I TU-T Workshop on Security, Seoul

I mportance of Open Discussion on

Adversarial Analyses for Mobile Security
Technologies
--- A Case Study for User I dentification ---
14May 2002
Tsutomu Matsumoto
Graduate School of Environment and I nformation Sciences
Yokohama National University
email: tsutomu@mlab.jks.ynu.ac.jp
Mobile Security Technologies
Security Architecture
Operating Systems Security
Software Tamper Resistance
Mobile Code Security
Physical Tamper Resistance
Communications Security
Cryptographic Protocol
User Identification

Adversarial Analysis
Security assessmentof biometric user identification
systems should be conducted not only for the accuracy
of authentication, but also for security against fraud.
I n this presentation we focus on Fingerprint
Systems which may become widespread for
Mobile Terminals.
Can we make artificial fingers that fool fingerprint systems?
Examine Adversarial Analysis as A Third Party
What are acceptance rates?
Fingerprint Systems
Typical structure of a fingerprint system
Typical structure of a fingerprint system
Types of sensors
Types of sensors
Optical sensors
Capacitive sensors
Thermal sensors, Ultrasound sensors, etc.
Finger
Finger Data
Feature Extraction
Finger Information Database
Fingerprint System
Enrollment
Verification or Identification
Recording
Capturing
Presenting
Result
Referring
Comparison
Live and Well Detection
A Risk Analysis for Fingerprint Systems
Attackers may present
1) the registered finger,
by an armed criminal, under duress, or with a sleeping
drug,
2) an unregistered finger (an imposter's finger),
i.e., non-effort forgery,
3) a severed fingertip from the registered finger,
4) a genetic clone of the registered finger,
5) an artificial clone of the registered finger, and
6) the others,
such as a well-known method as a fault based attack.
Fraud with Artificial Fingers
Part of patterns of dishonest acts with artificial fingers
against a fingerprint system.
L(X): A Live Finger corresponding to Person X
A(Y): An Artificial Finger corresponding to Person Y
A(Z): An Artificial Finger corresponding to Nobody
Fraud with Artificial Fingers I
X
L(X)
X
L(X)
Enrollment
Enrollment
A(X)s
Distribution of A(X)s
Distribution of A(X)s
Y X
Y obtains A(X).
Y obtains A(X).
A(X)
X or Y
Authentication
Authentication
A(X)
Fraud with Artificial Fingers II
Y X
X obtains A(Y).
X obtains A(Y).
A(Y)
X
A(Y)
X
A(Y)
X enrolls A(Y).
X enrolls A(Y).
Authentication
Authentication
A(Y)
or L(Y)
X or Y
A(Y)s
Distribution of A(Y)s
Distribution of A(Y)s
Fraud with Artificial Fingers III
X Y
Y makes A(X).
Y makes A(X).
A(X)
L(X)
X
L(X)
L(X)
Enrollment
Enrollment
X
A(X)s
Distribution of A(X)s
Distribution of A(X)s
Y
Authentication
Authentication
A(X)
Mapping a Fingerprint onto Artificial Fingers
Finegerprint
Impression
Artificial Finger
e.g., Molds, Residual Fingerprints, ...
e.g., Live Fingers, Generators, ...
Known Results
Process 0
(1) Finger
(2) Mold
(3) Silicone Rubber Finger
Fact
Often Accepts
Silicone Rubber Fingers
Finger
L
i
g
h
t

