Your SlideShare is downloading. ×
Tesina Sobri
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Tesina Sobri

612
views

Published on

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
612
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
13
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. REVERSE ENGINEERING AND MALWARE THREAT IN DISTRIBUTED BIOMETRIC SYSTEMS Proyecto fin de carrera Autor: Benxamín Porto Domínguez Tutores: Carmen García Mateo Claus Vielhauer
  • 2. Contents
    • Introduction
    • Malware
    • Reverse Engineering
    • Conclusions
    • Question time
  • 3. Introduction
    • Biometrics refers to the processing of biometrics signals in order to verify an user’s identity or identify within a group of possibilities
    • The most used biometric traits are based on: voice, face, fingerprint, signature, etc.
    INTRODUCTION
  • 4. Objectives
    • Analysis of the possible vulnerabilities that can be found in distributed biometric systems due to Malware or Reverse Engineering attacks
    • Check the results shown by these attacks
    • Find alternative implementations that can counter these types of attacks or at least minimize them
    INTRODUCTION INTRODUCTION
  • 5. The system
    • The system used is a prototype developed in Universidad de Vigo
    • It is called BioWebAuth
    • It is a distributed authentication system that uses biometrics to authenticate users on the internet
    • It is based on a Client-Server architecture
    INTRODUCTION INTRODUCTION
  • 6. INTRODUCTION INTRODUCTION Sensor Feature Extraction Matcher Decision Template Database Client Server Internet
  • 7. BioWebAuth INTRODUCTION INTRODUCTION
  • 8. BioWebAuth (II) INTRODUCTION
  • 9. Procedure
    • Not use of knowledge unavailable for the attacker
    • Use of diverse hacking tools to emulate Malware
    • Seek for the reverse engineering processes of the biometric modalities
    • Use of the reversed samples to test the system
    INTRODUCTION
  • 10. Malware
  • 11. Malware
    • Set of instructions that run in one computer and make that system do something that an attacker wants it to do
    • It can be found in any platform and in any computer language
    • Growing problem in today’s Internet security
    MALWARE
  • 12. Methodology
    • Study the different types of existent Malware
    • Find possible techniques against distributed biometric systems
    • Create a threat level list reagarding the sucess possibilities of the different types of Malware
    MALWARE
  • 13. Malware Types
    • Malicious mobile code
    • Virus
    • Worms
    • Trojan Horses
    • Backdoors
    • User and Kernel level RootKits
    • Combo Malware
    MALWARE
  • 14. Malware level threat
    • Malicious mobile code: low
    • Virus: low
    • Worms: medium
    • Trojan Horses: medium
    • Backdoors: high
    • User and Kernel RootKits: very High
    • Combo Malware: the highest
    MALWARE + level threat |
  • 15. Techniques
    • Keylogger:
    • Password recovery:
    MALWARE
  • 16. Techniques (II) MALWARE
  • 17. Techniques (III)
    • Vulnerabilities scanning
    MALWARE
  • 18. Techniques (IV)
    • Cookie stealing
    MALWARE
  • 19. Reverse Engineering
  • 20. Reserve Engineering
    • Process of analyzing a subject system to identify the system's components and their interrelationships and create representations of the system in another form or a higher level of abstraction
    • Used for reconstruction of an input sample
    • Grey box model is chosen in this work
    REVERSE ENGINEERING
  • 21. REVERSE ENGINEERING Sensor Feature Extraction Matcher Decision Template Database Client Server Internet Reverse Engineering
  • 22. Methodology
    • Study of the data distribution of templates
    • Find information about the algorithms
    • Create a reverse algorithm through the inversion of Gabor Jets
    • Bypass the system with the use of these samples
    REVERSE ENGINEERING
  • 23. Data Distribution Study REVERSE ENGINEERING
  • 24. Reverse Algorithm Creation REVERSE ENGINEERING
  • 25. System Attack REVERSE ENGINEERING
  • 26. Results
    • The system was bypassed in all the matchings between the spoofed image and the template where it came from
    • Correlated tests between different templates images of the same subject showed a 10% of success
    REVERSE ENGINEERING
  • 27. Conclusions
  • 28. Conclusions
    • Reverse engineering of the system is a serious threat due to the possibility of acquiring an user’s sample
    • Malware can give an attacker important information about the user
    • Malware can modify the input devices and thus invalidate the whole process
    • Biometric templates have to be stored using encryption techniques or, at least, methods for obscuring the identification of different patterns
    CONCLUSIONS
  • 29. Conclusions (II)
    • System have to advise all the users against social engineering attacks
    • Use of liveness detection techniques is highly recommended, although they do not ensure full protection against Malware
    CONCLUSIONS
  • 30. Question time Thanks for your time I hope you enjoyed

×