Security of
Biometric Authentication Systems
Vashek Matyas, joint work with Zdenek Riha
Faculty of Informatics, Masaryk University Brno
{matyas, zriha} at fi.muni.cz
Authentication at the time of war
• And the Gileadites took the passages of Jordan before the
Ephraimites: and it was so, that when those Ephraimites which
were escaped said, Let me go over; that the men of Gilead said
unto him, Art thou an Ephraimite? If he said, Nay; Then said they
unto him, Say now Shibboleth: and he said Sibboleth: for he could
not frame to pronounce it right. Then they took him, and slew
him at the passages of Jordan: and there fell at that time of the
Ephraimites forty and two thousand. (Judges 12:5-6)
• Identify-Friend-or-Foe more critical than ever before
– Systems watch and shoot at distances where visual target identification is
impossible
– Rise of “friendly fire” casualties from historical 10-15% to 25% in the First
Gulf War (R Anderson, Security Engineering)
Means of authentication Access to a service
• something you know
(password, PIN)
• something you have (key,
smartcard)
• something you are -
biometrics
• or combination of the above
• Access by a person
(process) that knows a
secret.
• Access by a person
possessing a “key”.
• Access by a person with
this characteristic.
Biometric techniques
• Biometrics – biological characteristics
measurable by automated methods
• Physiological characteristics (hand, eye,
face, etc.)
• Behavioral characteristics (signature
dynamics, voice, etc.)
Biometric techniques
Biometrics – authentication
• Biometrics almost never match at 100%!!!
• Threshold-based decision introduces the rates
of false acceptance and rejection
– Zero-effort or active bypassing?
• User group size vs. accuracy
– Verification vs. identification?
Verification steps
1) First measurement/acquisition(s)
2) Creation of master characteristics
3) Storage of master in a database
4) Subsequent acquisition(s)
5) Creation of new characteristics
6) Comparison: new - master
7) Threshold-based decision
DNA as a biometric?
9310-10
,
8 markers
1
fully autom.
19010-18
,
16 markers
90
fully autom.
83010-18
,
16 markers
90
semi-autom.
45010-18
,
16 markers
10
34510-18
,
16 markers
1
Time
(minutes)
Random
match
probability
# of
samples
10-5
60 minutes3rd marker
…
10-3
60 minutes2nd marker
10-2
60 minutes1st marker
10-10
60 minutesnext 3…
10-7
60 minutesnext 3…
10-5
60 minutes3 markers
Serial marker analysis (soon)
Multiplexing (in few years)
Real-world use of biometrics
• UK Passport Service: Biometrics Enrolment trial 2005, success
of registration & verification (registration)
– Face
• General population: 69% (99.85%)
• Disabled: 47% (97.7%)
– Iris
• General population: 85.8% (87.7%)
• Disabled: 55.6% (61%)
– Fingerprint (10-print)
• General population: 80.8% (99.3%)
• Disabled: 77.4% (96.1%)
• US-VISIT program (2 index fingers) with 6,000,000 “notwanted”
entries in 2004 had official 0.31% false match rate and
4% missed match rate
Advantages of biometrics
• Actually authenticate the user
– Provided they work correctly
• Not transferable
– Yet characteristics can be copied/stolen
• Easy to use and usually fast
• Some allow for continuous authentication
Practical problems I.
• Trustworthy input device (liveness)
– Is this from a living person?
– Is this from the person presenting it?
• Performance – security vs. usability & cost
• Users with damaged, missing or “not usable”
organs – Fail To Enroll (FTE) rate
Practical problems II.
• Inflexibility of characteristics
– one characteristic can be used in more systems!
– compromising should not be critical to security
• Privacy and user acceptance issues
• Legislation and regulation
Commercial versus Forensic
• Fully automated,
computer peripherals
• Lower accuracy
• Enrolment can be
repeated
• Typically only
characteristics stored
• Automated assistance
with human experts
• Higher accuracy
• Enrolment often
cannot be repeated
• Characteristics usually
with original samples
Commercial versus Forensic II.
• Results in seconds
• Support needed at lowmoderate
level
• Size as small as possible
• Low cost, important
factor
• Results even in days
• Expert maintenance and
support required
• Size is relatively
unimportant
• High cost, considerable
but not important factor
Show me the magic…
• Biometrics are not secrets
– Covert vs. overt acquisition
– Many systems rely on secrecy of biometrics
• Many systems use the same biometrics
• Yet have different security policies
• Their owners are not aware of the extent
• Does this resemble a password problem…???
