The Biometric Dilemma: The Biometric Dilemma Rick Smith, Ph.D., CISSP rick_smith@securecomputing.com 28 October 2001


Outline: Outline Biometrics: Why, How, How Strong Attacks, FAR, FRR, Resisting trial-and-error Server-based Biometrics Attacking a biometric server Digital spoofing, privacy intrusion, latent print reactivation Token-based Biometrics Physical spoofing Voluntary and involuntary spoofing Summary


Biometrics: Why?: Biometrics: Why? Eliminate memorization – Users don’t have to memorize features of their voice, face, eyes, or fingerprints Eliminate misplaced tokens – Users won’t forget to bring fingerprints to work Can’t be delegated – Users can’t lend fingers or faces to someone else Often unique – Save money and maintain database integrity by eliminating duplicate enrollments


The Dilemma: The Dilemma They always look stronger and and easier to use than they are in practice Enrollment is difficult Easy enrollment = unreliable authentication Measures to prevent digital spoofing make even more work for administrators, almost a “double enrollment” process Physical spoofing is easier than we’d like Recent examples with fingerprint scanners, face scanners


Biometrics: How?: Biometrics: How? Measure a physical trait The user’s fingerprint, hand, eye, face Measure user behavior The user’s voice, written signature, or keystrokes From Authentication © 2002. Used by permission From Authentication © 2002. Used by permission


Biometrics: How Strong?: Biometrics: How Strong? Three types of attacks Trial-and-error attack Classic way of measuring biometric strength Digital spoofing Transmit a digital pattern that mimics that of a legitimate user’s biometric signature Similar to password sniffing and replay Biometrics can’t prevent such attacks by themselves Physical spoofing Present a biometric sensor with an image that mimics the appearance of a legitimate user


Biometric Trial-and-Error: Biometric Trial-and-Error How many trials are needed to achieve a 50-50 chance of producing a matching reading? Typical objective: 1 in 1,000,000  219 Some systems achieve this, but most aren’t that accurate in practical settings Team-based attack A group of individuals take turns pretending to be a legitimate user (5 people X 10 finger = 50 fingers)


Passwords: A Baseline: Passwords: A Baseline


Biometric Authentication: Biometric Authentication Compares user’s signature to previously established pattern built from that trait “Biometric pattern” file instead of password file Matching is always approximate, never exact


Pattern Matching: Pattern Matching We compare how closely a signature matches one user’s pattern versus another’s pattern From Authentication © 2002. Used by permission


Matching Self vs. Others: Matching Self vs. Others From Authentication © 2002. Used by permission


Matching in Practice: Matching in Practice FAR = recognized Bob instead; FRR = doesn’t recognize me From Authentication © 2002. Used by permission


Measurement Trade-Offs: Measurement Trade-Offs We must balance the FAR and the FRR Lower FAR = Fewer successful attacks Less tolerant of close matches by attackers Also less tolerant of authentic matches Therefore – increases the FRR Lower FRR = Easier to use Recognizes a legitimate user the first time More tolerant of poor matches Also more tolerant of matches by attackers Therefore – increases the FAR Equal error rate = point where FAR = FAR


Trial and Error in Practice: Trial and Error in Practice Higher security means more mistakes When we reduce the FAR, we increase the FRR More picky about signatures from legitimate users, too


Biometric Enrollment: Biometric Enrollment How it works User provides one or more biometric readings The system converts each reading into a signature The system constructs the pattern from those signatures Problems with biometric enrollment It’s hard to reliably “pre-enroll” users Users must provide biometric readings interactively Accuracy is time consuming Take trial readings, build tentative patterns, try them out Take more readings to refine patterns Higher accuracy requires more trial readings


Compare with Password or Token Enrollment: Compare with Password or Token Enrollment Modern systems allow users to self-enroll User enters some personal authentication information Establish a user name Establish a password: system generated or user chosen Establish a token: enter its serial number Password enrollment is comparatively simple Tokens require a database associating serial numbers with individual authentication tokens Database is generated by token’s manufacturer Enrollment system uses it to establish user account Token’s PIN is managed by the end user


