Biometrics Authentication Bruce Maggs

advertisement
Biometrics Authentication
Bruce Maggs
Biometric Identifiers
•
•
•
•
•
•
•
•
Fingerprints, palm prints
Palm veins
Hand shape
Facial image
DNA
Iris, retinal images
Odor
Etc.
2
Fingerprints
https://en.wikipedia.org/wiki/Fingerprint#/media/File:Fingerprints_taken_b
y_William_James_Herschel_1859-1860.jpg
3
Fingerprint Minutiae
• Two classes of algorithms: minutaie
matching and image comparison.
https://www.fbi.gov/about-us/cjis/fingerprints_biometrics/biometric-center-ofexcellence/files/fingerprint-recognition.pdf
4
FBI Database
• “Integrated Automated Fingerprint Identification System”
• What is included in IAFIS: Not only fingerprints, but
corresponding criminal histories; mug shots; scars and tattoo
photos; physical characteristics like height, weight, and hair and
eye color; and aliases.
• https://www.fbi.gov/about-us/cjis/fingerprints_biometrics/iafis/iafis
• Includes fingerprints for over 70 million criminals and 34 million
other civilians.
• 27 minute processing time for criminal inquiry, 72 minutes for civil
5
Creating Fake Fingerprints
• Relatively easy to do given access to a
real fingerprint.
• But in 2014 Jan Krissler demonstrated
that he could create a fake fingerprint
from a high-resolution photograph of
Germany’s Federal Minister of Defense
Ursula von der Leyden!
http://www.ibtimes.com/hacker-demonstrates-how-fake-fingerprint-sensors-usingregular-photographs-1769408
6
Retinal Scans
• More difficult to collect than fingerprints.
https://en.wikipedia.org/wiki/Retina#/media/File:Fundus_photograph_of_normal_left_eye.jpg
7
DNA
• 99.9% of DNA is identical in every
human!
• Tests focus on loci where differences
are likely to occur.
• Original DNA is not compared
directly: first, copies are made using
Polymerase Chain Reaction (PCR)
• FBI estimates probability of a
coincidental match at 1 in 108 trillion,
but other estimates are much lower.
https://sasha949.files.wordpres
s.com/2010/05/3642508132_3
f7c649f62_o.jpg
http://www.nij.gov/topics/forensics/evidence/dna/basics/pages/analyzing.aspx
8
Implanted Chips
• RFID (Radio-Frequency Identification) chip
https://en.wikipedia.org/wiki/Radio-frequency_identification#/media/File:Microchip_rfid_rice.jpg
https://en.wikipedia.org/wiki/Microchip_implant_(human)#/media/File:RFID_hand_2.jpg
9
RFID Technologies
• Electromagnetic induction: when a changing magnetic field
passes over the antenna, a current is induced on the chip.
• Inductive coupling: Chip adjusts its antenna, perturbing the
magnetic field, which reader senses (up to about 10cm).
http://rfid-handbook.de/downloads/images/hf-kommunikationsprinzip.png
10
More on RFID Technology
• Reflective backscatter: chip alters reflection of a radio
wave.
• Active RFID: batteries in the chip are used generate
a radio signal, boosting transmission range, e.g., up
to tens of meters.
11
Turing Test
A test of a computer’s ability to behave in
a way that is indistinguishable from a
human being. Turing proposed natural
language conversations.
12
“Reverse” Turing Test or “CAPTCHA”
• A test that can distinguish a human from
a computer.
• CAPTCHA: Completely Automated
Public Turing test to tell Computers and
Humans Apart
13
“Captchas”
http://www.captcha.net/
Easy to generate, difficult for a computer to solve.
U.S. Patent 6195698: Method for selectively restricting access to computer
systems. Mark D. Lillibridge, Martin Abadi, Krishna Bharat, Andrei Z. Broder.
Filed April 13, 1998, published February 27, 2001.
von Ahn, Luis; Blum, Manuel; Hopper, Nicholas J.; Langford, John (May
2003). CAPTCHA: Using Hard AI Problems for Security. EUROCRYPT 2003:
International Conference on the Theory and Applications of Cryptographic
Techniques
14
Polygraph / Lie Detector
• Measures physiological responses to
questions, such as heart rate, blood pressure,
perspiration
http://abcnewspapers.com/2012/07/07/new-business-detects-between-truth-and-lies/
15
Scientific Validity?
• “CONCLUSION: Polygraph testing yields an unacceptable
choice for DOE employee security screening between too
many loyal employees falsely judged deceptive and too
many major security threats left undetected. Its accuracy in
distinguishing actual or potential security violators from
innocent test takers is insufficient to justify reliance on its
use in employee security screening in federal agencies.”
 The Polygraph and Lie Detection, Committee to Review the Scientific Evidence on the Polygraph.
Division of Behavioral and Social Sciences and Education. Washington, DC: The National
Academies Press. 2003
• Not admissible in court.
• But accuracy is better than chance when focused on
•
specific incidents.
Subject’s believe in validity may lead to truthfulness.
16
Download