February 26, 2020

221 words 2 mins read

Broken Fingers: A Deep Dive Into Open Source Fingerprint Authentication and its Security Issues

Broken Fingers: A Deep Dive Into Open Source Fingerprint Authentication and its Security Issues

Biometric authentication provides distinguished advantages over other techniques such as password-based ones; Biometric information is always with and unique to an individual, and hardly forgeable. On …

Talk Title Broken Fingers: A Deep Dive Into Open Source Fingerprint Authentication and its Security Issues
Speakers Seong-Joong Kim (Research Staff Member, National Security Research Institute)
Conference Open Source Summit + ELC North America
Conf Tag
Location San Diego, CA, USA
Date Aug 19-23, 2019
URL Talk Page
Slides Talk Slides
Video

Biometric authentication provides distinguished advantages over other techniques such as password-based ones; Biometric information is always with and unique to an individual, and hardly forgeable. One of the most classic biometric authentication is to use fingerprint, which is very popularly used these days in mobile banking or healthcare industry, for 2-factor authentication schemes. The benefits, however, come with an inherent risk: fingerprints cannot be changed once they are stolen.In this talk, Seong-Joong Kim will address security problems that reside in the most popular open source for supporting fingerprint readers. After auditing, he found several flaws in encryption and key derivation process of the project, which may lead to dreadful consequences: an attacker can extract individual fingerprint images between a fingerprint scanner and a host, or can steal original fingerprints from the fingerprint DB. He will demonstrate those attacks and discuss possible countermeasures.

comments powered by Disqus