Dedo de Goma

download Dedo de Goma

of 33

Transcript of Dedo de Goma

  • 8/10/2019 Dedo de Goma

    1/33

    I TU-T Workshop on Secur ity, Seoul

    I mportance of Open Discussion onAdversar ial Analyses for M obile Secur ity

    Technologies--- A Case Study for User I dentification ---

    14 M ay 2002

    Tsutomu M atsumoto Graduate School of Environment and I nformation Sciences

    Yokohama National University

    email: [email protected]

  • 8/10/2019 Dedo de Goma

    2/33

    M obile Security Technologies

    Security ArchitectureOperating Systems Security

    Software Tamper Resistance Mobile Code Security

    Physical Tamper ResistanceCommunications SecurityCryptographic Protocol User Identification

  • 8/10/2019 Dedo de Goma

    3/33

    Adversar ial Analysis

    Security assessment of biometr ic user identif icationsystems should be conducted not only for the accuracyof authentication, but also for security against fraud.

    I n this presentation we focus on F ingerpr int

    Systems which may become widespread forM obile Terminals.

    Can we make arti ficial f ingers that fool f ingerprint systems?

    Examine Adversar ial Analysis as A Third Par ty

    What are acceptance rates?

  • 8/10/2019 Dedo de Goma

    4/33

    F ingerprint Systems

    Typical structure of a fingerprint systemTypical structure of a fingerprint system

    Types of sensorsTypes of sensorsOptical sensors

    Capacitive sensorsThermal sensors, Ultrasound sensors, etc.

    Finger

    Finger Data

    Feature Extraction

    Finger Information Database

    Fingerprint System

    Enrollment

    Verification or Identification

    Recording

    Capturing

    Presenting

    Result

    Referring

    Comparison

    L ive and Well Detection

  • 8/10/2019 Dedo de Goma

    5/33

    A Risk Analysis for F ingerprint Systems

    Attackers may present 1) the registered f inger ,

    by an armed cr iminal, under duress, or with a sleepingdrug,

    2) an unregistered f inger (an imposter ' s f inger),i .e., non-effort forgery,

    3) a severed fingertip from the registered finger ,4) a genetic clone of the registered finger ,

    5) an artif icial clone of the registered f inger , and

    6) the others,

    such as a well-known method as a fault based attack.

  • 8/10/2019 Dedo de Goma

    6/33

    F raud with Artif icial F ingers

    Part of patterns of dishonest acts with artificial fingersagainst a fingerprint system.

    L(X): A Live Finger corresponding to Person XA(Y): An Artificial Finger corresponding to Person Y

    A(Z): An Artificial Finger corresponding to Nobody

  • 8/10/2019 Dedo de Goma

    7/33

    F raud with Ar tif icial F ingers I

    X

    L(X)

    X

    L(X)

    EnrollmentEnrollment

    A(X)sDistribution of A(X)sDistribution of A(X)s

    Y X

    Y obtains A(X).Y obtains A(X).

    A(X)

    X or Y

    AuthenticationAuthentication

    A(X)

  • 8/10/2019 Dedo de Goma

    8/33

    F raud with Ar tif icial F ingers II

    Y X

    X obtains A(Y).X obtains A(Y).

    A(Y)

    X

    A(Y)

    X

    A(Y)

    X enrolls A(Y).X enrolls A(Y).

    AuthenticationAuthentication

    A(Y)or L(Y)

    X or Y

    A(Y)sDistribution of A(Y)sDistribution of A(Y)s

  • 8/10/2019 Dedo de Goma

    9/33

    F raud with Ar tif icial F ingers III

    X Y

    Y makes A(X).Y makes A(X).

    A(X)

    L(X)X

    L(X)L(X)

    EnrollmentEnrollment

    X

    A(X)sDistribution of A(X)sDistribution of A(X)s

    Y

    AuthenticationAuthentication

    A(X)

  • 8/10/2019 Dedo de Goma

    10/33

    M apping a F ingerpr int onto Ar tif icial F ingers

    Finegerprint

    Impression

    Artificial Finger

    e.g., Molds, Residual Fingerprints, ...

    e.g., Live Fingers, Generators, ...

