Forensic Use of Biometric Access Devices

Zeno Geradts PhD, Jurrien Bijhold PhD, Arnout Ruifrok

PhD

Netherlands Forensic Institute

Digital Evidence section

Outline

• Definition Biometrics

• Biometrics within the NFI

• Biometric Access Systems

• Tampering with these systems

• Research and Development

• Discussion on forensic evidence

Biometrics

• Biometrics is the automatic identification or recognition of people based on behavioral or physiological characteristics.

• Definition from International Biometric Group in New York

Biometrics

• More invested in airport security and other security systems

• Other codes, like pin codes and passwords are sometimes difficult to remember, and often not difficult to obtain by third parties

• Since others can use them also it does not “identify” the person

Biometrics at Digital Evidence section• Length measurements• Face comparison• Morphometric comparison with 3D models• Pattern Recognition from Forensic

Databases• FearID project • Biometric Systems

Biometric Properties

• Face, Weight• Fingerprint• Iris, Retina • Hand shape, blood vessel patterns• Ear shape• DNA• Odor• Voice, gait, movement, entering passwords in computers• Handwriting• Many others

Examples

• Irisscan Schiphol

• Face recognition in

airports

Biometric System

(Common Methodology for Information Technology Security Evaluation, The Biometric Evaluation Methodology Working Group, 2002)

Properties Biometric System

• FRR, ‘false rejection rate’

• FAR, ‘false acceptance rate’

• FER, ‘Failure to enroll’

Public applications

Low security,Large numbers

High security applications

Performance

Face recognition - eigenfaces

• http://www.geop.ubc.ca/~kaplan/eigenfaces.html

= a + b + c +…..

= d + e + f +…..

Obscure ways of biometrics

• Ear channel

Gait

FearID: earprints as evidence ?

At Newark airport, an average of 70,000 passengers pass through daily. If all of these used biometric-authenticated smart cards for identification, there would be 140 falsely rejected (and inconvenienced) passengers per day for fingerprints, and 10,500 for face or voice.

Lawrence O’Gorman, “Seven Issues with Human Authentication Technologies”, AutoID 2002

“State-of-the-art” Error Rates“State-of-the-art” Error Rates

2-5%10-20%Text Independent

NIST[2000]

Voice

0.1-20%10-20%11-13 mo. Spaced

FRVT[2000]

Face

0.2%0.2%(Best EER)

20 years (average age)

FVC[2002]

Fingerprint

False Accept Rate

False Reject Rate

Test Parameter

Test

Anil K. Jain Dept. of Computer Science and Engineering Michigan State University http://biometrics.cse.msu.edu

Forging biometrics

• Finger Print - silicon cast

• Hand Palm - latex model

• Voice - digital or analog recording

• Face - photograph or mask on face

• Keyboard strokes - recording

• Iris – photograph of iris

Life detection

• Patent information :

• Hart beat• Blood pressure• 3D-shape• Example influence pupil – light• Resistance

1: User. Authorized user provides own biometric sample, unknowingly, unwillingly or willingly (collusion), to imposter.

2: User/capture. Authorized user tries to enroll a weak biometric template.Imposter presents own biometric sample in an attempt to impersonate an authorized user.Imposter modifies own biometric in an attempt to impersonate.Imposter presents an artificial biometric sample.Imposter uses a residual biometric in an attempt to impersonate the last user (e.g. latent fingerprint).

3: Capture/extraction. Imposter intercepts an authorized biometric sample, and inserts the authorized biometric sample (replay).

4: Extraction/comparison. Imposter intercepts extracted biometric features, and inserts these into the comparison subsystem.

5: Enrollment Extraction/Template storage Imposter intercepts an authorized biometric template.Unauthorized user is enrolled due to error or by replacement of an authorized user template

6: Template storage. Attacker modifies templates in storage.Imposter presents own biometric after manipulation of a template storage device.Imposter steals the biometric template of an authorized user from a storage device.

7: Template Retrieval. Imposter intercepts an authorized biometric template during transmission between Storage and Comparison subsystems.Imposter inserts own template directly into the comparison subsystem.

