CERT-In Advisory
CIAD-2016-0074
Securing Biometric Devices
Original Issue Date: December 09, 2016
Description
Biometrics implements a process used to identify or authenticate an individual's identity using a physical or behavioural characteristic. The goal is to provide access control at the logical and physical levels. The identification process compares a biometric, such as a fingerprint or iris scan that is presented to the system, against all template entries in a database for a match. This is referred to as a "one-to-many" search. Authentication on the other hand, is a process where a known person's live biometric is compared to a stored template of that person. For example, an individual's identity is revealed to the biometric system upon entering a PIN (Personal Identification Number). To authenticate that this is the person associated with this PIN, a live biometric is presented by the individual and compared to the template and a match is determined. This is known as a "one to one" search. It is more accurate than the "one to many" application and is the predominant biometric process in place today and the more privacy friendly of the two systems.
Threats to Biometric Implementations at Enterprise Level
Input Level Attacks
The primary input-level attacks, vulnerabilities at the point of sample acquisition and initial processing, are spoofing and bypassing. While spoofing is the most frequently cited input-level vulnerability, other input-level vulnerabilities may be just as problematic, such as "overloading." "Overloading" is an attempt to defeat or circumvent a system by damaging the input device or overwhelming it in the attempt to generate errors. This is also sometimes called a buffer overflow attack for other security mechanisms.
When biometric devices can no longer serve their intended function, fallback processes must be defined and enforced. A person who causes a biometric system to fail may be doing so knowing that, as a consequence, an unguarded door may be used as a temporary alternative means of entry. Security systems must account for the potential functional failure of biometric systems and devices by means of adequate backup measures.
Back-end Attacks
Attacking the template storage database is the most apparent type of back-end attack. The threat of unauthorized modification or replacement of stored templates can result in false accepts or false rejects depending on the motives of the attacker. If an attacker can find a way of injecting templates directly into the storage database then the attacker could introduce him/her into the system without following the appropriate enrollment procedures. The attacker could also hijack the identity of an authorized individual by replacing the original template with their own template, thereby still preserving privileges linked to the authorized individual. If a template is compromised, it could be reused in a replay attack.
These kinds of attacks can be prevented by using encryption and data integrity (hashing) methodologies. Applying common database security methodologies can also increase the level of difficulty for the attacker.
Enrollment Attacks
The practical use of biometrics for E-Authentication is binding to one's identity. Although the concept of an Identity Management System lies outside the scope of this document, from a biometric enrollment standpoint because of the essential binding requirement, the identity proofing process is a critical related function. Trust in this process of vetting a person's claimed identity, confidence in the validity of associated documents, and reliability in the authenticity of issued electronic credentials taken together provide the very underpinning of biometric based E- Authentication.
Examples of threats to identity proofing include:
- Use of forged documents to verify a claimed identity.
- Collusion with corrupt personnel having system access
- Electronic attacks to impersonate legitimate system users and therebygain electronic access to the ID application, proofing process and issuance system.
The following Countermeasures can be taken against these Identity Proofing threats:
- Enforced separation of roles and duties of those involved in theprocessing, approval and credential issuance process.
- Close inspection of documents for forgery or tampering and use of thirdparty substantiation; for example, use of written inquiries.
- Electronic system security protection - strong access controls, dataencryption, firewalls etc.
- Strong issuance controls which confirm the user at time of credentialissuance and which preclude manual modifications to personalization data
Security Best practices at Enterprise level
Sensor Reliability
It is very important that sensor technology be capable of working reliably under the broadest range of real world conditions. This is possible using sensors featuring multispectral imaging technology to ensure unique fingerprint characteristics can be extracted from both the surface and subsurface of the skin. Also important is liveness detection capabilities to prevent spoof attacks ¿ the use of fake fingerprints or "spoofs" to impersonate a legitimate user and gain unauthorized access.
Data Security
Beyond the encryption of the data itself, there are now many good alternatives available for building highly secure and well protected systems, including the use of multi-factor and even multi-modal authentication to maintain security even if some identifying data is compromised.
Tamper Protection and Trusted Connections
The biometric used to authenticate the user for each transaction must interoperate with trusted devices at each point of verification. The solution must create a device-independent, trusted physical identity verification process. Additionally, the physical devices themselves must be tamper resistant to ensure that all transaction integrity is preserved.
Implementation Policies
Effective authentication solution deployments are supported by appropriate business policies. Well-designed systems can significantly reduce risks and vulnerabilities. However the best system deployments are those that employ effective business policies to control or otherwise ensure the proper use of these systems. Enrollment policy, number of allowed attempts before lockout and basic exception handling are good examples of workflow considerations that will significantly impact security, convenience, and the anticipated return on investment.
Privacy Protection
Encryption and tamper resistant devices prevent the interception of private biometric, biographic, and transactional data. A biometrics solution combined with cryptography and digital signature technology can make a very strong solution and provide effective countermeasures against attack and privacy invasion.
References
UIDAI
https://uidai.gov.in/beta/authentication/authentication/biometric-devices.html
https://uidai.gov.in/UID_PDF/Committees/Biometrics_Standards_Committee_report.pdf
Defence Science Journal, DRDO
http://publications.drdo.gov.in/ojs/index.php/dsj/article/download/10800/5719
International Journal of Information & Computation Technology
http://www.ripublication.com/irph/ijict_spl/ijictv4n10spl_01.pdf
Security Magazine
http://www.securitymagazine.com/
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Email: info@cert-in.org.in Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India
|