Biometric Privacy: Biometric Privacy The biometric pattern acts like a password But biometrics are not secrets Each user leaves artifacts of her voice, fingerprints, and appearance wherever she goes Users can’t change biometrics if someone makes a copy We can trace people by following their biometrics as they’re saved in databases


Server-based biometrics: Server-based biometrics Boring but important Some biometric systems require servers When you need a central repository Identification systems (FBI’s AFIS) Uniqueness systems (community social service orgs)


Attacking Server Biometrics: Attacking Server Biometrics From Authentication © 2002. Used by permission


Attacks on Server Traffic: Attacks on Server Traffic Attack on privacy of a user’s biometrics Defense = encryption while traversing the network Attack by spoofing a digital biometric reading Defense = authenticating legitimate biometric readers Both solutions rely on trusted biometric readers From Authentication © 2002. Used by permission


Trusted Biometric Reader: Trusted Biometric Reader Blocks either type of attack on server traffic Security objective – reliable data collection Must embed a cryptographic secret in every trusted reader Increased development cost Increased administrative cost – administrators must keep the reader’s keys safe and up-to-date Must enroll both users and trusted readers “Double enrollment” Database of device keys from biometric vendor One device per workstation is often like one per user Standard tokens are traditionally lower-cost devices


Another Server Attack: Another Server Attack Experiments in the US and Germany Willis and Lee of Network Computing Labs, 1998 Reported in “Six Biometric Devices Point The Finger At Security” in Network Computing, 1 June 1998 Thalheim, Krissler, and Ziegler, 2002 Reported in “Body Check,” C’T (Germany) http://www.heise.de/ct/english/02/11/114/ Attack on “capacitive” fingerprint sensors Measures change in capacitance due to presence or absence of material with skin-like response 65Kb sensor collects ~20 minutiae from fingerprint Traditional techniques use 10-12 for identification Attack exploits the fatty oils left over from the last user logon


Latent Finger Reactivation: Latent Finger Reactivation Three techniques Oil vs. non-oil regions return difference as humidity increases Breathe on the sensor (Thalheim, et al) You can watch the print reappear as a biometric image Works occasionally Use a thin-walled plastic bag of warm water More effective, but not 100% Works occasionally even when system is set to maximum sensitivity Dust with graphite (Willis et al; Thalheim et al) Attach clear tape to the dust Press down on the sensor Most reliable technique – almost 100% success rate (Thalheim)


This Shouldn’t Work: This Shouldn’t Work According to Siemens – vendor of the “ID Mouse” used in those examples – Authentication procedure remembers the last fingerprint used System rejects a match that’s “too close” to the last reading as well as a match that’s “too far” from the pattern Observations Defense didn’t work in these experiments Tape can be repositioned to create a ‘different’ reading Hard to track through multiple biometric readers Assume the user logs in at multiple locations over time Then the latent image on some reader is not the most recent one accepted for login


What about “Active” Biometric Authentication?: What about “Active” Biometric Authentication? Some (Dorothy Denning) suggest the use of biometrics in which the pattern incorporates “dynamic” information uniquely associated with the user Possible techniques Require any sort of non-static input that matches the built-in pattern Moving the finger around on the fingerprint reader Challenge response that demands an unpredictable reply Voice recognition that demands reciting an unpredictable phrase Both are vulnerable to a dynamic digital attack based on a copy of the user’s biometric pattern Ease of use issue Requires more complex user behavior, which makes it harder to use and less reliable


Attacking Active Biometrics: Attacking Active Biometrics A feasible dynamic attack uses the system’s algorithms to generate an acceptable signature Example Attacker collects enough biometric samples from the victim to build a plausible copy of victim’s biometric pattern During login, attacker is prompted for a spoken phrase from the victim Attack software generates a digital message based on the user’s biometric pattern There may be a sequence of timed messages or a single message – it doesn’t matter If the server can predict what the answer should be, based on a static biometric pattern, so can the attacker


Token-Based Biometrics: Token-Based Biometrics Authenticate with biometric + embedded secret From Authentication © 2002. Used by permission


Token Technology: Token Technology Resist copying and other attacks by storing the authentication secret in a tamper-resistant package. From Authentication © 2002. Used by permission


Tokens Resist Trial-and-Error Attacks: Tokens Resist Trial-and-Error Attacks These numbers assume that the attacker has not managed to steal a token


