7. Storing and comparing
● Original / enhanced image
● Coordinates of the minutae
● Other features
● Fuzzy hash, locality-sensitive hash
○ “Percentage hash”
○ Collisions are needed
9. “A Japanese cryptographer has demonstrated how
fingerprint recognition devices can be fooled using a
combination of low cunning, cheap kitchen supplies and a
digital camera.” The Register, “Gummi bears defeat
fingerprint sensors”
“The results are enough to scrap the systems completely,
and to send the various fingerprint biometric companies
packing.” Bruce Schneier
10. Iris
● Detection of around 200 points
● Same storage methods as fingerprints
● Only patented algorithms
11. DNA, veins, voice, face...
● Using many in combination
● Expensive scanners (DNA, veins)
○ But Kuwait takes DNA from everyone
● Lack of uniqueness and high error rate
(voice, face)
12. Reconstructing
● ...possible
○ based on minutae, points, features
○ except if fuzzy / locality senstive hash is used
● => storing in centralized databases is
dangerous
14. N-th factor
● Secure identification is
○ something you have +
○ something you know +
○ something you are
● e.g. smartcard with PIN + fingerprint
(matched on the card)
15. Border inspections
● ICAO biometric passports
○ Contain images of the face and fingerprints (soon
maybe iris) (JPEG2000)
○ Integrity - with QES of the issuing authoroity
● Fingerprints are read without PIN
○ ...but by a “trusted” terminal
● And are compared to the person’s fingerprints
● => fake/someone else’s document?
16. Problems
● Centralized databases with images of
fingerprints
● Contactless reading of fingerprints
○ 3 versions of the protocol have been demonstrated
to have security issues
○ Complex scheme for certificate management.
Certificates expire in 24 hours.
18. ● ...but the chip doesn’t have a clock
○ 1 leaked terminal certificate
○ => all fingerprints in all passports in the world are
easy targets
○ ...if the central databases don’t leak before that
● experts - “well, I can get your fingerprint from
anywhere”
○ in high-res?
19. bioID - No go
● You can’t change your fingerprint/iris/DNA
● Databases leak sooner or later
● Easy to fake (gummi bears!)
● They are used to unlock phones => unlock
○ email
○ e-banking
○ ...everything
23. Fraud?
● How do we guarantee that the hash is a
result of our biometrics?
● biometrics+password-> KDF -> private key
(ephemeral)
○ KDF (key derivation function)
○ Sign challenge with the private key
24. Anonymity
● Hashes don’t have names
● Guarantees identity
● Aliases for different contexts (multiple
passwords?)
● Example: distributed ride-sharing with
distributed reputation system ontop of a
global anonymous identity
25. Conclusion
● Only biometrics - no
● Biometrics in clear form - no
● Biometrics in databases - no
● 2nd factor, match-on-card - okay
● Future applications