Exploitation of smart cards and human biometrics attributes

Download Report

Transcript Exploitation of smart cards and human biometrics attributes

Exploitation of smart cards and human biometrics attributes

RNDr. Luděk Smolík Martin Drahanský

Biometrics

The automated technique of measuring a physical characteristic or personal trait of an individual and comparing that characteristic to a comprehensive database for purposes of identification.

Smart Card

A card-shaped portable data carrier that contains one or more integrated circuits for data storage and processing. A typical smart card chip includes a microprocessor or CPU, ROM (for storing operating instructions), RAM (for storing data during processing) and EPROM (or EEPROM) memory for nonvolatile storage of information.

Hand Physical

Biometrics

Finger Behavioural Signature Keystroke Face Retina Iris Voice

Usage of the Different Biometric Characteristics (1999)

Fingerprint Sensors

 Optical sensor  Thermal sensor  Ultrasonic sensor  E-field sensor  Polymer TFT sensor (

T

hin

F

ilm

T

ransistor)  Capacitive sensor

Ultrasonic method of acquiring fingerprint representation is based on sending acoustic signals towards the finger surface and detecting the echo. papillary lines 0.3 - 0.9 mm Ultrasonic Transducer short pulse ~ 20 ns valey ridge Ultrasonic Receiver

Capacitive Sensor in CMOS Technology (infineon) 8-bit per pixel

224

Finger surface SW1 V CC = C C C P SW2 Comparator + = V Ref N Counter 0.......255

288

0 255

Fingerprint classes

Plain Arch Left Loop Right Loop Tended Arch Whorl

Minutiae

Ridge Ending Bifurcation Island X Trifurcation Delta Lake Back Hook Bridge Break Diagonal Double Bifurcation Dot Diversion

How the Technology Works

Original Orientation Binarized Thinned Minutiae Minutia Graph Template

Vectors: V 1 .....V

n one way

Identification / Verification

Identification (One-to-Many) Fingerprint search that compares the minutiae from a candidate fingerprint image against the fingerprint minutiae database to determine whether or not the candidate exists in the database.

Verification (One-to-One) Fingerprint search that compares the minutiae from an individual's live fingerprint image against fingerprint minutiae stored on a card or in a specific database record to determine whether or not the individual is who he or she claims to be.

F , A B C D E F A B C D E F

Smart Card - Logical Structure

I/O CLK RST V CC GND NPU CPU RAM EEPROM ROM NPU : numerical processing unit (cryptographic co-processor)

,

Smart Card - File Structure

Access with PIN Container for data (cryptographic key) or “programs”

Problem & Solution

~ O N ~ Smart Card Microprocessor Sensor

I/O

Problem & Solution

NPU CPU RAM EEPROM ROM “VP-Channel” Readout Cryptography Com.

• • • • • •

Conclusion

Protection of the users “private keys” is very important PKI solutions store keys in a PSE (Personal Security Environment) or on smart card Access control is traditionally done by password or PIN Biometrics can replace password and PIN Access to the private keys can be controlled by a biometric characteristic Non-transferability of biometric characteristics is important for Electronic Signature

• • •

There is no “real” smart card with fingerprint sensor “on board” There is no “real matching” on a smart card, existing CPU for smart card have not sufficient computing power (~20 mips needed) The existing recognition algorithms are not faulty tolerant enough f ( ) = 010......0100101