Biometric Token Operation: Biometric Token Operation The “real” authentication is based on a secret embedded in the token The biometric reading simply “unlocks” that secret Benefits User retains control of own biometric pattern Biometric signatures don’t traverse networks Problems Biometric Tokens cost more Less space and cost for the biometric reader The biometric serves as a PIN


Attacks on Biometric Tokens: Attacks on Biometric Tokens If you can trick the reader, you can probably trick the token Digital spoofing shouldn’t work We’ve eliminated the vulnerable data path Latent print reactivation (remember?) Tokens should be able to detect and reject such attacks Attacks by cloning the biometric artifact Voluntary cloning (the authorized user is an accomplice) Involuntary cloning (the authorized user is unaware)


Voluntary finger cloning: Voluntary finger cloning Select the casting material Option: softened, free molding plastic (used by Matsumoto) Option: part of a large, soft wax candle (used by Willis; Thalheim) Push the fingertip into the soft material Let material harden Select the finger cloning material Option: gelatin (“gummy fingers” used by Matsumoto) Option: silicone (used by Willis; Thalheim) Pour a layer of cloning material into the mold Let the clone harden You’re Done!


Matsumoto’s Technique: Matsumoto’s Technique Only a few dollars’ worth of materials


Making the Actual Clone: Making the Actual Clone You can place the “gummy finger” over your real finger. Observers aren’t likely to detect it when you use it on a fingerprint reader. (Matsumoto)


Involuntary Cloning: Involuntary Cloning The stuff of Hollywood – three examples Sneakers (1992) “My voice is my password” Never Say Never Again (1983) cloned retina Charlie’s Angels (2000) Fingerprints from beer bottles Eye scan from oom-pah laser You clone the biometric without victim’s knowledge or intentional assistance Bad news: it works!


Cloned Face: Cloned Face More work by Thalheim, Krissler, and Ziegler Reported in “Body Check,” C’T (Germany) http://www.heise.de/ct/english/02/11/114/ Show the camera a photograph or video clip instead of the real face Video clip required to defeat “dynamic” biometric checks Photo was taken without the victim’s assistance (video possible, too) Face recognition was fooled Cognitec's FaceVACS-Logon using the recommended Philips's ToUcam PCVC 740K camera


Matsumoto’s 2nd Technique: Matsumoto’s 2nd Technique Cloning a fingerprint from a latent print Capture clean, complete fingerprint on a glass, CD, or other smooth, clean surface Pick it up using tape and graphite Scan it into a computer at high resoultion Enhance the fingerprint image Etch it onto printed circuit board (PCB) material Use the PCB as a mold for a “gummy finger”


Making a Gummy Finger from a Latent Print: Making a Gummy Finger from a Latent Print From Matsumoto, ITU-T Workshop


The Latent Print Dilemma: The Latent Print Dilemma Tokens tend to be smooth objects of metal or plastic – materials that hold latent prints well Can an attacker steal a token, lift the owner’s latent prints from it, and construct a working clone of the owner’s fingerprint? Worse, can an attacker reactivate a latent image of the biometric from the sensor itself? Answer: in some cases, YES.


Finger Cloning Effectiveness: Finger Cloning Effectiveness Willis and Lee could trick 4 of 6 sensors tested in 1998 with cloned fingers Thalheim et al could trick both “capacitive” and “optical” sensors with cloned fingers Products from Siemens, Cherry, Eutron, Verdicom Latent image reactivation only worked on capacitive sensors, not on optical ones Matsumoto tested 11 capacitive and optical sensors Cloned fingers tricked all of them Compaq, Mitsubishi, NEC, Omron, Sony, Fujitsu, Siemens, Secugen, Ethentica


Summary: Summary Traditional FAR and FRR statistics don’t tell the whole story about biometric vulnerabilities Networked biometrics require trusted readers that pose extra administrative headaches We can build physical clones of biometric features that spoof biometric readers Matsumoto needed $10 worth of materials and 40 minutes to reliably clone a fingerprint We can often build clones without the legitimate user’s intentional participation


Thank You!: Thank You! Questions? Comments? My e-mail: Rick_Smith@securecomputing.com http://www.visi.com/crypto http://www.securecomputing.com