Brent Kennedy Agenda Overview Security Issues Usability Issues Bring it all together Discussion What is a fingerprint Sequence of ridges and valleys No two fingerprints can be exactly the same ID: 283815
Download Presentation The PPT/PDF document "Biometrics – Fingerprints" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Biometrics – Fingerprints
Brent Kennedy Slide2
Agenda
Overview
Security Issues
Usability Issues
Bring it all
together
DiscussionSlide3
What is a fingerprint?
Sequence of ridges and valleys
No two fingerprints can be exactly the same
Even two imprints from the same finger are different
Reliable and efficient biometric
Still are consScanners work by imaging the print and using an algorithm to compare images
http://denis.biometric-fingerprint.com/?cat=7
http://en.wikipedia.org/wiki/FingerprintSlide4
Security Issues
Storage
How are the fingerprints stored?
Who can access them?
Privacy
Can fingerprints lead to more information?DeviceIs it susceptible to over the shoulder peeks?
Does it leave a trace?
Can it be spoofed?Slide5
>Slide6
Fingerprint Spoofing
Small experiment done at W&J College
January 2006
Aimed to spoof fingerprints using common household items
Total Cost: $12.82
Cast:
Play-
Doh
Gummy bears
Model Magic
Silly Putty
Modeling clay
Tac
N’ StikMold:Paraffin wax
http://www.washjeff.edu/users/ahollandminkley/Biometric/index.htmlSlide7
Fingerprint Spoofing (Cont.)
Devices
Microsoft Fingerprint Reader
APC Biometric Security deviceSlide8
Fingerprint Spoofing (Cont.)
What failed…
One-step method of taking a print directly from the source (no cast)
Gummy bears: Myth busted!
Wouldn’t even hold a fingerprint
Tac N’ Stik worked too well
Picked up old prints from the scanner
Silly putty stuck to the device
Play-
Doh
was too soft to withstand pressureSlide9
Fingerprint Spoofing (Cont.)
Success!
Very soft piece of wax flattened against hard surface
Press the finger to be molded for 5 minutes
Transfer wax to freezer for 10-15 minutes
Firmly press modeling material into castPress against the fingerprint readerReplicated several timesSlide10
Fingerprint Spoofing (Cont.)Slide11
Fingerprint Spoofing (Cont.)
Modified approach on the APC device
Requires less pressure so Play-
Doh
can be used
Form the Play-Doh around the scanner surfaceThen place the flat surface in the cast
More patience required to get authorized
After time, the mold becomes too soft to useSlide12
Fingerprint Spoofing (Cont.)
Caveats
Molding material becomes firm and brittle quickly
Hard to make a cast ahead of time
Very high quality mold is required
Attacker may need more advanced materialsAll molds were of the thumbSmaller prints may cause additional problemsSlide13
Usability Issues
The main usability factors for fingerprints:
Scanner height/angle
Training conditions
Age
HabituationSupervisionSlide14
Usability Issues (Cont.)
Height/Angle
Efficiency (time) not significantly affected by height or angle
Quality significantly affected by height but not angle
Still hard to determine optimal height
Overall satisfaction affected by height, angle, and user height
http://zing.ncsl.nist.gov/biousa/docs/NISTIR-7504%20height%20angle.pdfSlide15
Usability Issues (Cont.)
Age
18-25 age range gave consistent good prints
Prints get worse as age increases
Men overall better than women
HabituationNo trend to print quality over timeUsers didn’t know how to fix bad prints
http://zing.ncsl.nist.gov/biousa/docs/WP302_Theofanos.pdfSlide16
Usability Issues (Cont.)
Training/Supervision
Poster had worst success rate: 56%
Verbal vs. video instruction had equal success
Assistance significantly increased success rate
78% without assistance98% with assistance
http://zing.ncsl.nist.gov/biousa/docs/NISTIR-7403-Ten-Print-Study-03052007.pdfSlide17
Bringing it all together…
Can better usability solve the spoofing problem?
It can help
Smaller scanning area
Slap vs. roll
Better algorithms with better feedbackSlide18
Questions?