ISSN 0974 22 39 Volume 4 Number 10 20 14 pp 947 958 ID: 476792
Download Pdf The PPT/PDF document "International Journal of Information & C..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
International Journal of Information & Computation Technology. ISSN 0974 - 22 39 Volume 4 , Number 10 (20 14 ), pp. 947 - 958 © International Research Publications House http://www. irphouse .com V ulnerabilities of Biometric Authentication Threats and Countermeasures Abdulmonam Omar Alaswad Faculty of Information Technology University of Tripoli Tripoli Libya Ahlal H. Montaser Faculty of Information Technology University of Tripoli Tripoli Libya Fawzia Elhashmi Mohamad Tripoli Faculty of Education University of Tripoli Tripoli Libya Abstract Bio m etric systems have a powerful potential to provide security for a variety of applications, systems are nowadays being introduced in many applications and have already been deployed to protect personal compute r s, Banking machines, cre d it cards, electronic transac t ions, airports, high security institutions like nuclear fac iliti e s, Military Bases and other applications like borders control, access control, sensitive data protection and on - line tracking systems. While bio m etrics may i m prove security in different envi r on m ents and serve m any purposes, bio m etric syste m s, like an y other s e curity syste m , have vulnerabilities and are susceptible to threats. they are susceptible to external vulnerabilities of biometric systems so that their weaknesses can be found and useful countermeasures against foreseeable attacks can be develope d The increasingly high profile use of biometrics for security purposes has provoked new interest in researching and exploring m ethods of attacking bio m etric syste m s. Keywords : Biometrics, Biometric Systems, Authentication, Verification, Vulnerabilities, a ttacks, Threats. 1. Introduction Biometrics technologies have been around for quite some time and many have been deployed for different applications all around the world, ranging from small companies' time and attendance systems to access control systems for nuclear 948 Abdulmonam Omar Alaswad et al facilities. Biometric s offer a reliable solution for the establishment of the distinctiveness of identity based on "who an individual is", rather than what he or she knows or carries. Biometric Systems automatically verify a person's identity based on his anatomical and behav ioral characteristics. Biometric traits represent a strong and undeviating link between a person and his identity, these traits cannot be easily lost or forgotten or faked, since biometric systems require the user to be present at the time of authenticati on. Some biometric systems are more reliable than others, yet they are neither secure nor accurate, all biometrics have their strengths and weaknesses. Although some of these systems have shown reliability and solidarity, work still has to be done to impro ve the quality of service they provide. In this work we present available standing biometric systems showing their strengths and weaknesses and also presenting emerging technologies in which may have great benefits for security applications in the near fut ure. Different biometric technologies are available in the market today that can be used for security. Biometric technologies vary in their capabilities, performance and complexity. They can be used to verify or establish a persons identity and they all share several elements. Biometric identification systems are essentially pattern recognition systems. They use acquisition scanning devices and cameras to capture images, or measurements of an individuals characteristics, and computer hardware and soft ware to extract, encode, store, and compare these characteristics. Usually this process is fully automated, which makes decision - making very fast, in most cases, taking only a few seconds. Depending on the application, biometric systems can be used in on e of two modes: verification or identification. Verification or also known as authentication is used to verify a persons identity to authenticate that people are who they claim to be. Identification is used to establish peoples identity to determine w ho the people are. Although biometric technologies measure different characteristics in different ways, all biometric systems begin with an enrollment process followed by a matching process which uses either verification or identification. It is essenti al to keep in mind that the efficiency of security systems cannot be accomplished by relying on technology alone. Technology and people must work together as part of an overall security process. Weaknesses in any of these areas weaken the effectiveness of the security process. Leading biometric technologies include facial recognition, fingerprint recognition, hand geometry, iris recognition, Retina recognition, and Signature recognition. 