1. The document analyzes vulnerabilities in distributed biometric authentication systems from malware and reverse engineering attacks. 2. It studies how different types of malware like viruses, worms, and trojan horses could exploit such systems and reverse engineers a biometric face authentication prototype system. 3. The results showed the prototype system could be bypassed using spoofed images reconstructed from reverse engineering the template data distribution and feature extraction algorithms.

1. REVERSE ENGINEERING AND MALWARE THREAT IN DISTRIBUTED BIOMETRIC SYSTEMS Proyecto fin de carrera Autor: Benxamín Porto Domínguez Tutores: Carmen García Mateo Claus Vielhauer

2. Contents Introduction Malware Reverse Engineering Conclusions Question time

3. Introduction Biometrics refers to the processing of biometrics signals in order to verify an user’s identity or identify within a group of possibilities The most used biometric traits are based on: voice, face, fingerprint, signature, etc. INTRODUCTION

4. Objectives Analysis of the possible vulnerabilities that can be found in distributed biometric systems due to Malware or Reverse Engineering attacks Check the results shown by these attacks Find alternative implementations that can counter these types of attacks or at least minimize them INTRODUCTION INTRODUCTION

5. The system The system used is a prototype developed in Universidad de Vigo It is called BioWebAuth It is a distributed authentication system that uses biometrics to authenticate users on the internet It is based on a Client-Server architecture INTRODUCTION INTRODUCTION

6. INTRODUCTION INTRODUCTION Sensor Feature Extraction Matcher Decision Template Database Client Server Internet

7. BioWebAuth INTRODUCTION INTRODUCTION

8. BioWebAuth (II) INTRODUCTION

9. Procedure Not use of knowledge unavailable for the attacker Use of diverse hacking tools to emulate Malware Seek for the reverse engineering processes of the biometric modalities Use of the reversed samples to test the system INTRODUCTION

10. Malware

11. Malware Set of instructions that run in one computer and make that system do something that an attacker wants it to do It can be found in any platform and in any computer language Growing problem in today’s Internet security MALWARE

12. Methodology Study the different types of existent Malware Find possible techniques against distributed biometric systems Create a threat level list reagarding the sucess possibilities of the different types of Malware MALWARE

13. Malware Types Malicious mobile code Virus Worms Trojan Horses Backdoors User and Kernel level RootKits Combo Malware MALWARE

14. Malware level threat Malicious mobile code: low Virus: low Worms: medium Trojan Horses: medium Backdoors: high User and Kernel RootKits: very High Combo Malware: the highest MALWARE + level threat |

15. Techniques Keylogger: Password recovery: MALWARE

16. Techniques (II) MALWARE

17. Techniques (III) Vulnerabilities scanning MALWARE

18. Techniques (IV) Cookie stealing MALWARE

19. Reverse Engineering

20. Reserve Engineering Process of analyzing a subject system to identify the system's components and their interrelationships and create representations of the system in another form or a higher level of abstraction Used for reconstruction of an input sample Grey box model is chosen in this work REVERSE ENGINEERING

21. REVERSE ENGINEERING Sensor Feature Extraction Matcher Decision Template Database Client Server Internet Reverse Engineering

22. Methodology Study of the data distribution of templates Find information about the algorithms Create a reverse algorithm through the inversion of Gabor Jets Bypass the system with the use of these samples REVERSE ENGINEERING

23. Data Distribution Study REVERSE ENGINEERING

24. Reverse Algorithm Creation REVERSE ENGINEERING

25. System Attack REVERSE ENGINEERING

26. Results The system was bypassed in all the matchings between the spoofed image and the template where it came from Correlated tests between different templates images of the same subject showed a 10% of success REVERSE ENGINEERING

27. Conclusions

28. Conclusions Reverse engineering of the system is a serious threat due to the possibility of acquiring an user’s sample Malware can give an attacker important information about the user Malware can modify the input devices and thus invalidate the whole process Biometric templates have to be stored using encryption techniques or, at least, methods for obscuring the identification of different patterns CONCLUSIONS

29. Conclusions (II) System have to advise all the users against social engineering attacks Use of liveness detection techniques is highly recommended, although they do not ensure full protection against Malware CONCLUSIONS

30. Question time Thanks for your time I hope you enjoyed