BIOMETRICS AND YOUR IDENTITY

matchmoaningAI and Robotics

Nov 17, 2013 (3 years and 8 months ago)

69 views

BIOMETRICS AND YOUR IDENTITY



UBC


Computer Security


October 4, 2007


Gordon Ross


President


VIRTUAL PERCEPTIONSYSTEMS INC.

gordon@my
-
spy.com


www.my
-
spy.com



Biometrics:


A
unique

physical or behavioral characteristic
which can
practically

be collected, stored,
and compared against; for the purpose of
positive identification.


BIOMETRICS AND YOUR IDENTITY



BIOMETRIC
TERMS


Behavioral and physiological


Static and dynamic


One to one compare


One to many searching


False Acceptance Rate (FAR)


False Rejection Rate (FRR)


Failure to Enroll (FTE)



VARIOUS TYPES OF
BIOMETRICS


Fingerprint


Facial recognition


Iris


Voice recognition


Hand Geometry



ADDITIONAL TYPES OF
BIOMETRICS



Keystroke dynamics


Retinal Scan


Palm Print


Signature




HOW DOES
A BIOMETRIC
WORK?


Capture a Biometric
-
Enrollment


Process the Biometric
-
Algorithm


Store Result
-
Template


Compare
-
one to one


verification


Find
-
one to many


identification


Accept or Reject



Controlling access


Monitoring


Authentication


Identification


ATM applications

SOME USES OF BIOMETRICS

HOW COULD
BIOMETRICS
BE
USED AND
FOR WHAT PURPOSE?


Open the door please.


Is this the person on record?


Who are you?


Can this smart card log me in?


Am I the rightful owner of this password?



HOW COULD
BIOMETRICS
BE
USED AND
FOR
WHAT PURPOSE?


Open doors
-
physical access


City of Baltimore
-
Department of Public Works
uses Voice Authentication for Access Control


OR…


Is this the person on record?


Identification


State of Connecticut
-
Department of Social
Services uses Finger Print Imaging to reduce
welfare fraud
-
$23M savings


Who are you?


Nation Bank
-

TX


ATM application

OR…


Do we know you?


Facial recognition at Super Bowl in Florida.


Match against known image.

OR…


Am I the rightful owner of this password?


Login by:


Typing user name and password


AND



Your unique Biometric.

OR…



Social Engineering


Collusion


Theft or Fraud


HOW CAN A BIOMETRIC BE BYPASSED OR
DEFEATED?

**Making A Mold

Soften Plastic
Material with Hot
Water

Press Live
Finger into
Plastic.

Final Mold.

**From Tsutomu
Matsumoto’s research..

MAKE AN ARTIFICIAL FINGER PRINT

Make the Liquid and Gelatin mix where the gelatin is at 50% wt.

Add Boiling Water 30cc to 30g of gelatin and mix.
Process takes approximately 20 minutes.

Artificial Finger Print

**From a Real
Finger.

**From Tsutomu
Matsumoto’s research..

MAKE AN ARTIFICIAL FINGER PRINT

**From a Real
Finger.

Pour Liquid Into
Mold.

Refrigerate To
Cool.

Final Gummy
Print.

This Process takes approximately 10 Minutes.

**From Tsutomu
Matsumoto’s research..

MAKE AN ARTIFICIAL FINGER PRINT

Manufacturer/Selling Agency

Type

Sensor
Type

Live
Detection

1

Compaq Computer Corp.

DFR
-
200

Optical

Unknown

2

Mitsubishi Electric Corp.

FPR
-
DTmk11

Optical

Unknown

3

NEC Corp.

N7950
-
41, PK
-
FP002

Optical

Unknown

4

OMRON Corp.

FPS
-
1000

Optical

Unknown

5

Sony Corp.

FIU
-
002
-
F11,FIU
-
710

Capacitive

Yes

6

SecuGen Corp.

SMB
-
800

Optical

Unknown

7

FUJITSU Limited

FS
-
200U

Capacitive

Unknown

8

Siemens AG

EVALUATION
-
KIT

Capacitive

Unknown

9

Enthetica Inc.

MS 3000

Optical

Unknown

**From Tsutomu Matsumoto’s
research..

DEVICES THAT WERE SPOOFED..

HOW CAN A BIOMETRIC BE BYPASSED OR
DEFEATED?


Tsutomu Matsumoto tsutomu@mlab.jks.ynu.ac.jp

http://www.cyberpunks.org/display/630/article/



c’t Magazine from Germany

http://www.heise.de/ct/english/02/11/114/



Just “Google”
-

“Defeating Biometrics” for more
information.

*FaceVACS
-
Logon can be outfoxed
with a short video clip of a registered
person.

Once Live
-
Check has been activated all attempts at deception with stills are foiled.

A short .AVI video clip with the webcam in which a registered user was seen to
move his head slightly to left and right.



The program did in fact detect in the video sequence played to it a moving
'genuine' head with a known facial metric, whereupon it granted access to the
system.

*c’t magazine


Germany

FACIAL & IRIS RECOGNITION SYSTEMS

ROI ON BIOMETRIC PROJECTS


Quantify likelihood of previous cases


Costs


Technology Acquisition (HW & SW)


User training
-
hard enrollment


FTR


Deployment
-
configuration check


Process change


Help desk calls


Hardware product lifecycle

SUMMARY


Biometrics field is old, industry is new


Entire industry was $65M in
1999


Global Industry Analysts Inc. states biometric sales
are to exceed $6.48 billion by 2010…
(July 2007)


Not a technology issue but a people issue


Due diligence is
key.


Privacy is also a concern.


Biometrics helps with authentication


Nothing is absolute!


BIOMETRIC RESOURCES



www.bioapi.org


www.ibia.org


www.biometricgroup.com


www.biodigest.com

THANK YOU…


QUESTIONS?


Gordon Ross


BScEE


CET


HSG

VIRTUAL PERCEPTION SYSTEMS INC.

gordon@my
-
spy.com


www.my
-
spy.com