生物演示攻击
来源:互联网 发布:h5 刮刮卡 源码 编辑:程序博客网 时间:2024/05/16 05:01
Biometric Spoofing' is defined as 'process of defeating Biometric System with fake Biometric sample'. Yes, inquisitive topic for discussion; but - Spoofing is always serious concern worldwide. Biometric Technology is believed as right fit solution to address security challenges including Spoofing attacks. But, in reality - not all Biometrics would stand fool-proof against advanced Spoofing attacks.
My Post covers readings from my studies and experiments conducted in India, China & UK on Biometrics and latest Market trends. Idea is to highlight deficiencies & vulnerabilities of Biometrics and share tips & techniques for better preparedness for Spoofing.
Biometric Technologies
Some of Biometric Technologies widely used globally:
- Fingerprint
- Iris
- Face
- Voice
- Vein
Though there are many other Biometric technologies in research, technologies with lesser market share currently are not taken into consideration for this post.
Market Trends
Global Biometrics Market is projected to reach $21.9 billion by 2020 (Source: 6WResearch); $23 billion (Source: Transparency Market Research)
In Global Biometrics market, Fingerprint Biometrics has contributed for majority of the market revenues till date
Ease of use and low cost of fingerprint based biometrics devices have resulted for their dominance in last 5 years
Going forward, Fingerprint biometrics is expected to face tough fight from other biometrics like Iris, Face, Voice etc., technologies and lose market share
Focus will be more on higher reliability and accuracy of Biometric Solution design with the advent of Biometric Payments
IRIS, Face and Vein are growing rapidly due to lower FAR and FRR as compared to Fingerprint Biometrics Technology
Multimodal Biometrics systems is expected to grow rapidly in next 5 years
- User acceptance of Fingerprint & Face Biometrics is more, where as Vein and Iris are more accurate
Facts
- Most of the Fingerprint Scanners are prone to hacking
- Researchers identified over 300 materials (but not limited to) like Silicon Gel, Rubber etc., to create Fingerprint Spoof as shown above
- Iris - Fake Eye Images, Contact Lens etc., enable hackers to fake Iris sample
- Face - Very easy to spoof, even just with Photograph. Our experiments proved that cracking 2D face is damn easy
- Voice - Mimicry, similar voice can spoof with little effort
Tips
Below tips help us to fight against Spoofing and give tough hassles to hackers:
- Liveness - 'Liveness Detection' of Biometric Sensor feature helps to guard against Spoofing. Algorithms can differentiate 'real' and 'fake' samples using living traits like Fingerprint temperature, pressure, moisture, eye pupil movement etc. Usually, classified as Hardware based technique
- Multimodal Biometrics - Researches reveal that Biometric Solutions with Six Biometric modals will throw tough challenge to hackers. For practical reasons, many modals may not be always possible due to economics and implementation hassles. But, we noticed that complexity & reliability increases with each additional Biometric modal inclusion to the System. So, another Hardware based technique, more you plan - more robust your System could be!
- 3D Biometrics - 2D Biometric modals are easier to crack; 3D makes Spoofing difficult due to complexity of algorithms to crack(like 3D Face). Categorized as Software based anti-spoofing technique
- Fool Proof Enrollment - Necessary care & precautions should be taken during Enrollment process to avoid Fake/faulty samples
- Server/Database Security - Like above, sound security strategy is inevitable at Server, Database and Network level to protect stored Biometric templates against hacking
- 3 Way Plan - For efficient anti-spoof mechanism, one should deploy Sensor level, Feature level and Score level anti-spoofing techniques at Sensor, Extractor and Matcher respectively
- 生物演示攻击
- XSS网站攻击演示
- 防sql攻击演示SQL攻击
- SQL注入攻击演示代码
- 缓冲区溢出漏洞攻击演示实验
- 【JDBC】SQL注入攻击演示与解决方法
- “缓冲区溢出攻击”原理分析及实例演示
- 针对SSL的中间人攻击演示和防范
- 针对SSL的中间人攻击演示和防范
- 演示XSS漏洞攻击 | 发帖如何提交javascript代码
- XSS跨站脚本攻击过程最简单演示
- XSS跨站脚本攻击过程最简单演示
- XSS跨站脚本攻击过程最简单演示
- 手机xPC交叉感染?360安全研究员演示“混血攻击”
- 基于MapX的导弹攻击沙盘演示系统代码
- XSS跨站脚本攻击过程最简单演示
- XSS跨站脚本攻击过程最简单演示
- XSS跨站脚本攻击过程最简单演示
- jquery 全选、反选、即点即改
- redis3.0.7源码阅读(一)源码文件
- Good Bye 2016D. New Year and Fireworks(dfs)
- Spring对象生命周期控制
- Mybatis入门例子(本文章转载自博主AndyChenzy,如需转载注明转载博主)
- 生物演示攻击
- 对CloseHandle用法的理解
- jdk1.8更新
- 在有GI软件的环境中,对单机db进行升级时遇到的问题
- rocketmq原理:name server ,broker, producer, consumer之间通信
- 设计模式——工厂模式
- redis3.0.7源码阅读(二)源码文件归类
- 不一样的S型方阵
- mongoDB数据库基本操作