Vulnerabilities of fingerprint reader to fake fingerprints attacks

Espinoza, Marcela; Champod, Christophe; Margot, Pierre

doi:10.1016/j.forsciint.2010.05.002

Cited by 40 publications

(32 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…There are ample examples of spoofing biometric characteristics. Many authors [47][48][49][50][51] demonstrated how artificial fingerprints, molded after a latent user fingerprint or a template, can be used to bypass fingerprint authentication systems. The same can be said by iris authentication system which are also susceptible to spoofing [52].…”

Section: Experiments and Resultsmentioning

confidence: 99%

User-Centric Key Entropy: Study of Biometric Key Derivation Subject to Spoofing Attacks

Dinca

Hancke

2017

Entropy

View full text Add to dashboard Cite

Biometric data can be used as input for PKI key pair generation. The concept of not saving the private key is very appealing, but the implementation of such a system shouldn't be rushed because it might prove less secure then current PKI infrastructure. One biometric characteristic can be easily spoofed, so it was believed that multi-modal biometrics would offer more security, because spoofing two or more biometrics would be very hard. This notion, of increased security of multi-modal biometric systems, was disproved for authentication and matching, studies showing that not only multi-modal biometric systems are not more secure, but they introduce additional vulnerabilities. This paper is a study on the implications of spoofing biometric data for retrieving the derived key. We demonstrate that spoofed biometrics can yield the same key, which in turn will lead an attacker to obtain the private key. A practical implementation is proposed using fingerprint and iris as biometrics and the fuzzy extractor for biometric key extraction. Our experiments show what happens when the biometric data is spoofed for both uni-modal systems and multi-modal. In case of multi-modal system tests were performed when spoofing one biometric or both. We provide detailed analysis of every scenario in regard to successful tests and overall key entropy. Our paper defines a biometric PKI scenario and an in depth security analysis for it. The analysis can be viewed as a blueprint for implementations of future similar systems, because it highlights the main security vulnerabilities for bioPKI. The analysis is not constrained to the biometric part of the system, but covers CA security, sensor security, communication interception, RSA encryption vulnerabilities regarding key entropy, and much more.

show abstract

Section: Experiments and Resultsmentioning

confidence: 99%

User-Centric Key Entropy: Study of Biometric Key Derivation Subject to Spoofing Attacks

Dinca

Hancke

2017

Entropy

View full text Add to dashboard Cite

show abstract

“…There are many studies [17-19, 24, 27] that examine methods to circumvent fingerprint based biometric systems. Espinoza et al [32] experimentally concluded that current state-of-the-art sensors can be deceived using spoof fingerprints, created with or without user cooperation. They also elaborate and measure the significance of quality of the spoof in attacks.…”

Section: Fingerprint Verificationmentioning

confidence: 99%

A spoof resistant multibiometric system based on the physiological and behavioral characteristics of fingerprint

Bhardwaj

Londhe

Kopparapu³

2017

Pattern Recognition

View full text Add to dashboard Cite

“…For example, retinal scanning, while accurate, is an unpleasant and invasive technology most users are not willing to accept as part of the authentication paradigm. Biometrics that are more socially acceptable, such as fingerprints, tend to be vulnerable to compromise, spoofing, and natural or accidental biometric variation [9].…”

Section: Limitations Of Traditional Authentication Techniques Andmentioning

confidence: 99%

Addressing insider threat using “where you are” as fourth factor authentication

Choi

Zage

2012

2012 IEEE International Carnahan Conference on Security Technology (ICCST)

View full text Add to dashboard Cite

Current physical and cybersecurity systems have been relying on traditional three factor authentication to mitigate the threats posed by insider attacks. Typically, systems use one or two of the following factors to authenticate end-users: what you know (e.g., password), what you have (e.g., RSA ID), or what you are (e.g., fingerprint). Systems based on these factors have the following limitations: 1) access is typically bound to a single authentication occurrence leading to remote vulnerabilities, 2) the factors have little impact against persistent insider threats, and 3) many of the authentication systems violate system design principles such as user psychological acceptability by inconveniencing the end-users. In order to mitigate the identified limitations, we propose the usage of "where you are" as a complementary factor that can significantly improve both cybersecurity and physical security. Having accurate location tracking as a new factor for authentication: 1) provides continuous identification tracking and continuous mediation of access to resources, 2) requires remote threats to acquire a physical presence, 3) allows for the enforcement of cybersecurity and physical security policies in real-time through automation, and 4) provides enhanced security without inconveniencing the end-users. Using the strength of location as an authentication factor, this paper specifies design requirements that must be present in an insider-threat Prevention System (iTPS) that is capable of actively monitoring malicious insider behaviors. iTPS has the potential to radically change the physical protection systems and cybersecurity landscape by providing practitioners with the first-of-its-kind tool for real-time insider-threat prevention capabilities. iTPS is particularly suited to address the safety and security needs of critical infrastructure, nuclear facilities, and emergency response situations.

show abstract

Vulnerabilities of fingerprint reader to fake fingerprints attacks

Cited by 40 publications

References 11 publications

User-Centric Key Entropy: Study of Biometric Key Derivation Subject to Spoofing Attacks

User-Centric Key Entropy: Study of Biometric Key Derivation Subject to Spoofing Attacks

A spoof resistant multibiometric system based on the physiological and behavioral characteristics of fingerprint

Addressing insider threat using “where you are” as fourth factor authentication

Contact Info

Product

Resources

About

Vulnerabilities of fingerprint reader to fake fingerprints attacks

Cited by 40 publications

References 11 publications

User-Centric Key Entropy: Study of Biometric Key Derivation Subject to Spoofing Attacks

User-Centric Key Entropy: Study of Biometric Key Derivation Subject to Spoofing Attacks

A spoof resistant multibiometric system based on the physiological and behavioral characteristics of fingerprint

Addressing insider threat using &#x201C;where you are&#x201D; as fourth factor authentication

Contact Info

Product

Resources

About

Addressing insider threat using “where you are” as fourth factor authentication