  • 8/10/2019 Dedo de Goma

    11/33

    Known Results

    Process 0

    (1) F inger (2) M old

    (3) Silicone Rubber F inger

  • 8/10/2019 Dedo de Goma

    12/33

    Fact

    Often AcceptsSilicone Rubber Fingers

    Finger

    L i gh

    t S o ur c

    e

    D e t e c t or

    Finger

    Array of Electrodes

    Usually RejectsSilicone Rubber Fingers

    Optical Sensor Optical Sensor Capacitive Sensor Capacitive Sensor

  • 8/10/2019 Dedo de Goma

    13/33

    Gummy F ingers

    Our ResultProcess 1 (1) F inger (2) Plastic M old (3) Gummy F inger

    Our ResultProcess 1 (1) F inger (2) Plastic M old (3) Gummy F inger

  • 8/10/2019 Dedo de Goma

    14/33

    Recipe 1-1 Making an Artificial Fingerdirectly froma Live Finger

    Solid gelatin sheetGELATINE LEAF by MARUHA CORP

    200JPY/30grams

    Free molding plasticFREEPLASTICby Daicel FineChem Ltd.

    350JPY/35grams

    MaterialsMaterials

  • 8/10/2019 Dedo de Goma

    15/33

    Recipe 1-2

    Put the plasticinto hot waterto soften it. Press a live finger

    against it.

    The moldIt takes around 10 minutes.

    How to make a moldHow to make a mold

    Making an Artificial Fingerdirectly froma Live Finger

  • 8/10/2019 Dedo de Goma

    16/33

    Recipe 1-3 Making an Artificial Fingerdirectly froma Live Finger

    Preparation of materialA liquid in which immersed gelatin at 50 wt.% .

    Preparation of material

    Add boiling water (30cc) to solid gelatin (30g) in abottle and mix up them.

    It takes around 20 minutes.

  • 8/10/2019 Dedo de Goma

    17/33

    Recipe 1-4 Making an Artificial Fingerdirectly froma Live Finger

    How to make a gummy fingerHow to make a gummy finger

    It takes around 10 minutes.

    Put it intoa refrigerator to cool.

    Pour the liquid

    into the mold.

    The gummy finger

    l h

  • 8/10/2019 Dedo de Goma

    18/33

    Similar ity with L ive F ingers

    The photomicrographs of fingersThe photomicrographs of fingers

    (a) Live Finger (b) Silicone Finger (c) Gummy Finger

    C dI

  • 8/10/2019 Dedo de Goma

    19/33

    Captured I mages

    Captured images with the device C (an optical sensor).Captured images with the device C (an optical sensor).

    (a) Live Finger (b) Silicone Finger (c) Gummy Finger

    Captured images with the device H (a capacitive sensor).Captured images with the device H (a capacitive sensor).

    (a) Live Finger (b) Gummy Finger

    E i t

  • 8/10/2019 Dedo de Goma

    20/33

    Experiments

    F ingerprint systems : 11 typesSubjects : five persons whose ages are from 20s to 40s

    We attempted one-to-one verification 100 times counting thenumber of times that it accepts a finger presented.

    Types of experiments

    Experiment Enrollment Verification

    Type 1 Live Finger Live Finger

    Type 2 Live Finger Gummy Finger Type 3 Gummy Finger Live Finger

    Type 4 Gummy Finger Gummy Finger

    Th L i t fF i g i tD i

  • 8/10/2019 Dedo de Goma

    21/33

    The L ist of F ingerpr int Devices H ardw are S pecifications So ftwa re Spe cific at ions Methods

    M anufacturer /Selling Agency P ro duc t N am e T ype

    ProductNumber Sensor

    Live and

    Wel lDetection

    M anufacturer /S elling Agency

    Product Name(Application)

    Compar isonLevels

    fo rVerification

    D evice A Compaq Comp uter Corporat ion

    Compaq S tand-AloneFingerprint IdentificationUnit

    D F R -200 E 0 38 11U S 00 1 OpticalSensor unknownComp aq Computer Corporat ion

    F in gerprint IdentificationT echnology Softw areversion 1.1

    1 through 3 Minut iaeMatch ing

    D evice BM I T S U B I S H IE L E C T R I CC O R P O R AT I O N

    Fingerprint R ec ognizer F PR -D T mkII 003 136 OpticalSensor unknownSumik in IzumiCom puter Service co.Ltd.

