ENTROPY OF FINGERPRINT SENSORS. Do different fingerprint sensors affect the entropy of a...
-
Upload
lambert-nickolas-merritt -
Category
Documents
-
view
222 -
download
1
Transcript of ENTROPY OF FINGERPRINT SENSORS. Do different fingerprint sensors affect the entropy of a...
ENTROPY OF FINGERPRINT
SENSORS
•Do different fingerprint sensors affect the entropy of a fingerprint?
RESEARCH QUESTION/HYPOTHESIS
• Industry has been pushing for biometrics to replace passwords
• More convenient, but are biometrics still as secure as a traditional password?
STATEMENT OF THE PROBLEM
•The purpose is to discover whether or not different fingerprint sensors will produce different results for entropy across the same subjects and the same finger in all trials
STATEMENT OF PURPOSE/SCOPE
LITERATURE REVIEW
•Biometrics refers to the identification of an individual based on singular physiological or behavioral traits
•A biometric factor must be measurable, permanent in nature, and unique to an individual
• Examples include fingerprints, face, hand geometry and iris etc.
BIOMETRICS
•Passwords are secret based authentication, meaning that the person being authenticated has to have the knowledge of the password
•They can be guessed by brute force attack methods
PASSWORDS
•Entropy, in the case of biometrics, refers to the randomness of the biometric sample as it is collected and converted into a template
•Unlike passwords, which can be changed or varied in length, each unique biometric sample has only one possible character key associated with it
BIOMETRICS AND PASSWORDS
•What makes a fingerprint unique is the pattern, made up of the various ridges, bifurcations and endings. Each line has a specific beginning and an end, or sometimes splits into two lines
MINUTIAE
•Shannon coined the term entropy in information theory
•Since been used in cryptography as a measure of the difficulty of guessing a password or secret key
SHANNON’S THEORY
•When relating entropy and passwords, the higher the entropy, the longer the password needs to be
ENTROPY AND PASSWORDS
• The logic of defining entropy of a user selected password is an estimate.
• The first character is taken to be 4 bits of entropy
• The entropy of the next 7 characters are 2 bits per character
• The 9th through the 20th character is 1.5 bits per character
• For characters 21 and above entropy is 1 bit per character
• An additional 6 bits of entropy is added for the composition rule. The composition rule requires lower-case, upper-case, and non-alphabetic characters
USER SELECTED PASSWORDS 94 CHARACTERS
•3 bits of Entropy for the first character
•2 bits of Entropy for the next three characters
•1 bit of Entropy for the rest of the characters
USER SELECTED PASSWORDS 10 CHARACTERS
• “If a password is chosen at random there are possible values and the password is said to have H bits of entropy.”
• “If a password length l is chosen at random from an alphabet of b characters, the entropy of the password is .”
• The general formula for entropy is
RANDOMLY SELECTED PASSWORDS
METHODOLOGY
•151 Subjects
• 107 male
• 44 female
•Each supplied their right index finger 6 times on 8 different sensors
•All sensors produced consistent image sizes
DATA COLLECTION
SENSORS
Datarun Area (Pixels) Type1761 300x428 Thermal Swipe1762 640x480 Optical Touch1763 330x357 Optical Touch1764 300x300 Capacitive Touch1765 320x480 Optical Touch1766 248x292 Optical Touch1767 186x270 Capacitive Swipe
1768 256x360 Capacitive Touch
HARDWARE USED
• VeriFinger SDK v5
• Extract minutiae data
• Megamatcher
• Used for ground truthing
• Visual Studio (C#)
• Used for Entropy calculations
• Filemaker 13
• Used to manage the samples
SOFTWARE USED
• Created data runs to only include those subjects who successfully supplied 6 samples across all 8 sensors
• Extracted the data from the database and processed the images through VeriFinger SDK 5.0 to extract the minutiae information
• Subjects were removed from all 8 data runs if one of their samples were unable to extract minutiae
DATA MANAGEMENT
• VeriFinger SDK V.5 outputted the minutiae data including the x, y, theta, and type of minutiae point