8: Administrator/Resource manager. A hostile unauthorized user may acquire administrator privileges Non-hostile administrator or hostile unauthorized user or imposter incorrectly modifies matching thresholds, incorrectly modifies user privileges, allows unauthorized access to template storage, allows unauthorized modification of audit trail, enrolls unauthorized user.Administrator fails to properly review and respond to audit trail anomalies.

9: User policy/management. Imposter authenticates as authorized user through collusion, coercion, password, backup system,

10: Policy management. Audit data collection inadequate to detect attacks, attacker modifies user identity.

11: Policy management/portal. Attacker bypasses biometric system by inserting appropriate “grant privileges” signal directly into portal.

Attacker disables system, and defeats backup system or alternative authentication method12: Portal. Attacker gains unauthorized access with the willing or unwilling aid of an authorized user

User gains access to unauthorized privileges after improper modification of privileges.13: Hardware components. Attacker tampers, modifies, bypasses, or deactivates one or more components, and exploits hardware “back-

door”, design flaw, environmental conditions, or failure mode. Attacker floods one or more components with noise (e.g. electromagnetic energy).Imposter intercepts or inserts authorized biometric templates to one or more hardware components.

14: Software/firmware components. Attacker tampers, modifies, bypasses, or deactivates one or more executables, and exploits software “back-door”, algorithm quirk, design flaw, or failure mode.A virus or other malicious software is introduced into the system.Imposter intercepts or inserts authorized biometric template to one or more software or firmware components.

15: Connections (including network). Attacker tampers, modifies, bypasses, or deactivates one or more connections between components.Imposter intercepts or inserts authorized biometric sample or template during transmission.

Treats to biometric Systems

Future case ?

• Who was behind a computer with finger-scan access control at a given time ?– Low False Acceptance Rate ?– Keyboard bug ?

Conditions for forensic identification

1) Model of the relevant properties

2) Method for determination of these properties

3) Variation between different persons

4) Should be stable in time

5) Decision rules for identification

(v. Koppen en Crombag: Oren, lippen en vingers, NJB 1, 2000)

Research and Development at NFI

•Face comparison with 3D-scanner. Development of a more objective model for comparison

•FearID: ear prints for identification

•Validation image processing of finger prints

•Iris scanner (and other systems) reversibility of stored template

Discussion

• Fraud with smart cards are well known• Possibilities of tampering with biometric

properties and unauthorized access should be investigated further

• Large image databases will give more statistical information. However first these databases should be filled in a standardized way.

Beeldonderzoek en Biometrie

Questions ?

Biometrische systemen misleiden

• Vinger afdruk - siliconen afgietsel

• Gezicht - foto of masker

• Iris - foto met gaatje

• Hand - latex model

• Spraak - digitale of analoge opname

• Toetsenbord aanslagen - opname

Eigenschappen biometrische systemen

• FTE, ‘failure to enroll’:– afgesleten vingerafdruk (metselaar), bril

• FRR, ‘false rejection rate’– kans op onterechte weigering (verkeerde uitsluiting)

• FAR, ‘false acceptance rate’– kans op onterechte toelating (verkeerde identificatie)

Forensische identificatie door het NFI

• DNA

• Vinger afdruk

• Handschrift

• Spraak opname

• Gezicht in een foto

• Oor (afdruk)

• Beweging, manier van lopen in video

Voorwaarden voor forensische identificatie

1) Beschrijvingsmodel van relevante kenmerken

2) Voldoende variatie in de kenmerken tussen personen

3) Kenmerken stabiel over tijd

4) Methode voor vaststelling van de kenmerken

5) Beslissingsregels voor identificatie(v. Koppen en Crombag: Oren, lippen en vingers, NJB 1,

2000)

Vergelijking van videobeelden

• Er zijn videobeelden van een onbekende

• Van een verdachte worden vergelijkingsopnames gemaakt

• onder dezelfde of vergelijkbare omstandigheden, voor dezelfde camera, op dezelfde plaats in dezelfde houding