Biometrics and its hacking

Biometrics and its Hacking

Neel Parikh3rd year CP110110107020

Subtopics

• Introduction to the term Biometrics• How it is connected to Computers..??• Parameters • How it works..??• Applications• Future of this field• Conclusion

‘Biometrics’

BIO + M ETROS

BIOMETRICS

Relation between BIOMETRICS and COMPUTERS

• Authentication • Make the work easier, faster• Managing accounts and users with ease

Types based on characteristics1. Physiological characteristics : Finger-Print Face recognition DNA Palm Print hand geometry Iris recognition odour/scent2. Behavioural characteristics : Typing rhythm Gait Voice

Parameters A.K. Bolle, R. Pankanti eds. (1999). Biometrics:

Personal Identification in Networked Society. Kluwer Academic Publications

• Universality• Uniqueness• Permanence• Measurability• Performance• Acceptability• Circumvention

How Templates are Generated???

Applications

• Industries, Offices• Schools, Colleges, Classes• Smart cards, Passports, License • Residential security (Door locks etc.)• Gun safe• Cell phones

Attendance systems

Security purpose

Future

Value Chain Market Sizing 2013-2017 ($m USD X 10000)

2013 2014 2015 2016 20170

1

2

3

4

5

6

Biometrics Core Tech-nologyTechnical Integrated so-lutionApplication/point solution

•Apple takes a Giant Leap in Future “Biometrics”

•Intel's McAfee brings biometric authentication to cloud storage

Companies in race for Biometrics

Conclusion

Biometrics is the safest and easiest way for authentication and security. It has its advantages as well as disadvantages but finally it’s the newest and smartest solution to security problems…

Questions???

Biometrics and its Hacking

Neel Parikh3rd year CP110110107020

Summary

• Introduction to the term Biometrics• How it is connected to Computers..??• Parameters • How it works..??• Applications• Future of this field• Conclusion

Subtopics

• Brief introduction• Major contributor• Methods: 1) On basic level 2) On professional level• Major Issues• Conclusion

The 6th Day

•Science Fiction Action Thriller Movie•Directed by Roger Spottiswoode •Starring Arnold Schwarzenegger

iPhone 5S fingerprint sensor hacked by Germany's Chaos Computer Club

Chaos Computer Club (CCC)

Europe's largest association of hackers.

Major Contributor

• Prof. Tsutomu Matsumoto • “gummy finger” concept:

1)Direct experiment2)Professional level

Required Material

Freeplastic used for finger print moldGelatin sheet used for gummyfinger

Creation of fingerprint mold

Creation of gummy finger

Professional Level

Creation of gummy finger from latent fingerprint mold

Hacking from the another point of view

• In another test of biometric security, an Australian National University student was able to hack through the device using the information stored within the system itself.

• Chris Hill worked on discovering the way the system stored the template information and then created images that had enough similar “features” of the desired fingerprint to trick the device.

• He said, “Really all I had to do was crack the code of the template, so the images I created that were accepted by the security system did not even look like thumbprints they just displayed the characteristics required by the computer program.”

Major Issues

• Other issues needing discussion are: What happens when the part of the body getting validated is somehow damaged, such as a finger getting badly burned or deeply cut Or if someone does manage to create a fake fingerprint from your finger, how is that issue resolved, since a finger can’t be easily changed like a password can?

CONCLUSION

Biometric devices have flaws, but so does every other security hardware and software solution. Biometric security measures offer such a strong level of security, that they cannot be thrown out or ignored simply because a few flaws have been discovered. They need to be incorporated into an organization’s already strong defence in depth. Biometrics, especially in conjunction with passwords or passcards, offers the level of security that we need at this stage in the development of information security…