Last week an attack on iris recognition systems was described at the Black Hat conference. The attack made several assumptions : access to the registered template, access to highly granular similarity score from the matching subsystem, absence of managerial controls against multiple attempts and no liveness detection at the acquisition sensor. The attack described is a classic "hill climbing attack"; going through several iterations of generating a synthetic iris image, verifying it against the registered template and utilizing the similarity score to generate a new synthetic iris image that eventually will be close enough to the registered template.
Although the underlying idea employed by this attack is not new, it has brought attention to the need to design security controls around these attacks. The first one is to use liveness detection to ensure that a synthetic sample cannot be provided to the sensor. A hill climbing attack can only be successful if the synthetic sample is accepted by the sensor. Liveness detection techniques include measuruing biological features to ascertain that the source is live, as well as simple challenge response actions which only a live human can complete. Another technique to prevent hill climbing attacks is to provide a coarse response for the verification attempt. For example, the UID system implemented in India, which utilizes biometric technologies, only provides a "yes/no" response for each verification attempt.
From a practitioners standpoint these type of attacks can be mitigated using appropriate operational controls and providing only the amount of information necessary for the system to operate. Please feel free to leave your comments!
Although the underlying idea employed by this attack is not new, it has brought attention to the need to design security controls around these attacks. The first one is to use liveness detection to ensure that a synthetic sample cannot be provided to the sensor. A hill climbing attack can only be successful if the synthetic sample is accepted by the sensor. Liveness detection techniques include measuruing biological features to ascertain that the source is live, as well as simple challenge response actions which only a live human can complete. Another technique to prevent hill climbing attacks is to provide a coarse response for the verification attempt. For example, the UID system implemented in India, which utilizes biometric technologies, only provides a "yes/no" response for each verification attempt.
From a practitioners standpoint these type of attacks can be mitigated using appropriate operational controls and providing only the amount of information necessary for the system to operate. Please feel free to leave your comments!
No comments:
Post a Comment