    S ecFP V 1.11 Fix ed Minut iaeMatch ing

    D evice C N E C C orp or a tion Fingerprint IdentificationUnit (Prism) N 7 95 0- 41 9 Y00 00 3OpticalSensor unk now n N E C C orp ora tion

    Basic Utilities for F in gerprint Identification Fixed

    Minut iae

    Match ing(Minut ia andRelat ion)

    D evice D OMRON Corpora t ion Fingerprint RecognitionSensor FP S-100 0 9 050 085 4OpticalSensor unk now n O M R O N C or por ation

    "Y U B I PA S S " U.are .UF in gerprint Ver ificationSof tware

    Fixed Minut iaeMatch ing

    D evice E Sony Corporat ion Sony F ingerprintIdentification U nit FIU -00 2-F11 0 07 09OpticalSensor

    Live Finger detection

    T S U B A SA S Y S T E MC O . , LT D .

    F in gerprint IdentificationU nit W indows 9 5Interact ive Demo Ver sion1.0 Bu ild 13

    1 through 5 Pat ternmatching

    D evice F FU J IT SU L IM IT E D Fingsensor FS-2 00U 00 A A 0 002 57 Capaci t iveSensor unknow n F U JIT S U L IM IT EDLogon for Fingsensor V1.0for W indows95/98 Fixed

    Minut iaeMatch ing(Correlat ion)

    D evice G N E C C orp or a tion Fingerprint IdentificationUnit (Seria l) P K-FP 002 03 005 29SCapaci t ive

    Sensor unk now n N E C C orp ora tionBasic Utilities for F in gerprint Identification Fixed

    Minut iaeMatch ing(Minut ia andRelat ion)

    D evice H Siemens A G (Infineon

    Technologies AG )

    FingerTIP

    E VA L U AT I O N K I T

    E VA L U AT I O N -

    KIT

    C 9 8 4 5 1 -D6100-A900-

    4

    Capaci t ive

    Sensor unknown Siemens AG (Infineon

    T echnologies AG)

    FingerTIP Sof twareD evelopment Ki t (SDK )

    V ersion: V0.90, B eta 3"Demo Program"

    Fixed Minu t i a

    matching

    D evice I Sony Corporat ion Sony F ingerprintIdentification Unit F IU -710 30 00 398Capaci t ive

    Sensor Live Finger

    detection Systemneeds Inc. Good-b ye " PAS S WORD" s 1 through 5 Pat ternmatching

    D evice J Secu gen Ey eD m ouse II S M B - 8 0 0 9650172004 O p t i c a lSensor unknown S e c u g e nSecu Desk top 1. 55 { 1 th rough 9

    Minut iamatch ing

    D evice K Ethentica ethent icat ior MS 3 000 PCCard M S 3 0 0 0 M 3 0 0 F 2 0 0 9 9 1O p t i c a lSensor unknown Ethentica

    S ec u r e S u i teRele as e1. 0 F i x e d

    Minut iamatch ing

    ExperimentalResults

  • 8/10/2019 Dedo de Goma

    22/33

    Experimental Results Making an Artificial Fingerdirectly froma Live Finger

    0

    20

    40

    60

    80

    100

    A B C D E F G H I J K Fingerprint Device

    T h e N u m

    b e r o f

    A c c e p

    t a n c e

    ( t i m e s

    / 1 0 0 a t e m p

    t s )

    L - L L - A A - L A - A

    GummyF ingers

  • 8/10/2019 Dedo de Goma

    23/33

    Gummy F ingers

    Our Result Process 2 (1) Residual F ingerprint (2) Digital I mage Data(3) Pr inted Circuit Boar(4) Gummy F inger

    Our Result Process 2 (1) Residual F ingerpr int (2) Digital I mage Data(3) Pr inted Circuit Board(4) Gummy F inger

    R i 2 1

  • 8/10/2019 Dedo de Goma

    24/33

    Recipe 2-1 Making an Artificial Finger from a Residual Fingerprint

    MaterialsMaterialsA photosensitivecoated Printed CircuitBoard (PCB)10K by Sanhayato Co., Ltd .

