Spoof Detection and the Common Criteria



Similar documents
Fingerprint Spoof Detection Protection Profile

Common Criteria V3.1. Evaluation of IT products and IT systems

Protection Profile Digital Tachograph Vehicle Unit (VU PP) Version 1.0 BSI-CC-PP

Certification Report. NXP Secure Smart Card Controller P40C012/040/072 VD

Supporting Document Guidance. Security Architecture requirements (ADV_ARC) for smart cards and similar devices. April Version 2.

Conformance test specification for BSI-TR Biometrics for public sector applications

Biometrics for Public Sector Applications

Weak Spots in Enterprise Mobility Management Dennis Schröder

Biometrics for public sector applications

BSI - Federal Office for Information Security. Evaluation and Certification of IT Security Technology in Germany

Preventing fraud in epassports and eids

Securing VoIP Networks using graded Protection Levels

Best Practice Fingerprint Enrolment Standards European Visa Information System

National Plan for Information Infrastructure Protection

JTEMS A Community for the Evaluation and Certification of Payment Terminals

Security IC Platform Protection Profile

"LOOKING FOR A COMMON ATTACK METHODOLOGY FOCUSED ON FINGERPRINT AUTHENTICATION DEVICES

22 July, 2010 IT Security Center (ISEC) Information-technology Promotion Agency (IPA) Copyright 2010 Information-Technology Promotion Agency, Japan 1

Germany: Report on Developments in the Field of Information and Telecommunications in the Context of International Security (RES 69/28),

BSI-DSZ-CC-S for. Dream Chip Technologies GmbH Germany. Dream Chip Technologies GmbH

Technical information on the IT security certification of products, protection profiles and sites

DIVISION OF INFORMATION SECURITY (DIS) Information Security Policy IT Risk Strategy V0.1 April 21, 2014

Protection Profile for UK Dual-Interface Authentication Card

Details for the structure and content of the ETR for Site Certification. Version 1.0

BSI-DSZ-CC-S for. GLOBALFOUNDRIES Singapore Pte. Ltd. GLOBALFOUNDRIES Singapore Pte. Ltd.

COMMON CERTIFICATE POLICY FOR THE EXTENDED ACCESS CONTROL INFRASTRUCTURE FOR PASSPORTS AND TRAVEL DOCUMENTS ISSUED BY EU MEMBER STATES

Biometrics and Cyber Security

- Table of Contents -

Protection Profile for the Gateway of a Smart Metering System (Smart Meter Gateway PP)

fulfils all requirements of the SIG/TÜViT Evaluation Criteria

Biometrics for payments. The use of biometrics in banking

Protection Profile for the Security Module of a Smart Meter Gateway (Security Module PP)

fulfils all requirements for very high protection of the criteria catalogue The appendix is part of the certificate and consists of 4 pages.

Threat Modeling Smart Metering Gateways

A Structured Comparison of Security Standards

Intrusion Detection Systems

Spanish Certification Body. Challenges on Biometric Vulnerability Analysis on Fingerprint Devices. New. Technical Manager September 2008

Common Criteria for Information Technology Security Evaluation. Part 3: Security assurance components. September Version 3.

Guidelines for Developer Documentation

ETSI TS : Electronic Signatures and Infrastructures (ESI): Policy

How To Certify A Security Area Datacenter For A Trustworthy Site Infrastructure

Biometrics for public sector applications

Pentests more than just using the proper tools

Low Assurance Protection Profile for a VoIP Infrastructure

22 nd NISS Conference

Certification Report

fulfils all requirements defined in the technical specification The appendix to the certificate is part of the certificate and consists of 6 pages.

fufils all requirements for high protection of the criteria catalogue The appendix is part of the certificate and consists of 4 pages.

Smartcard IC Platform Protection Profile

Computer and Network Security

Modular biometric architecture with secunet biomiddle

V-ISA Reputation Mechanism, Enabling Precise Defense against New DDoS Attacks

BSI-PP for. Protection Profile Secure Signature-Creation Device Type 1, Version developed by

BSI-DSZ-CC for. NXP J3A081, J2A081 and J3A041 Secure Smart Card Controller Revision 3. from. NXP Semiconductors Germany GmbH

DIVISION OF INFORMATION SECURITY (DIS)

Denial of Service Attacks

Security Target. Astaro Security Gateway V8 Packet Filter Version Assurance Level EAL4+ Common Criteria v3.1

Joint Interpretation Library

8070.S000 Application Security

CERTIFICATION REPORT

BSI-DSZ-CC for. Digital Tachograph EFAS-4.0, Version 02. from. intellic GmbH

Security Target (ST)

Only a matter of power supply and air conditioning? Joachim Faulhaber TÜV Informationstechnik GmbH

