Forensic Use of Biometric Access Devices Zeno Geradts PhD, Jurrien Bijhold PhD, Arnout Ruifrok PhD...
-
Upload
gordon-kelley -
Category
Documents
-
view
214 -
download
1
Transcript of Forensic Use of Biometric Access Devices Zeno Geradts PhD, Jurrien Bijhold PhD, Arnout Ruifrok PhD...
Forensic Use of Biometric Access Devices
Zeno Geradts PhD, Jurrien Bijhold PhD, Arnout Ruifrok
PhD
Netherlands Forensic Institute
Digital Evidence section
Outline
• Definition Biometrics
• Biometrics within the NFI
• Biometric Access Systems
• Tampering with these systems
• Research and Development
• Discussion on forensic evidence
Biometrics
• Biometrics is the automatic identification or recognition of people based on behavioral or physiological characteristics.
• Definition from International Biometric Group in New York
Biometrics
• More invested in airport security and other security systems
• Other codes, like pin codes and passwords are sometimes difficult to remember, and often not difficult to obtain by third parties
• Since others can use them also it does not “identify” the person
Biometrics at Digital Evidence section• Length measurements• Face comparison• Morphometric comparison with 3D models• Pattern Recognition from Forensic
Databases• FearID project • Biometric Systems
Biometric Properties
• Face, Weight• Fingerprint• Iris, Retina • Hand shape, blood vessel patterns• Ear shape• DNA• Odor• Voice, gait, movement, entering passwords in computers• Handwriting• Many others
Examples
• Irisscan Schiphol
• Face recognition in
airports
Biometric System
(Common Methodology for Information Technology Security Evaluation, The Biometric Evaluation Methodology Working Group, 2002)
Properties Biometric System
• FRR, ‘false rejection rate’
• FAR, ‘false acceptance rate’
• FER, ‘Failure to enroll’
Public applications
Low security,Large numbers
High security applications
Performance
Face recognition - eigenfaces
• http://www.geop.ubc.ca/~kaplan/eigenfaces.html
= a + b + c +…..
= d + e + f +…..
Obscure ways of biometrics
• Ear channel
Gait
FearID: earprints as evidence ?
At Newark airport, an average of 70,000 passengers pass through daily. If all of these used biometric-authenticated smart cards for identification, there would be 140 falsely rejected (and inconvenienced) passengers per day for fingerprints, and 10,500 for face or voice.
Lawrence O’Gorman, “Seven Issues with Human Authentication Technologies”, AutoID 2002
“State-of-the-art” Error Rates“State-of-the-art” Error Rates
2-5%10-20%Text Independent
NIST[2000]
Voice
0.1-20%10-20%11-13 mo. Spaced
FRVT[2000]
Face
0.2%0.2%(Best EER)
20 years (average age)
FVC[2002]
Fingerprint
False Accept Rate
False Reject Rate
Test Parameter
Test
Anil K. Jain Dept. of Computer Science and Engineering Michigan State University http://biometrics.cse.msu.edu
Forging biometrics
• Finger Print - silicon cast
• Hand Palm - latex model
• Voice - digital or analog recording
• Face - photograph or mask on face
• Keyboard strokes - recording
• Iris – photograph of iris
Life detection
• Patent information :
• Hart beat• Blood pressure• 3D-shape• Example influence pupil – light• Resistance
1: User. Authorized user provides own biometric sample, unknowingly, unwillingly or willingly (collusion), to imposter.
2: User/capture. Authorized user tries to enroll a weak biometric template.Imposter presents own biometric sample in an attempt to impersonate an authorized user.Imposter modifies own biometric in an attempt to impersonate.Imposter presents an artificial biometric sample.Imposter uses a residual biometric in an attempt to impersonate the last user (e.g. latent fingerprint).
3: Capture/extraction. Imposter intercepts an authorized biometric sample, and inserts the authorized biometric sample (replay).
4: Extraction/comparison. Imposter intercepts extracted biometric features, and inserts these into the comparison subsystem.
5: Enrollment Extraction/Template storage Imposter intercepts an authorized biometric template.Unauthorized user is enrolled due to error or by replacement of an authorized user template
6: Template storage. Attacker modifies templates in storage.Imposter presents own biometric after manipulation of a template storage device.Imposter steals the biometric template of an authorized user from a storage device.
