modeling material into cast
Press against the fingerprint reader
Replicated several times
Modified approach on the APC device
Requires less pressure so Play
-
Doh
can be used
Form the Play
-
Doh
around the scanner surface
Then place the flat surface in the cast
More patience required to get authorized
After time, the mold becomes too soft to use
Caveats
Molding material becomes firm and brittle quickly
▪
Hard to make a cast ahead of time
Very high quality mold is required
▪
Attacker may need more advanced materials
All molds were of the thumb
▪
Smaller prints may cause additional problems
The main usability factors for fingerprints:
Scanner height/angle
Training conditions
Age
Habituation
Supervision
Height/Angle
Efficiency (time) not significantly affected by
height or angle
Quality significantly affected by height but not
angle
▪
Still hard to determine optimal height
Overall satisfaction affected by height, angle, and
user height
http://zing.ncsl.nist.gov/biousa/docs/NISTIR
-
7504%20height%20angle.pdf
Age
18
-
25 age range gave consistent good prints
Prints get worse as age increases
Men overall better than women
Habituation
No trend to print quality over time
Users didn’t know how to fix bad prints
http://zing.ncsl.nist.gov/biousa/docs/WP302_Theofanos.pdf
Training/Supervision
Poster had worst success rate: 56%
Verbal vs. video instruction had equal success
Assistance significantly increased success rate
▪
78% without assistance
▪
98% with assistance
http://zing.ncsl.nist.gov/biousa/docs/NISTIR
-
7403
-
Ten
-
Print
-
Study
-
03052007.pdf
Can better usability solve the spoofing
problem?
It can help
Smaller scanning area
Slap vs. roll
Better algorithms with better feedback
Enter the password to open this PDF file:
File name:
-
File size:
-
Title:
-
Author:
-
Subject:
-
Keywords:
-
Creation Date:
-
Modification Date:
-
Creator:
-
PDF Producer:
-
PDF Version:
-
Page Count:
-
Preparing document for printing…
0%
Σχόλια 0
Συνδεθείτε για να κοινοποιήσετε σχόλιο