BSI-DSZ-CC for

Common Criteria Evaluations for the Biometrics Industry

Security Target for PalmSecure

Certification Report

Embedded Java & Secure Element for high security in IoT systems

Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking

Common Criteria Protection Profile. electronic Health Card (ehc) elektronische Gesundheitskarte (egk) BSI-PP-0020-V MA01

Compliance in Clouds A cloud computing security perspective

Common Criteria Protection Profile

Pentests more than just using the proper tools

Lessons learnt in writing PP/ST. Wolfgang Killmann T-Systems

Low Assurance Protection Profile for a VPN gateway

MAKING SENSE OF SMART CARD SECURITY CERTIFICATIONS

Secure Embedded Systems eine Voraussetzung für Cyber Physical Systems und das Internet der Dinge

KEYSTROKE DYNAMIC BIOMETRIC AUTHENTICATION FOR WEB PORTALS

Shield Your Business - Combat Phishing Attacks. A Phishnix White Paper

Security and Compliance in Clouds: Challenges and Solutions

Certification Report

Safeguards Frameworks and Controls. Security Functions Parker, D. B. (1984). The Many Faces of Data Vulnerability. IEEE Spectrum, 21(5),

HOW SECURE ARE CURRENT MOBILE OPERATING SYSTEMS?

Software Product Lines

Cryptographic Modules, Security Level Enhanced. Endorsed by the Bundesamt für Sicherheit in der Informationstechnik

On Security Evaluation Testing

Certification Report. NXP J3E145_M64, J3E120_M65, J3E082_M65, J2E145_M64, J2E120_M65, and J2E082_M65 Secure Smart Card Controller Revision 3

System Specification. Author: CMU Team

A Study on the Secure Software Development Life Cycle for Common Criteria (CC) Certification

Transcription:

Spoof Detection and the Common Criteria Ralph Breithaupt (BSI) Nils Tekampe (TÜViT)

Content Today s situation The BSI projects LifeFinger I & II Spoofing The definition Spoof Detection in Common Criteria Protection Profiles Evaluation of Spoof Detection Systems Conclusions and Recommendations 3/26/10 Bundesamt für Sicherheit in der Informationstechnik & TÜV Informationstechnik GmbH Member of TÜV NORD Group 1

Today s Situation Biometric systems have developed markets that have highly sophisticated requirements for the security of the used systems The issue of spoofing biometric characteristics has been known and reported in literature for years but have not been exhaustively discussed Recent incidents (e.g. in Japan 2008 & 2009) brought this issue into the focus for a while However, in the meantime the situation is nearly as ignorant as before. All world is ignoring spoofs All world? Not all world. Some institutes consider this being one of the major challenges for biometrics today. Some developers of sensor devices for fingerprints have started to implement countermeasures against spoofed fingerprints 3/26/10 Bundesamt für Sicherheit in der Informationstechnik & TÜV Informationstechnik GmbH Member of TÜV NORD Group 2

Today s situation the task The trust in biometric systems depends on their reliability AND their level of security! There are many types of publicly known fakes and a huge number of possible variants! with li7le experience fakes are: made of cheap & easy obtainable materials relatively easy to produce able to deliver high quality fingerprints adaptable by additives like: magnetic powder, color.. The task for spoof detection is to distinguish between all existing human fingers and all possible spoofing materials! 3/26/10 Bundesamt für Sicherheit in der Informationstechnik & TÜV Informationstechnik GmbH Member of TÜV NORD Group 3

Life Finger II Goals & Result What is the minimal effort required to spoof a wide variety of current fingerprint scanners? BSI tested a variety of current scanners (spoof detecbon turned off): 5 opbcal scanners (4 FTR / 1x non FTR) 3 capacibve scanners 1 thermal scanner 2 electric field/rf scanners 1 ultra sonic scanner There are differences, but only 5 basic fake types had to be tested to find one that spoofed all scanning technologies 100%! 3/26/10 Bundesamt für Sicherheit in der Informationstechnik & TÜV Informationstechnik GmbH Member of TÜV NORD Group 4

Life Finger I - Goals What technical countermeasures are possible/available to detect finger fakes? Composition of a Fake-Tool-Box based on public knowledge and additional experience Performance evaluation of current scanners with spoof detection abilities (2008) Development of new spoof detection sensor technologies Development of a Common Criteria certification methodology of spoof detection technologies 3/26/10 Bundesamt für Sicherheit in der Informationstechnik & TÜV Informationstechnik GmbH Member of TÜV NORD Group 5