2. Attacks on Biometric In this section of the paper we discuss bio m etric devices and systems vulnerabilitie s . We can group attacks on bio m etric devices and syste m s into four categories: 2.1 Process i ng and T r a n smi s s i on L e vel Atta c ks Though input - level attacks are an obvious illustration of bio m etr i c system Vulnerabilities of Biometric Authentication Threats and Countermeasures 949 vulnerability, attacks at the processing and trans m ission level also deserve close attention. As m any bio m etric syste m s tran s m it sa m ple data to local or remote workstations for processing, it is also imperative t h at this trans m ission be s ecu re, le s t t h e trans m ission be intercepted, read, or altered. Most bio m etric syste m s encrypt data in t r ansit, b u t n o t all appli c ations and devices lend the m selves to encryption. Security techniques s u ch as encry p tion are often seen as deployer - specific aspects of system design. Deploy ers need to assess the degree to which sample data m i ght be exposed in transit or during storage, and they need to define applicable sy s t em security te c hniques and best practices. Taken as a whole; anti - spoofing m easu r es, encryption of data in tra n s m issio n, and applying appropriate fallback techniques are all critical a s pects of bi o m etric system security. These tech ni ques can be further enhanced through the introduction of m u l ti - factor authentication and rando m ization. Multi - f act o r authentic a tion can take two pri m ary fo r m s: the u se of m ultiple bio m etrics or the use of bio m etrics in conjunction with s m art cards and PINs. Both m ethods reduce the likelihood of an i m poster being authenticated. Spoofing also beco m es m o re ti m e consu m ing and challenging when m u lti p le body phy s iological o r behavioral cha r acteristics need to be copied and i m itated. I m postors for whom a bio m etric m atches an enroll e d user are unlikely also to m atch with respect to a secondary bio m etric. Adding rando m ization to t h e equation also adds security. Verification data, for exa m ple, could be rando m ized, such as asking for three fingerpr i nts one day and a different co m bination of two fingerprints the next day. Additionally, where ti m e provides, designers of bio m etric technologies and syste m s should explore random or cued challenges. That is, even if a person corr e ctly authenti c ates o nce, the sy st em m i ght still ch a llen g e the user to r e - aut h entic a t e to h e lp incr e ase its con f idence that the b i omet r i c data s u b m itted is g enuine. Cued challenges c ould also be paired with ce r tain behaviors causing alarm such as an uncommon stillness, lack of m ov e ment, or change during the a c quisition of bio m etric data. Technologies can still bear further develop m e n t and enhance m ent for monitoring and sensing m i cro - m ove m ent. Or p e rhaps aggressive chall e nges could be utilized in conjunction with m easure m ents of int e lli g ent respo n se ti m e. For exa m ple, voice ve r i f i cation bio m etric syste m s could m easure the ti m e it takes for a prospective entrant to read back a rando m l y generated pass phrase in or der to try to fight playback attacks pieced together from various recor d in g s. If the response ti m e exceeds a m i n i m u m threshold o r v aries sig n ificantly from an avera g e ti m e captured over a series of sa m ple sub m issions at enroll m ent, the bio m etric system could issue a challenge and require recitation of a new pass phrase. Finally, in conjunction with m ulti - factor authe n tication and rando m ization, vendors and researchers should explore taking a dvantage of internal or subcu t aneous characteristics. By focusing on bio m etric a s pects that are difficult to observe, capture, and duplicate covertly, security can thus be enhanced. However, regardless of how well one tries to s ec u re a bio m etric syste m , failures will i n evita b l y occur. It is therefore critical t h at attention not only be paid to preventing breaches, but also to handling b reaches t h at h ave occurred. A recently - publicized 950 Abdulmonam Omar Alaswad et al techniq u e to m itigate t h e i m pact of certain sy s t em breaches is the conce p t of cancela b le bio m etrics. Cancelable bi o m etrics solution uses algorith m s to distort an i m age proff e red and records the disto r tion into its gener a ted te m plates. The original i m age is never st o red anywhere. The idea is that if a t h ief ste a ls the te m plate with the distortion on it, that particular distortion can be eli m inated from the list of acces s - approved users, and the legiti m ate user can resub m it their ori g inal bio m etric d ata to generate a new distorted te m plate. As long as the algorith m s that generate the distortions are caref ully protected and ideally varied from company to company or even system to syste m , this solution m ay be highly conducive to contain m ent and res o lution of a breach. The solution, however, is not foolproof. If the original i m age is ca p tured, it co u l d the o r etically be