Part of a bigger puzzle
• Not only the error rates and liveness
check matter…
– Storage and transfer of samples
– Place of comparison
Biometrics – major lessons
• Same person never shows same results
• Biometric systems often terribly erroneous
• Biometrics are not secrets
• Input device is crucial (often physical protection)
• Liveness should be checked
• User authentication, not for machines or data
• New attack countermeasures => newer attacks
Key generation attempts
• User provides her/his biometric sample
and her/his key can be generated from
this sample
• Attractive benefits
– Key re-generated “on the fly”
– Key is used only with owner present
– Can be used and then destroyed
Biometrics and key derivation
• Hash of a biometric measurement often
suggested to be used – will not work as a
simple password replacement
– Such approaches useless – other ways to explore…
– Biometric hash (representing characteristics “that
are most likely” invariable) is effectively a sample
creating algorithm
• Worth investigating anyway (yet for different reasons)
Major problems
• Key-space
– Limited by measurable characteristics
• Entropy low for crypto keys
– Probability of different values?
• Secret key protection
– Biometrics are not secret
– Can secret be added?
• Where do we store that secret?
• What are the chances of exhaustive search?
Minor problems
• Compromised key – key change?
• Organ damaged – key loss?
• Dependence on the reader
What can we generate?
• Key?
– Most probably not – open for future
research
– Do we need random input?
• This is the key then, more than anything else
• Non-trivial userID?
Key locking
• Biometrics applied to a random key
• “Locked” key leaks no data – neither
about the key nor about biometric data
• Only the correct biometric data can
“unlock” the key
• Key can be changed, yet biometric data
compromise is still a problem
Digital signature &
authentication
User — Computer — Data
Digital signature in theory
Secret Key + Document = Signature
Public Key + Signature + Document = Yes / No
Digital signature in real-life
• Public Key – critical for verification, use of
certificates (PKI)
• Secret Key – must be kept secret otherwise
others can create „your“ signatures
Protection of the secret key
• Stored on a computer, smartcard…
• Usually encrypted / locked
– To use, one must provide a PIN/password
and/or the smartcard
– Is unencrypted during use – a Trojan horse or
administrator can get hold of the secret key!!!
No reliable signature without a
secret!
• Digital signature is based on limited
access to the secret key
• It is not you (human), but the computer
that signs!!!
Biometric signatures
• Biometrics are not secrets !!!
• Biometrics authenticate users, not
computers nor messages...
The role of biometrics
• Biometrics can protect access to the secret
key
• Signature chip + biometric sensor +
biometric matching = … bright future?
  
• Authentication/identification
of the user
• Biometrics are not secrets
• Copying is neither trivial nor hard
• Biometric information can be very sensitive
• Assure liveness+ (often by a human guard) and
take advantage of the accuracy & speed
Conclusions
Iris
Prospects for biometrics
• Device logon (standard workplace)
• Excellent additional authentication
method
• Token/smartcard & PIN & biometrics
• AFIS & rough known-person search
• Consideration: user-friendliness & cost
vs. security
Research ideas
• Text-prompted speaker (voice)
recognition and challenge-response auth.
– Enhancement with lip movement check
• Research into issues related to publicity of
biometric data
• Challenge – liveness check with low FRR
Course reading – week 5
• Security of Biometric Authentication Systems,
V. Matyáš, Z. Říha, International
Journal of Computer Information
Systems and Industrial Management
Applications, Volume 3 (2011) pp. 174-
184
• PDF in the IS
Term project presentations!!!
April 18:
Po přednášce...
• Konečný
• Mareček
• Hnízdil
• Tvrdý
May 2:
• Miklošovič
• Mokoš
• Sedlář
• Kompan
• Janáček
• Rodrigues
• Adam
Reminders: the presentation is worth (up to) 5 points from your course
score; it should last at most 10 minutes (time for questions &
discussion will be provided); laptop with AcroRead and PowerPoint
will be available. Rehearse!!!!!
May 9:
• Petruchová
• Prišťák
• Jurnečka
• Balážia
• Kretek
• Buda
• Iakym
May 16:
• Čermák
• Poul
• Chovanec
• Ošťádal
• Velan
• Víteček
• Güttner