S
o
u
r
c
e
D
e
t
e
c
t
o
r
Finger
Array of Electrodes
Usually Rejects
Silicone Rubber Fingers
Optical Sensor
Optical Sensor
Capacitive Sensor
Capacitive Sensor
Gummy Fingers
Our Result
Process 1
(1) Finger
(2) Plastic Mold
(3) Gummy Finger
Our Result
Process 1
(1) Finger
(2) Plastic Mold
(3) Gummy Finger
Recipe 1-1
Making an Artificial Finger directly froma Live Finger
Solid gelatin sheet
GELATINE LEAF
by MARUHA CORP
200JPY/30grams
Free molding plastic
FREEPLASTIC
by Daicel FineChem Ltd.
350JPY/35grams
Materials
Materials
Recipe 1-2
Put the plastic
into hot water
to soften it.
Press a live finger
against it.
The mold
It takes around 10 minutes.
How to make a mold
How to make a mold
Making an Artificial Finger directly froma Live Finger
Recipe 1-3
Making an Artificial Finger directly froma Live Finger
Preparation of material
A liquid in which immersed gelatin at 50 wt.% .
Preparation of material
Add boiling water (30cc) to solid gelatin (30g) in a
bottle and mix up them.
It takes around 20 minutes.
Recipe 1-4
Making an Artificial Finger directly froma Live Finger
How to make a gummy finger
How to make a gummy finger
It takes around 10 minutes.
Put it into
a refrigerator to cool.
Pour the liquid
into the mold.
The gummy finger
Similarity with Live Fingers
The photomicrographs of fingers
The photomicrographs of fingers
(a) Live Finger (b) Silicone Finger (c) Gummy Finger
Captured I mages
Captured images with the device C (an optical sensor).
Captured images with the device C (an optical sensor).
(a) Live Finger (b) Silicone Finger (c) Gummy Finger
Captured images with the device H (a capacitive sensor).
Captured images with the device H (a capacitive sensor).
(a) Live Finger (b) Gummy Finger
Experiments
Fingerprint systems: 11 types
Subjects: five persons whose ages are from 20s to 40s
We attempted one-to-one verification 100 times counting the
number of times that it accepts a finger presented.
Types of experiments
Experiment Enrollment Verification
Type 1 Live Finger Live Finger
Type 2 Live Finger Gummy Finger
Type 3 Gummy Finger Live Finger
Type 4 Gummy Finger Gummy Finger
The List of Fingerprint Devices
H ardw are S pecifications So ftwa re Spe cific ations
Methods
Manufacturer /
Selling Ag ency
Pro duc t N ame Type
Produc t
N umbe r
Se ns or
Liv e and
Well
D ete ction
Manufa ctur er /
S elling Age ncy
Pro duc t N ame
(Application)
Co mpar is o n
Leve ls
fo r
V er ification
D ev ic e A
Comp aq Comp uter
Cor pora tion
Comp aq S ta nd-A lone
Fingerprint Identifica tion
Unit
DF R-200 E0 38 11US 00 1
Opt ic a l
S ens or
unknow n
Comp aq Compu ter
Corp ora tion
F in gerprint Identifica tion
T echnology Softw are
ver sion 1. 1
1 throu gh 3
Minu tiae
Ma tc hing
D ev ic e B
MIT SUBISHI
ELECT RIC
CO RPO RATIO N
Fingerprint Rec ognizer F PR-DT mkII 003 136
Opt ic a l
S ens or
unknow n
S umikin Iz umi
Comp uter Ser vice co.
Ltd.
S ecFP V1. 11 Fix ed
Minu tiae
Ma tc hing
D ev ic e C NEC Corpora tion
Fingerprint Identifica tion
Unit (P ris m)
N7 95 0-41 9 Y00 00 3
Opt ic a l
S ens or
unknow n NEC Corpora tion
Ba sic Utilit ie s for
F in gerprint Identifica tion
Fix ed
Minu tiae
Ma tc hing
(Minut ia a nd
Rela tion)
D ev ic e D OMRO N Corp orat ion
Fingerprint Rec ognition
Sens or
FP S-100 0 9 050 085 4
Opt ic a l
S ens or
unknow n OMRON Corpor ation
"YU BI PAS S " U .a re. U
F in gerprint Ver ifica tion
S oft wa re
Fix ed
Minu tiae
Ma tc hing
D ev ic e E Sony Corpora tion
Sony Fingerp rint
Iden tific ation Unit
FIU-00 2-F11 0 07 09
Opt ic a l
S ens or
Live Finger
detection
T SUBASA S YST EM
CO. ,LT D.
F in gerprint Identifica tion
U nit Windows 9 5
Inter ac tive Demo Ver sion
1 . 0 Bu ild 1 3
1 throu gh 5
P att ern
ma tch ing
D ev ic e F FUJ ITSU LIMITED Fings ensor FS-2 00U 00 AA0 002 57
Ca pa citive
S ens or
unknow n F UJ IT SU LIMITED
Logon for Fings ens or V1 .0
for Windows 95 /98
Fix ed
Minu tiae
Ma tc hing
(Correla tion)
D ev ic e G NEC Corpora tion
Fingerprint Identifica tion
Unit (S eria l)
P K-FP 002 03 005 29S
Ca pa citive
S ens or
unknow n NEC Corpora tion
Ba sic Utilit ie s for
F in gerprint Identifica tion
Fix ed
Minu tiae
Ma tc hing
(Minut ia a nd
Rela tion)
D ev ic e H
Siemens AG (Infineon
Technologies AG )
FingerTIP
EV ALUAT ION K IT
E VA LUA TION -
KIT
C98 451 -
D6 100 -A900 -
4
Ca pa citive
S ens or
unknow n
S ie me ns AG (Infineon
T echnologies AG)
F in gerTIPS oftwa re
D evelopment K it (SDK)
V ers ion: V0 . 90, Beta 3
"Demo Progra m"
Fix ed
Minu tia
ma tch ing
D ev ic e I Sony Corpora tion
Sony Fingerp rint
Iden tific ation Unit
F IU-710 30 00 398
Ca pa citive
S ens or
Live Finger
detection
S yst emneeds Inc . Good -b ye " PASSWORD" s 1 throu gh 5
P att ern
ma tch ing
D ev ic e J Secu gen Ey eD mous e II SM B-800
96 501 720 04
Opt ic a l
Sen s or
unknow n Se cu gen
Se cu De sk t op 1. 55
{
1 t hr ough 9
Minut ia
mat c hi ng
D ev ic e K Et hentica
ethentica tior MS 3 000 PC
Ca rd
MS 3 00 0 M3 00F 20 099 1
Opt ic a l
Sen s or
un kno wn Ethe ntica
Secu re Su i t e
Rel e as e1. 0
F i xe d
Minut ia
mat c hi ng
Experimental Results
Making an Artificial Finger directly froma Live Finger
0
20
40
60
80
100
A B C D E F G H I J K
Fingerpri nt Device
T
h
e