re - enrolled to generate a new, distorted te m p late. 2.2 I n p u t L evel Attacks The pri m ary input - level attacks, vulnerabilities at the point of sa m ple acquisition and initial processing, are spoofing and bypassing. While spoofing is the most frequently - cited input - level vulnerabi l ity, other input - level vulnerabilities m ay be just as proble m atic, such as overloading. Overloading is an atte m pt to defeat or circu m vent a system by da m aging the input device or overwhel m ing it in the atte m pt to generate errors. This is also so m eti m es c a lled a buffer overflow attack for other security m echani s m s . An ex a m ple of this type of at t ack f or a bio m etric system would be the rapid flashing of bright lights against optical fingerprint sen s ors o r facial re cog n ition capture devices can disru p t their pro p er f unctio n i ng. Silicon s en s ors can be easily d a m aged by short circ u i ting them or dousing them with water. Because m a ny bio m etric syste m s rely on sensiti v e equip m ent that can be overloa d ed relatively easily, users m ay have opportunities to induce d e vice or system failure. Syste m s m ust be designed such that, if overwhel m e d, basic functions m ust not fail. And when bio m etric devices can no longer serve their intended function, fallback pro cesses m ust be defined and en f orced. A person who causes a bio m etric system to fail m a y be doing so knowing that, as a consequence, an unguarded door m ay be used as a te m porary alternative m eans of entry. Security syste m s m ust account for the potential fun ctional failure of bio m etric syste m s and devices by m eans of adequate backup m easures. 2.3 Back - end Attacks The previous two sections have described input level and trans m ission level attacks. Ensuring integrity and protecting back - end subsyste m s is important in distributed b i o m etric sy s t e m s. Assu m i ng that the back - end consists of a m atching subsyste m , or a decision subsyste m , or a co m bination of both attacks on t h e back - end will m ainly be tar g eted at m odifying the m atching or decision subsystem or co m pro m i sin g inte g rity of stored t e mplates. Attacking t h e te m plate storage d a tab a se is t h e m o st apparent type of b ack - end attack. The threat of unauthorized m odification o r re pl ace m ent of stored te m plates can res u lt in false accepts or false rejects depending on the m otives of the attacker. If an attacker can find a way of injecting te m plates directly i n to t h e stora g e database t h en the Vulnerabilities of Biometric Authentication Threats and Countermeasures 951 attacker could introd u ce hi m / her into the system without following the appropria te enroll m ent procedures. The attacker could also hijack the ide n tity of an authorized indi v i d u al by re p l a c ing the o r igi n al te m plate with th e i r ow n te m plate, t h ereby still p r eserving p rivileg e s lin ke d to the a u t h orized indi vi dual. If a t e mplate is co m pro m i s e d, it could be reused in a replay attack. Although circu m venting replay attacks addressed is addressed in the previous section, compro m i se of stored te m p lates is one of the m ost i m portant threats that should be considered when designing a distributed bi o m etric syste m . These kinds of attacks can be prevented by using encryption and data i n t e grity (has h i n g) m ethodologies. Applying common d a tabase security m ethodologies can also increase the level of di ff i culty f or the a tt a ck e r. An attacker could m odify or replace the m atching subsystem or the deci s i ons subsy s tem so that it gives an output as desired by the attacker. This is a serious threat in a networked environ m ent. The inte g rity of the sample is n o t r e levant in such an attack, and the a u t h enti c ation pr ocess can be co m promised without attacking the input subsystem or trans m ission process. This kind of an attack can be circu m vented by applying security m ethodologies like check i ng code integrity, and principles of building trusted syste m s . A deni al of service (DOS) attack targeted at t h e back - end subsyste m s is also a very realistic threat. Overloading the processing units of the b a ck - end subsystem with excess traffic could lead to unavailability of services. DOS attacks have received a lot of atte ntion in m edia over the last few years and it should be considered a very real threat to bio m etric aut h entication syste m s also. Traffic analysis and traffic m onitoring are co m m only used m ethods to thwart DOS attacks. Along with technical threa t s, there ar e also policy related c h allenges that should be considered. Collusion b e tween a m alicious a ttac k er and e n roll m ent center could allow the attacker to enr o ll in the system using a stolen or a false identi t y. Although this threat is not focused only on the ba ck - end subsyste m s, a properly formulated policy involving the front - end and back - end subsyste m s should m ake such attacks harder to perpetrate. 