Tesina Sobri
Upcoming SlideShare
Loading in...5
×
 

Tesina Sobri

on

  • 1,052 views

 

Statistics

Views

Total Views
1,052
Views on SlideShare
1,051
Embed Views
1

Actions

Likes
0
Downloads
13
Comments
0

1 Embed 1

http://www.slideee.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Tesina Sobri Tesina Sobri Presentation Transcript

    • REVERSE ENGINEERING AND MALWARE THREAT IN DISTRIBUTED BIOMETRIC SYSTEMS Proyecto fin de carrera Autor: Benxamín Porto Domínguez Tutores: Carmen García Mateo Claus Vielhauer
    • Contents
      • Introduction
      • Malware
      • Reverse Engineering
      • Conclusions
      • Question time
    • Introduction
      • Biometrics refers to the processing of biometrics signals in order to verify an user’s identity or identify within a group of possibilities
      • The most used biometric traits are based on: voice, face, fingerprint, signature, etc.
      INTRODUCTION
    • Objectives
      • Analysis of the possible vulnerabilities that can be found in distributed biometric systems due to Malware or Reverse Engineering attacks
      • Check the results shown by these attacks
      • Find alternative implementations that can counter these types of attacks or at least minimize them
      INTRODUCTION INTRODUCTION
    • The system
      • The system used is a prototype developed in Universidad de Vigo
      • It is called BioWebAuth
      • It is a distributed authentication system that uses biometrics to authenticate users on the internet
      • It is based on a Client-Server architecture
      INTRODUCTION INTRODUCTION
    • INTRODUCTION INTRODUCTION Sensor Feature Extraction Matcher Decision Template Database Client Server Internet
    • BioWebAuth INTRODUCTION INTRODUCTION
    • BioWebAuth (II) INTRODUCTION
    • Procedure
      • Not use of knowledge unavailable for the attacker
      • Use of diverse hacking tools to emulate Malware
      • Seek for the reverse engineering processes of the biometric modalities
      • Use of the reversed samples to test the system
      INTRODUCTION
    • Malware
    • Malware
      • Set of instructions that run in one computer and make that system do something that an attacker wants it to do
      • It can be found in any platform and in any computer language
      • Growing problem in today’s Internet security
      MALWARE
    • Methodology
      • Study the different types of existent Malware
      • Find possible techniques against distributed biometric systems
      • Create a threat level list reagarding the sucess possibilities of the different types of Malware
      MALWARE
    • Malware Types
      • Malicious mobile code
      • Virus
      • Worms
      • Trojan Horses
      • Backdoors
      • User and Kernel level RootKits
      • Combo Malware
      MALWARE
    • Malware level threat
      • Malicious mobile code: low
      • Virus: low
      • Worms: medium
      • Trojan Horses: medium
      • Backdoors: high
      • User and Kernel RootKits: very High
      • Combo Malware: the highest
      MALWARE + level threat |
    • Techniques
      • Keylogger:
      • Password recovery:
      MALWARE
    • Techniques (II) MALWARE
    • Techniques (III)
      • Vulnerabilities scanning
      MALWARE
    • Techniques (IV)
      • Cookie stealing
      MALWARE
    • Reverse Engineering
    • Reserve Engineering
      • Process of analyzing a subject system to identify the system's components and their interrelationships and create representations of the system in another form or a higher level of abstraction
      • Used for reconstruction of an input sample
      • Grey box model is chosen in this work
      REVERSE ENGINEERING
    • REVERSE ENGINEERING Sensor Feature Extraction Matcher Decision Template Database Client Server Internet Reverse Engineering
    • Methodology
      • Study of the data distribution of templates
      • Find information about the algorithms
      • Create a reverse algorithm through the inversion of Gabor Jets
      • Bypass the system with the use of these samples
      REVERSE ENGINEERING
    • Data Distribution Study REVERSE ENGINEERING
    • Reverse Algorithm Creation REVERSE ENGINEERING
    • System Attack REVERSE ENGINEERING
    • Results
      • The system was bypassed in all the matchings between the spoofed image and the template where it came from
      • Correlated tests between different templates images of the same subject showed a 10% of success
      REVERSE ENGINEERING
    • Conclusions
    • Conclusions
      • Reverse engineering of the system is a serious threat due to the possibility of acquiring an user’s sample
      • Malware can give an attacker important information about the user
      • Malware can modify the input devices and thus invalidate the whole process
      • Biometric templates have to be stored using encryption techniques or, at least, methods for obscuring the identification of different patterns
      CONCLUSIONS
    • Conclusions (II)
      • System have to advise all the users against social engineering attacks
      • Use of liveness detection techniques is highly recommended, although they do not ensure full protection against Malware
      CONCLUSIONS
    • Question time Thanks for your time I hope you enjoyed