    Solid gelatin sheetGELATINE LEAF by MARUHA CORP

    200JPY/30grams

    320JPY/sheet

    Recipe2 2

  • 8/10/2019 Dedo de Goma

    25/33

    Recipe 2-2

    Digital M icroscope

    KEYENCE VH6300: 900k pixels

    I nkjet Printer

    Canon BJ-F800: 1200x600dpi

    Residual FingerprintEnhancing

    Capturing

    Fingerprint ImageImage Processing

    Transparent Film

    Mask

    PhotosensitiveCoated PCB

    CyanoacrylateAdhesive

    Adobe Photoshop 6.0

    Printing

    Exposing

    Developing

    Etching

    Mold

    UV l ight

    Recipe2-3

  • 8/10/2019 Dedo de Goma

    26/33

    Recipe 2-3

    A Mask with Fingerprint ImagesAn Enhanced Fingerprint A Fingerprint Image

    Recipe2-4

  • 8/10/2019 Dedo de Goma

    27/33

    Recipe 2 4

    Gelatin LiquidPut this mold intoa refrigerator to cool,and then peel carefully.

    40wt.%

    Drip the liquidonto the mold.

    TheM oldandtheGummyFinger

  • 8/10/2019 Dedo de Goma

    28/33

    The M old and the Gummy Finger

    Mold: 70JPY/piece(Ten molds can be obtainedin the PCB.)

    Gummy Finger: 50JPY/piece

    ResolutionofF ingerprintI mages

  • 8/10/2019 Dedo de Goma

    29/33

    Resolution of F ingerprint I mages Pores can be observed.

    Captured Fingerprint Image ofthe Gummy Finger

    with the device H (a capacitive sensor)Enhanced Fingerprint

    ExperimentalResults

  • 8/10/2019 Dedo de Goma

    30/33

    Experimental Results

    from Residual F ingerprints (for 1 subject)

    0

    20

    40

    60

    80

    100

    A B C D E F G H I J K Fingerprint Device

    T h e N

    u m b e r o

    f

    A c c e p

    t a n c e

    ( t i m e s

    / 1 0 0 a t e m p t s )

    L - L L - A A - L A - A

    Character istics of Gummy F ingers

  • 8/10/2019 Dedo de Goma

    31/33

    y g

    0

    100

    200

    300

    400

    500

    0 50 100 150

    Pressure Sensor Output (g)

    T a c

    t i l e S

    e n s o r

    O u t p t ( H

    z ) Gummy Finger Live Finger

    Moisture Electric Resistance

    Live Finger 16% 16 Mohms/cm

    Gummy Finger 23% 20 Mohms/cm

    Silicone Finger impossible to measure impossible to measure

    The compliance was also examined for live andgummy fingers.

    Conclusions

  • 8/10/2019 Dedo de Goma

    32/33

    Conclusions

    There can be various dishonest acts using ar tif icial f ingersagainst the f ingerprint systems.

    Gummy fingers, which are easy to make with cheep, easilyobtainable tools and mater ials, can be accepted by 11 types offingerprint systems.

    The experimental study on the gummy fingers will haveconsiderable impact on secur ity assessment of f ingerprintsystems.

    M anufacturers,vendors, and users of biometr ic systems shouldcarefully examine secur ity of their system against ar tif icialclones.

    H ow to treat such information should be an important i ssue.

    F orDetails

  • 8/10/2019 Dedo de Goma

    33/33

    F or Details

    Paper:T. M atsumoto, H . M atsumoto, K. Yamada, S. H oshino,I mpact of Ar tif icial Gummy F ingers on F ingerprintSystems Proceedings of SPI E Vol. #4677,Optical Secur ity and Counterfeit Deterrence Techniques I V.

    Send any comments [email protected]