2.4 Enroll m ent Attacks The practical use of biometrics for E - Authentication is binding to ones identity. Although the concept of an Identity Manage m ent S y stem lies outside the scope of this docu m ent, from a biometric enroll m ent standpoint because of the essential binding r e quire m ent, the identity proofing process is a critical rel a ted f unction. Trust in this proc e ss of vetting a persons clai m ed identity, co nf idence in t h e vali d ity of associ a t ed d ocu m ents, and reliability in the a u t h enti c ity of issued electronic credentials tak e n together provide the very und e rpinning of bio m etric based E - Authentication. Exa m p l es of threats to ide n tity p r oofing include: 1. Use of forged documents to verify a claimed identity. 2. Collusion with corrupt personnel having system access and. 3. Electronic attacks to impersonate legitimate system users and thereby 952 Abdulmonam Omar Alaswad et al gain electronic access to the I D application, proofing process and issuance system. The following Countermeasures can be taken against these Identity Proofing threats: 1. Enforced separation of roles and duties of those involved in the processing, approval 2. and credential issuance process. 3. Close inspection of documents for forgery or tampering and use of third party 4. substantiation; for example, use of written inquiries. 5. Electronic system security protection strong access controls, data encryption, 6. firewalls etc. 7. Strong issuance controls which confirm the user at time of credential issuance and 8. which preclude manual modifications to personalization data. Vulnerabilities during enrollment of a persons biometrics such as fingerprints, iris and facial features incl ude: 1. Enrollment of a persons valid biometric(s) with a created or substituted identity. In this scenario, a person uses/enrolls their own biometrics under a false or assumed identity which subsequently allows that person to gain unauthorized access to and conduct eCommerce transactions and other logical and/or physical assets such as computers, networks, databases, applications and facilities. 2. Enrollment of substituted or swapped biometrics (not their own) along with a valid identity which subsequently can be used by a third party to masquerade and gain access to eCommerce systems and/or other logical or physical assets. 3. Enrollment of substituted or false biometrics (e.g. a gummy bear fingerprint) with a false or assumed identity which can later be use d to gain access to eCommerce systems and/or other logical or physical assets. 4. Enrollee collusion with the enrollment operator. In this scenario, any of the above can be facilitated, as well as, unauthorized entry of or modifications to system data records or input thereto. 5. External based attacks against the Enrollment Station and/or other system components it communicates with. Examples include spoofing, sniffed transmissions, Man - in - the - Middle, and Replay. The following Countermeasures can be taken aga inst these threats during Enrollment of Biometrics: 1. Observed enrollment of biometrics instead of un - observed self enrollment. 2. Identity check/confirmation of the applicant enrollee at time of enrollment. Vulnerabilities of Biometric Authentication Threats and Countermeasures 953 3. Remote system and enrollment station network protection and access controls, secure point - to - point encrypted communications channel(s). 4. Enrollment Station device level firewall, and detection systems of unauthorized 5. modifications to all relevant data records and electronic file systems. Figure 1: Attack points on a biometric system 3. Vulnerable points of biometric systems, Threats and Countermeasures. Points of possible attacks are identified and shown in Figure 1, they fall into 4 categories as we have discussed earlier, countermeasures are desc ribed below according to the specified categories ï Attacks during processing/interaction [Attack points 1, 3, 5, 9, 11], Location Threats Countermeasures 1 Data Coll e ction Spoofing Liveness detection Challenge/response Use of un - trusted device (Device su b stit u tio n ) Mutually a uthenticate/u s e symmetric key or asym m etric key Overloading/Flooding (Denial of Servi c e) Rugged devices 3 Signal Processing Insertion of i m poster data Use strong tested algorith m s 954 Abdulmonam Omar Alaswad et al Co m ponent replace m ent Signed components 5 Matching Insertion of i m poster data Use strong tested bio m etric algorith m s Co m ponent replace m ent Signed components Guessing (FAR attack) Use strong tested bio m etric algorith m s 1:1 m atching Multi - bio m etric/ m ulti - factor Manipulation of m atch scores Debugger hostile environ m ent Hill - cli m bing Coarse scoring Trusted sensor (Mutual authentication) Secure cha n nel 9 Decision Hill c li m bing att a ck Coarse scores Mutual Authenti c ation Secure cha n nel Manipulation of threshold setting Protected function (access control) Data protection Manipulation of m atch decision Debugger hostile environ m ent Co m ponent replace m ent (yes m achine) Sign co m ponents 11 Application (verifier) Malicious code Confo r m to standards (BioAPI, CBEFF) Code signing ï Attacks on the biometric data when it is at rest (in memory or in storage) [Attack points 1, 3, 5, 9, 11 above + 7 below]. 