Embed Size (px)
Citation preview
Biometrics Authentication
Bruce Maggs
2
Biometric Identifiers
• Fingerprints, palm prints
• Palm veins
• Hand shape
• Facial image
• DNA
• Iris, retinal images
• Odor
• Etc.
Fingerprints
3
https://en.wikipedia.org/wiki/Fingerprint#/media/File:Fingerprints_taken_by_William_James_Herschel_1859-1860.jpg
Fingerprint Minutiae
• Two classes of algorithms: minutaie matching and image comparison.
4
https://www.fbi.gov/about-us/cjis/fingerprints_biometrics/biometric-center-of-excellence/files/fingerprint-recognition.pdf
FBI Database
• “Integrated Automated Fingerprint Identification System”
• What is included in IAFIS: Not only fingerprints, but corresponding criminal histories; mug shots; scars and tattoo photos; physical characteristics like height, weight, and hair and eye color; and aliases.
• https://www.fbi.gov/about-us/cjis/fingerprints_biometrics/iafis/iafis
• Includes fingerprints for over 70 million criminals and 34 million other civilians.
• 27 minute processing time for criminal inquiry, 72 minutes for civil
5
Creating Fake Fingerprints
• Relatively easy to do given access to a real fingerprint.
• But in 2014 Jan Krissler demonstrated that he could create a fake fingerprint from a high-resolution photograph of Germany’s Federal Minister of Defense Ursula von der Leyden!
6
http://www.ibtimes.com/hacker-demonstrates-how-fake-fingerprint-sensors-using-regular-photographs-1769408
Retinal Scans
• More difficult to collect than fingerprints.
7
https://en.wikipedia.org/wiki/Retina#/media/File:Fundus_photograph_of_normal_left_eye.jpg
DNA
• 99.9% of DNA is identical in every human!
• Tests focus on loci where differences are likely to occur.
• Original DNA is not compared directly: first, copies are made using Polymerase Chain Reaction (PCR)
• FBI estimates probability of a coincidental match at 1 in 108 trillion, but other estimates are much lower.
8
https://sasha949.files.wordpress.com/2010/05/3642508132_3f7c649f62_o.jpg
http://www.nij.gov/topics/forensics/evidence/dna/basics/pages/analyzing.aspx
Implanted Chips
• RFID (Radio-Frequency Identification) chip
9
https://en.wikipedia.org/wiki/Radio-frequency_identification#/media/File:Microchip_rfid_rice.jpghttps://en.wikipedia.org/wiki/Microchip_implant_(human)#/media/File:RFID_hand_2.jpg
RFID Technologies
• Electromagnetic induction: when a changing magnetic field passes over the antenna, a current is induced on the chip.
• Inductive coupling: Chip adjusts its antenna, perturbing the magnetic field, which reader senses (up to about 10cm).
10
http://rfid-handbook.de/downloads/images/hf-kommunikationsprinzip.png
More on RFID Technology
• Reflective backscatter: chip alters reflection of a radio wave.
• Active RFID: batteries in the chip are used generate a radio signal, boosting transmission range, e.g., up to tens of meters.
11
Turing Test
A test of a computer’s ability to behave in a way that is indistinguishable from a human being. Turing proposed natural language conversations.
12
“Reverse” Turing Test or “CAPTCHA”
• A test that can distinguish a human from a computer.
• CAPTCHA: Completely Automated Public Turing test to tell Computers and Humans Apart
13
“Captchas”
14
http://www.captcha.net/
U.S. Patent 6195698: Method for selectively restricting access to computer systems. Mark D. Lillibridge, Martin Abadi, Krishna Bharat, Andrei Z. Broder. Filed April 13, 1998, published February 27, 2001.
von Ahn, Luis; Blum, Manuel; Hopper, Nicholas J.; Langford, John (May 2003). CAPTCHA: Using Hard AI Problems for Security. EUROCRYPT 2003: International Conference on the Theory and Applications of Cryptographic Techniques
Easy to generate, difficult for a computer to solve.
Polygraph / Lie Detector
• Measures physiological responses to questions, such as heart rate, blood pressure, perspiration
15
http://abcnewspapers.com/2012/07/07/new-business-detects-between-truth-and-lies/
Scientific Validity?
• “CONCLUSION: Polygraph testing yields an unacceptable choice for DOE employee security screening between too many loyal employees falsely judged deceptive and too many major security threats left undetected. Its accuracy in distinguishing actual or potential security violators from innocent test takers is insufficient to justify reliance on its use in employee security screening in federal agencies.” The Polygraph and Lie Detection, Committee to Review the Scientific Evidence on the Polygraph.
Division of Behavioral and Social Sciences and Education. Washington, DC: The National Academies Press. 2003
• Not admissible in court.
• But accuracy is better than chance when focused on specific incidents.
• Subject’s believe in validity may lead to truthfulness.
16