7: Template Retrieval. Imposter intercepts an authorized biometric template during transmission between Storage and Comparison subsystems.Imposter inserts own template directly into the comparison subsystem.
8: Administrator/Resource manager. A hostile unauthorized user may acquire administrator privileges Non-hostile administrator or hostile unauthorized user or imposter incorrectly modifies matching thresholds, incorrectly modifies user privileges, allows unauthorized access to template storage, allows unauthorized modification of audit trail, enrolls unauthorized user.Administrator fails to properly review and respond to audit trail anomalies.
9: User policy/management. Imposter authenticates as authorized user through collusion, coercion, password, backup system,
10: Policy management. Audit data collection inadequate to detect attacks, attacker modifies user identity.
11: Policy management/portal. Attacker bypasses biometric system by inserting appropriate “grant privileges” signal directly into portal.
Attacker disables system, and defeats backup system or alternative authentication method12: Portal. Attacker gains unauthorized access with the willing or unwilling aid of an authorized user
User gains access to unauthorized privileges after improper modification of privileges.13: Hardware components. Attacker tampers, modifies, bypasses, or deactivates one or more components, and exploits hardware “back-
door”, design flaw, environmental conditions, or failure mode. Attacker floods one or more components with noise (e.g. electromagnetic energy).Imposter intercepts or inserts authorized biometric templates to one or more hardware components.
14: Software/firmware components. Attacker tampers, modifies, bypasses, or deactivates one or more executables, and exploits software “back-door”, algorithm quirk, design flaw, or failure mode.A virus or other malicious software is introduced into the system.Imposter intercepts or inserts authorized biometric template to one or more software or firmware components.
15: Connections (including network). Attacker tampers, modifies, bypasses, or deactivates one or more connections between components.Imposter intercepts or inserts authorized biometric sample or template during transmission.
Treats to biometric Systems
Future case ?
• Who was behind a computer with finger-scan access control at a given time ?– Low False Acceptance Rate ?– Keyboard bug ?
Conditions for forensic identification
1) Model of the relevant properties
2) Method for determination of these properties
3) Variation between different persons
4) Should be stable in time
5) Decision rules for identification
(v. Koppen en Crombag: Oren, lippen en vingers, NJB 1, 2000)
Research and Development at NFI
•Face comparison with 3D-scanner. Development of a more objective model for comparison
•FearID: ear prints for identification
•Validation image processing of finger prints
•Iris scanner (and other systems) reversibility of stored template
Discussion
• Fraud with smart cards are well known• Possibilities of tampering with biometric
properties and unauthorized access should be investigated further
• Large image databases will give more statistical information. However first these databases should be filled in a standardized way.
Beeldonderzoek en Biometrie
Questions ?
Biometrische systemen misleiden
• Vinger afdruk - siliconen afgietsel
• Gezicht - foto of masker
• Iris - foto met gaatje
• Hand - latex model
• Spraak - digitale of analoge opname
• Toetsenbord aanslagen - opname
Eigenschappen biometrische systemen
• FTE, ‘failure to enroll’:– afgesleten vingerafdruk (metselaar), bril
• FRR, ‘false rejection rate’– kans op onterechte weigering (verkeerde uitsluiting)
• FAR, ‘false acceptance rate’– kans op onterechte toelating (verkeerde identificatie)
Forensische identificatie door het NFI
• DNA
• Vinger afdruk
• Handschrift
• Spraak opname
• Gezicht in een foto
• Oor (afdruk)
• Beweging, manier van lopen in video
Voorwaarden voor forensische identificatie
1) Beschrijvingsmodel van relevante kenmerken
2) Voldoende variatie in de kenmerken tussen personen
3) Kenmerken stabiel over tijd
4) Methode voor vaststelling van de kenmerken
5) Beslissingsregels voor identificatie(v. Koppen en Crombag: Oren, lippen en vingers, NJB 1,
2000)
Vergelijking van videobeelden
• Er zijn videobeelden van een onbekende
• Van een verdachte worden vergelijkingsopnames gemaakt
• onder dezelfde of vergelijkbare omstandigheden, voor dezelfde camera, op dezelfde plaats in dezelfde houding