7 Storage Database compro m i se (rea d ing te m plate, repl a cing t e mplate( s ), changing bindings) Hardened s e rver DB access controls Sign te m plates, Store encrypted t e mplates Store te m plate on s m art cards or other device. Vulnerabilities of Biometric Authentication Threats and Countermeasures 955 ï Attacks between stages (when the biometric data is in transmission) [Attack points 2, 4, 6, 8, 10]. Location Threats Countermeasures 2 Raw data trans m ission Eavesdropping attack Trans m it data over encrypted p ath/ s ecure channel Replay attack Mutually a uthenticate/u s e symmetric key or Asym m etric key Digit a lly s i g n data Utilize Ti m esta m p/Ti m e to Live (TTL) tag Man in t h e m i ddle atta c k Bind bio m etric to PKI certificate Trans m it data over encrypted p ath/ s ecure channel Brute force attack Ti m e out/lock out policies 4 Processed data trans m ission Eavesdropping attack Trans m it data over encrypted p ath/ s ecure channel Replay attack Mutually a uthenticate/u s e symmetric key or asym m etric key Digit a lly s i g n data Utilize Ti m esta m p/Ti m e to Live (TTL) tag Man in t h e m i ddle atta c k Bind bio m etric to PKI certificate Trans m it data over encrypted p ath/ s ecure channel Brute force attack Ti m e out/lock out policies 6 Te m plate ret r ieval Eavesdropping attack Trans m it data over encrypted p ath/ s ecure channel Replay attack Mutually a u thenticate/u s e symmetric key or asym m etric key Digit a lly s i g n data Utilize Ti m esta m p/Ti m e to Live (TTL) tag Man in t h e m i ddle atta c k Bind bio m etric to PKI certificate Trans m it data over encrypted p ath/ s ecure channel 8 Matching score trans m ission Hill c li m bing att a ck Coarse scores Trusted sensor (Mutual authentication) Secure cha n nel 956 Abdulmonam Omar Alaswad et al Manipulation of m atch score Secure cha n nel Mutual aut h enti c ation between m atcher and decision components Co m ponent replace m ent (yes m achine) Sign co m ponents 10 Com m unication to appli c ation Eavesdropping attack Trans m it data over encrypted p ath/ s ecure channel Manipulation of m atch decision Trans m it data over encrypted p ath/ s ecure channel 4. Conclusions Biometrics offers a valuable approach to extending current security technologies that make it far harder for fraud to take place by preventing ready impersonation of the authorized user. In using biometrics we must be aware of the fact that they are not m easuring perfectly, and that many operational factors may cause them to fail. In such cases administrative procedures to resolve operational failures may need to be put in place to prevent adverse customer reaction, bad publicity and failures in public acc eptability. Whilst these failures may not represent a significant proportion of transactions they will have a publicity effect that is far more damaging to all the success gained by the service. References [1] K. Jain, K. Nandakumar, and A. Nagar, Biome tric template security, EUR - ASIP, vol. 8, no. 2, pp. 1 17, 2008. [2] Jain, A.K., Ross, A., Pankanti, S.: Biometrics: a tool for information security. IEEE Trans. on Information Forensics and Security 1, 125 143 (2006) [3] D. Maltoni, D. Maio, A. K. Jain, and S. Prabhakar, Handbook of Fingerprint Recognition. Springer - Verlag, 2003. [4] U. Uludag and A. K. Jain, Attacks on biometric systems: a case study in finger - prints, in Proc. SPIE, Security, Seganography and Watermarking of Multimedia Contents VI, vol. 5306, pp . 622 633, (San Jose, CA),January 2004. [5] Hao, F., R. Anderson, and J. Daugman, Combining cryptography with biometrics effectively. [6] IBG, Vulnerabilities of Biometric Technologies - Transcript of September Teleconference. 2005. Vulnerabilities of Biometric Authentication Threats and Countermeasures 957 [7] Clarkson University Engineer O utwits High - Tech Fingerprint Fraud. 2005 [cited;Available from: http://www.yubanet.com/cgi - bin/artman/exec/view.cgi/8/2878 . [8] Electronic Fingerprint Transmission Specification. 2005, Federal Bureau of Investigation. [9] Maltoni D , Maio D , Jain A K, et al. Handbook of Fingerprint Recognition[M]. NY: Springer, 2003. [10] Prabhakar S, Pankanti S, Jain A K. , Biometric recognition: security and privacy concerns[J] IEEE Security and Privacy Magazine, 2003, 1(2): 33 - 42. [11] Introduction to biometrics[EB/OL]. http://www.biometrics.org/html/introduction.html. [12] Biometric technology: an assessment of practical application[EB/OL]. 2002, http://www.rcmp - grc.gc.ca/t sb/pubs/it_sec/r2 - 001_e.pdf [13] Liu Simon, Mark Silverman. A practical guide to biometric security technology[J]. IT Professional, 2001, 3(1):27 - 3 958 Abdulmonam Omar Alaswad et al