Life Finger I: Results A Fake-Tool-Box 25 different fake types and variations regularly updated The few existing scanners with spoof detection perform very differently but even the best can be spoofed by new fakes or simple variations of known materials 5 different spoof detection approaches have been developed and tested. (using pulsoxymetry, bioimpedance, ultra sonic (2 different types, near infrared spectroscopy) A CC 3.1 certification methodology of spoof detection technologies of fingerprint scanners has been developed along with 2 Protection Profiles for different assurance levels 3/26/10 Bundesamt für Sicherheit in der Informationstechnik & TÜV Informationstechnik GmbH Member of TÜV NORD Group 6

Motivation for CC-Certification: Basis for the comparison of spoof detection solutions Support for vendors of biometric devices to: reward their existing efforts in spoof detection development encourage further development in that area Setting a starting point for international standardization & cooperation in that area to make biometrics safer & more trustworthy A CC-certificate is a possibility to define & to demand a certain standard of reliability 3/26/10 Bundesamt für Sicherheit in der Informationstechnik & TÜV Informationstechnik GmbH Member of TÜV NORD Group 7

Spoofing: The definition Spoof attack: Attack on biometric systems trying to enrol, identify, or verify a subject using a non-genuine (spoofed) biometric characteristic thereby claiming an identity that is different from the subjects identity. According to this definition a manipulation or obfuscation of biometric characteristics focussing on disguise is not considered a spoof attack. 3/26/10 TÜV Informationstechnik GmbH Member of TÜV NORD Group 8

Spoof detection in Common Criteria (CC) As the CC are the de facto standard when it comes to the evaluation of IT-security it was one focus of LifeFinger I to develop the necessary guidance in order to apply these criteria to spoof detection systems CC certifications aim to make evaluation of IT security components comparable CC certifications are recognized by more than 25 countries. A Protection Profile (PP) serves as a kind of specification for the functionality that has to be provided by spoof detection systems and how it can be evaluated 3/26/10 TÜV Informationstechnik GmbH Member of TÜV NORD Group 9

Protection Profiles In the course of LifeFinger I two dedicated Protection Profiles (PPs) have been developed to address the specific characteristic of spoof detection devices The first PP bases on Organizational Security Policies and focuses on a pure functional test of the biometric spoof detection The second PP defines a dedicated level for vulnerability assessment in order to describe an entry level into the classical assurance packages Both PPs will be published on www.bsi.de soon 3/26/10 TÜV Informationstechnik GmbH Member of TÜV NORD Group 10

Protection Profiles based on Security Policies Introduces an explicit Security Functional Requirement to describe the functionality around spoof detection in terms of CC Defines an explicit assurance package based on EAL 2 for evaluation An evaluation according to this PP requires A Security Target A functional specification of the public interfaces of the spoof detection system A security architecture and a basic design documentation Guidance documentation A process for flaw remediation that addresses how new fakes can be handled Resistance against a well defined toolbox 3/26/10 TÜV Informationstechnik GmbH Member of TÜV NORD Group 11

Protection Profile based on explicit VAN The second PP follows the same concept as the first one with only little functional differences The PP also defines an explicit assurance package but augments the assurance aspects of the first PP by an explicit component for vulnerability analysis. This component AVA_VAN.E requires a vulnerability assessment but requires less resistance against attacker than the standard assurance component for EAL 2. In contrast to the PP that bases on policies only an evaluation according to this PP will include dedicated modifications and adoptions of fakes specifically for the product under evaluation In order to pass an evaluation according to this PP a product does not only have to recognize a certain set of fakes but all fakes falling into a certain class of effort 3/26/10 TÜV Informationstechnik GmbH Member of TÜV NORD Group 12

Methodology The methodology aims to supplement the existing criteria in Common Criteria and provide guidance to evaluators Beside some generic guidance the methodology provides A concept on testing Guidance on vulnerability analysis for spoof detection systems in form of classical vulnerabilities and guidance on rating of those vulnerabilities. Concrete requirements on test sizes and acceptable error rates have been developed within a dedicated document as they are expected to be highly dynamic 3/26/10 TÜV Informationstechnik GmbH Member of TÜV NORD Group 13

Conclusions & Recommendations: Finger fakes are a real risk in some application scenarios Every scanner we know of can be spoofed today Every new/enhanced spoof detection technology increases security BSI is working on 5 new detection methods and a proposal for a CC3.1 certification methodology Today: supervision where applicable More requests for spoof detection technologies Multimodal biometrics to increase level of security A CC-certificate is a possibility to define & to demand a certain standard of reliability that is also usable for tender The first evaluation of a spoof detection system is ongoing International standards and cooperation 3/26/10 Bundesamt für Sicherheit in der Informationstechnik & TÜV Informationstechnik GmbH Member of TÜV NORD Group 14

Thank you very much for your attention 3/26/10 TