Biometrics – Fingerprints - CUPS

minorbigarmSecurity

Nov 30, 2013 (3 years and 4 months ago)

60 views

Brent Kennedy


Overview


Security Issues


Usability Issues


Bring it all together


Discussion



Sequence of ridges and valleys


No two fingerprints can be exactly the same


Even two imprints from the same finger are
different


Reliable and efficient biometric


Still are cons


Scanners work by imaging the print and using
an algorithm to compare images

http://denis.biometric
-
fingerprint.com/?cat=7

http://en.wikipedia.org/wiki/Fingerprint


Storage


How are the fingerprints stored?


Who can access them?


Privacy


Can fingerprints lead to more information?


Device


Is it susceptible to over the shoulder peeks?


Does it leave a trace?


Can it be spoofed?



>


Small experiment
done at W&J College


January 2006



Aimed to spoof
fingerprints using
common household
items



Total Cost: $12.82




Cast:


Play
-
Doh


Gummy bears


Model Magic


Silly Putty


Modeling clay


Tac

N’
Stik



Mold:


Paraffin wax


http://www.washjeff.edu/users/ahollandminkley/Biometric/index.html


Devices


Microsoft Fingerprint Reader


APC Biometric Security device



What failed…


One
-
step method of taking a print directly from
the source (no cast)


Gummy bears: Myth busted!


Wouldn’t even hold a fingerprint


Tac

N’
Stik

worked too well


Picked up old prints from the scanner


Silly putty stuck to the device


Play
-
Doh

was too soft to withstand pressure


Success!


Very soft piece of wax flattened against hard
surface


Press the finger to be molded for 5 minutes


Transfer wax to freezer for 10
-
15 minutes


Firmly press modeling material into cast


Press against the fingerprint reader


Replicated several times



Modified approach on the APC device


Requires less pressure so Play
-
Doh

can be used


Form the Play
-
Doh

around the scanner surface


Then place the flat surface in the cast


More patience required to get authorized



After time, the mold becomes too soft to use



Caveats


Molding material becomes firm and brittle quickly


Hard to make a cast ahead of time


Very high quality mold is required


Attacker may need more advanced materials


All molds were of the thumb


Smaller prints may cause additional problems


The main usability factors for fingerprints:


Scanner height/angle


Training conditions


Age


Habituation


Supervision


Height/Angle


Efficiency (time) not significantly affected by
height or angle


Quality significantly affected by height but not
angle


Still hard to determine optimal height


Overall satisfaction affected by height, angle, and
user height


http://zing.ncsl.nist.gov/biousa/docs/NISTIR
-
7504%20height%20angle.pdf


Age


18
-
25 age range gave consistent good prints


Prints get worse as age increases


Men overall better than women


Habituation


No trend to print quality over time


Users didn’t know how to fix bad prints

http://zing.ncsl.nist.gov/biousa/docs/WP302_Theofanos.pdf


Training/Supervision


Poster had worst success rate: 56%


Verbal vs. video instruction had equal success


Assistance significantly increased success rate


78% without assistance


98% with assistance



http://zing.ncsl.nist.gov/biousa/docs/NISTIR
-
7403
-
Ten
-
Print
-
Study
-
03052007.pdf


Can better usability solve the spoofing
problem?


It can help


Smaller scanning area


Slap vs. roll


Better algorithms with better feedback