N
u
m
b
e
r

o
f
A
c
c
e
p
t
a
n
c
e
(
t
i
m
e
s
/
1
0
0
a
t
e
m
p
t
s
)
L - L L - A A - L A - A
Gummy Fingers
Our Result
Process 2
(1) Residual Fingerprint
(2) Digital I mage Data
(3) Printed Circuit Board
(4) Gummy Finger
Our Result
Process 2
(1) Residual Fingerprint
(2) Digital I mage Data
(3) Printed Circuit Board
(4) Gummy Finger
Recipe 2-1
Making an Artificial Finger from a Residual Fingerprint
Materials
Materials
A photosensitive
coated Printed Circuit
Board (PCB)
10K by Sanhayato Co., Ltd .
Solid gelatin sheet
GELATINE LEAF
by MARUHA CORP
200JPY/30grams
320JPY/sheet
Recipe 2-2
Digital Microscope
KEYENCE VH6300: 900k pixels
I nkjet Printer
Canon BJ-F800: 1200x600dpi
Residual Fingerprint
Enhancing
Capturing
Fingerprint Image
Image Processing
Transparent Film
Mask
Photosensitive
Coated PCB
Cyanoacrylate
Adhesive
Adobe Photoshop 6.0
Printing
Exposing
Developing
Etching
Mold
UV light
Recipe 2-3
A Mask with Fingerprint Images
An Enhanced Fingerprint A Fingerprint Image
Recipe 2-4
Gelatin Liquid
Put this mold into
a refrigerator to cool,
and then peel carefully.
40wt.%
Drip the liquid
onto the mold.
^
The Mold and the Gummy Finger
Mold: 70JPY/piece
(Ten molds can be obtained
in the PCB.)
Gummy Finger: 50JPY/piece
Resolution of Fingerprint I mages
Pores can be observed.
Captured Fingerprint Image of
the Gummy Finger
with the device H (a capacitive sensor)
Enhanced Fingerprint
Experimental Results
from Residual Fingerprints (for 1 subject)
0
20
40
60
80
100
A B C D E F G H I J K
Fingerpri nt Device
T
h
e

N
u
m
b
e
r

o
f
A
c
c
e
p
t
a
n
c
e
(
t
i
m
e
s
/
1
0
0
a
t
e
m
p
t
s
)
L - L L - A A - L A - A
Characteristics of Gummy Fingers
0
100
200
300
400
500
0 50 100 150
Pressure Sensor Output (g)
T
a
c
t
i
l
e

S
e
n
s
o
r

O
u
t
p
t

(
H
z
)
Gummy Finger
Live Finger
Moisture Electric Resistance
Live Finger 16% 16 Mohms/cm
Gummy Finger 23% 20 Mohms/cm
Silicone Finger
impossible to measure impossible to measure
The compliance was also examined for live and gummyfingers.
Conclusions
There can be various dishonest acts using artificial fingers
against the fingerprint systems.
Gummy fingers, which are easy to make with cheep, easily
obtainable tools and materials, can be acceptedby 11 types of
fingerprint systems.
The experimental study on the gummy fingers will have
considerable impact on security assessment of fingerprint
systems.
Manufacturers,vendors, and users of biometric systems should
carefully examine security of their system against artificial
clones.
How to treat such information should be an important issue.
For Details
Paper:
T. Matsumoto, H. Matsumoto, K. Yamada, S. Hoshino,
I mpact of Artificial Gummy Fingers on Fingerprint
Systems Proceedings of SPI E Vol. #4677,
Optical Security and Counterfeit Deterrence Techniques I V.