Park, Jun Woo KISA / IT Security Evaluation Center

Transcription

1 Park, Jun Woo KISA / IT Security Evaluation Center

2 Contents Ⅰ Protection Profile Ⅱ Analysis of SOF Ⅲ Analysis Of Vulnerability

3 I. Protection Profile

4 1. Protection Profile Fingerprint Authentication System Protection Profile Developed on February in 2004 for Government by KISA Evaluation Assurance Level : EAL2+ Some features related with Fingerprint -Threats Threats based on impersonation are added - TOE Security Functional Requirements Proper FAR/FRR are required Liveness Detection is required 3

5 1. Protection Profile Threats T.CASUAL The threat agent may make a zero effort forgery attempt to impersonate an authorized user The attacked identity is randomly chosen. The impostor makes no attempt to modify his/her own fingerprint characteristics to appear closer to the attacked identity. The chance of such an attack being successful is measured by the False Acceptance Rate (FAR). 4

6 1. Protection Profile Threats T. EVILTWIN The threat agent may attack a similar or twinned biometric template. In some cases an imposter s s fingerprint characteristics are very similar to those of an enrollee, and attack that identity. The greater the number of enrollees the more likely it is that the impostor resembles one of them. 5

7 1. Protection Profile Threats T. ARTIFACT The threat agent may use an artifact (e.g., artificial fingerprint, or other synthetic means) to gain unauthorized authentication. If an impostor can access a fingerprint image or template, he/she may be able to produce an artifact with an equivalent biometric template. Systems unable to detect the difference between a live sample and an artifact may be fooled by the use of such an artifact. 6

8 1. Protection Profile Threats T. RESIDUAL_IMAGE The residual fingerprint image from a previous user may be sufficient to allow access to an imposter. If an enrolled user leaves a residual fingerprint on a capture device, an impostor may be able to gain access subsequently. This vulnerability may be exploited separately or in conjunction with another vulnerability such as the use of an artifact. 7

9 1. Protection Profile TOE Boundary IT Environment TOE Boundary BIR Storage Enrollment Capture Extraction BIR Assurance BIR Creation BIR Validation reference template User presents Biometric PIN image capture Liveness transmission Security Management Functions Cryptographic service Compare (match) A SS E T S Verification Extraction request template 8

10 1. Protection Profile TOE Security Functional Requirements FIA_SOS.2 TSF Generation of secrets - FAR : < , FRR : < 0.05 FIA_UAU.5 Multiple authentication mechanisms - Liveness Detection 9

11 1. Protection Profile Rationale Threats T.CASUAL T.EVILTWIN T.ARTIFACT T.RESIDUAL_IMAGE Security Objectives O.Identification_and _Authentication Security Functional Requirements FIA_SOS.2 FIA_UAU.5 10

12 II. Analysis of SOF 11

13 2. Analysis of SOF Strength Of Function (SOF) on Fingerprint Authentication System SOF is an important part of the evaluation of a biometric device - It is related to FAR in Fingerprint Authentication System - It is needed proper test data to estimate FAR 12

14 2. Analysis of SOF Fingerprint Database for analyzing SOF The important characteristics of the test data - data is representative of the normal or expected operating conditions of the TOE (environmental conditions including lighting, weather, movement, surroundings, etc). - data is of sufficient size that an accurate estimate of the FAR/FRR can be determined. - data is representative of the type of samples collected (e.g., gender, age, occupation). 13

15 2. Analysis of SOF Fingerprint Database for analyzing SOF Fingerprint Database as the test data - Period of Collection 2002(1rd) 2003(2rd) 2004(3rd) Consideration Characteristic Age, Sex, Occupation, etc Temperature, Aging, etc Rolling scan, Aging, etc Population 2,000 persons 1,000 persons 600 persons Resolution 500dpi 500dpi 500dpi 14

16 2. Analysis of SOF Fingerprint Database for analyzing SOF Fingerprint Database as the test data - Sensors : 11 Types 15

17 2. Analysis of SOF Fingerprint Database for analyzing SOF Fingerprint Database as the test data - Program for fingerprint collection 16

18 2. Analysis of SOF Fingerprint Database for analyzing SOF Samples of Fingerprint Database EyeD Hamster MagicSecure2500 U.are.U Authentec Atmel 17

19 2. Analysis of SOF Fingerprint Database for analyzing SOF Population of Fingerprint Database - About 570,000 Fingerprint Images from 36,000 persons Composition -Male : 50%, Female : 50% -Age : 7 classes (~6,7~11,12~17,18~35,36~50,51~65,65~) -Occupation (6 classes) (student, officer, manufacturer, labor, housekeeper, etc.) Method Consideration -About 150 fingerprints per person -6 fingers (left, right : thumb, index, middle) -Repeat 5 times per finger Occupation, Sex, Temperature, Humidity, Aging, etc. 18

20 2. Analysis of SOF Fingerprint Database for analyzing SOF FAR/FRR Analysis - Display Fingerprint Database information 19

21 2. Analysis of SOF Fingerprint Database for analyzing SOF FAR/FRR Analysis - Creating Template Process Add Creating Template Module Set the Enrollee Select Information Set the Finger Select Information Select the Sensor Type Select the Multiple Impression 20

22 2. Analysis of SOF Fingerprint Database for analyzing SOF FAR/FRR Analysis - Matching Process Matching Module Path Configuration Path Set the Genuine Matching Information Set the Imposter Matching Information : Finger Type 21

23 III. Vulnerability of Fingerprint Authentication System 22

24 3. Vulnerability of Fingerprint Authentication System General Vulnerabilities Transmission Protocol Impostor intercepts or inserts authorized fingerprint sample or template as it is being transmitted between subsystems or components Operating Environment Impostor exploits vulnerabilities of OS or bypasses fingerprint authentication systems 23

25 3. Vulnerability of Fingerprint Authentication System Technology Specific Vulnerabilities Fake Fingerprint Impostor presents an artificial fingerprint sample Residual fingerprint image Impostor utilizes a residual fingerprint image left on the sensor Zero effort forgery attempt Impostor makes no attempt to modify his/her own fingerprint characteristics to appear closer to the attacked identity 24

26 3. Vulnerability of Fingerprint Authentication System Artificial Fingerprint Mold for Artificial Fingerprint using plaster or gummy clay 25

27 3. Vulnerability of Fingerprint Authentication System Artificial Fingerprint Artificial Fingerprint using Gelatine 26

28 3. Vulnerability of Fingerprint Authentication System Artificial Fingerprint Artificial Fingerprint using Gelatine 27

29 3. Vulnerability of Fingerprint Authentication System Vulnerability on Fingerprint Authentication System Comparison of Live and fake Live Finger Silicone Finger Gelatine Finger 28

30 3. Vulnerability of Fingerprint Authentication System Vulnerability on Fingerprint Authentication System Types of Experiments Experiment Type 1 Type 2 Type 3 Type 4 Enrollment Live Live Fake Fake Verification Live Fake Live Fake 29

31