• x and y are the location of the point in the image
• Theta is the angle of the minutiae point
• Theta is classified as either 1, 2, 3, or 4 depending on the angle
• Type is either ridge ending or bifurcation
• Ending = 1
• Bifurcation = 2
MINUTIAE DATA
•Angle 1: 0° - 89°
•Angle 2: 90° - 179°
•Angle 3: 180° - 269°
•Angle 4: 270° - 359°
1 432
•Keyspace needs to be determined
•Based on two parameters
• Possible pixel locations, denoted by L, which is the surface area of the image (varied between data runs)
• Possible characteristics about a minutiae point, denoted by C, which is defined by type and angle as defined earlier
ENTROPY CALCULATION
•P(l) = probability a pixel will have a minutiae point
•P(c) = probability a pixel will be a specific type and angle
•P(l,c) = probability a pixel will have a minutiae point with a specific type and angle
ENTROPY CALCULATION
RESULTS
SAMPLES FROM EACH SENSOR
•The same subject across all 8 sensors
Datarun TypeAngle
1Angle
2Angle
3Angle
4 End Bif a1end a1bif a2end a2bif a3end a3bif a4end a4bifavg
minutiae entropyentropy per
minutiae
1761Thermal Swipe 0.235 0.271 0.294 0.200 0.523 0.477 0.123 0.112 0.142 0.129 0.154 0.140 0.105 0.095 40.000 64.528 1.613
1762Optical Touch 0.244 0.288 0.271 0.198 0.694 0.306 0.169 0.075 0.200 0.088 0.188 0.083 0.137 0.060 39.000 70.361 1.804
1763Optical Touch 0.288 0.289 0.267 0.157 0.635 0.365 0.183 0.105 0.183 0.105 0.169 0.097 0.100 0.057 30.000 52.237 1.741
1764Capacitive
Touch 0.312 0.299 0.258 0.132 0.654 0.346 0.204 0.108 0.195 0.103 0.169 0.089 0.086 0.046 24.000 43.319 1.805
1765Optical Touch 0.252 0.283 0.275 0.190 0.617 0.383 0.156 0.097 0.175 0.108 0.170 0.105 0.117 0.073 38.000 63.508 1.671
1766Optical Touch 0.296 0.280 0.280 0.143 0.590 0.410 0.175 0.121 0.165 0.115 0.165 0.115 0.085 0.059 27.000 45.591 1.689
1767Capacitive
Swipe 0.277 0.318 0.255 0.150 0.596 0.404 0.165 0.112 0.190 0.128 0.152 0.103 0.089 0.060 25.000 42.802 1.712
1768Capacitive
Touch 0.259 0.278 0.281 0.181 0.609 0.391 0.158 0.101 0.169 0.109 0.171 0.110 0.110 0.071 35.000 57.995 1.657
ENTROPY CALCULATIONS TABLE
•The highest minutiae count was produced by a thermal swipe sensor
•Optical touch sensors seem to provide a higher average minutiae count than capacitive touch sensors
•A capacitive sensor provided the highest entropy per minutiae but least average minutiae.
SENSOR RESULTS
MINUTIAE VS. CHARACTER LENGTH
25 26 27 28 29 30 31 32 33 346
6.5
7
7.5
8
8.5
9
9.5
10
Minutiae vs. Character Length
1761 1762 1763 1764 1765 1766 1767 1768
Minutiae
Chara
cter
Length
Probability of Minutiae Location
0100
200
0
2
4
051
0300
300
051
4 05
4
6
musF
Y
X
1671 nuR ataD
0200
400
0
2
4
051
06 00
4
03 0
051
4 054
4
6
musF
Y
X
2671 nuR ataD
0001
002
0
2
4
001
0300
03
020
00
4
6
musF
Y
X
3671 nuR ataD
0100
200
0
2
4
100
0300
2 00
100
300
6
musF
Y
X
4671 nuR ataD
0001
02 0
0.0
5.1
3.0
015
0003
4
03 0
015
4 054
4.5
musF
Y
X
5671 nuR ataD
0100
02
0
2
4
010
000
200
010
300
6
musF
Y
X
6671 nuR ataD
005
00151
00.
.52
.50
001
005
002
001
003
5.7
musF
Y
X
7671 nuR ataD
0001
002
0.0
1.5
0.3
100
000
03
200
00
4.5
musF
Y
X
8671 nuR ataD
ENTROPY AND PASSWORD LENGTH
User Chosen Randomly Chosen94 Char. Alphabet 10 Char. Alphabet 94 Char.
DatarunAvg.
MinutiaeEntropy No Checks
Dict. & Composition
Rule1761 40 64.5 49 43 60 19.4 9.81762 39 70.4 55 48 65 21.2 10.71763 30 52.2 36 30 47 15.7 8.01764 24 43.3 27 21 38 13.0 6.61765 38 63.5 48 42 59 19.1 9.71766 27 45.6 30 24 41 13.7 7.01767 25 42.8 27 21 38 12.9 6.51768 35 58.0 42 36 53 17.5 8.8
•The first three columns are entropy calculations based on the data runs
•The next columns output a password length equal to the entropy of the data run
•There are also other conditions under which the password has constraints, such as being out of 94 possible characters or 10
EXPLANATION
CONCLUSIONS
•When analyzing the data there seemed to be some scanners that had a very low quality image but high minutiae
•This could have to do with the scanner type specifically or rather a function image quality, or image size
CONCLUSIONS
REFERENCES