Broken Fingers: A Deep Dive Into Open Source Fingerprint Authentication and its Security Issues
Biometric authentication provides distinguished advantages over other techniques such as password-based ones; Biometric information is always with and unique to an individual, and hardly forgeable. On …
Talk Title | Broken Fingers: A Deep Dive Into Open Source Fingerprint Authentication and its Security Issues |
Speakers | Seong-Joong Kim (Research Staff Member, National Security Research Institute) |
Conference | Open Source Summit + ELC North America |
Conf Tag | |
Location | San Diego, CA, USA |
Date | Aug 19-23, 2019 |
URL | Talk Page |
Slides | Talk Slides |
Video | |
Biometric authentication provides distinguished advantages over other techniques such as password-based ones; Biometric information is always with and unique to an individual, and hardly forgeable. One of the most classic biometric authentication is to use fingerprint, which is very popularly used these days in mobile banking or healthcare industry, for 2-factor authentication schemes. The benefits, however, come with an inherent risk: fingerprints cannot be changed once they are stolen.In this talk, Seong-Joong Kim will address security problems that reside in the most popular open source for supporting fingerprint readers. After auditing, he found several flaws in encryption and key derivation process of the project, which may lead to dreadful consequences: an attacker can extract individual fingerprint images between a fingerprint scanner and a host, or can steal original fingerprints from the fingerprint DB. He will demonstrate those attacks and discuss possible countermeasures.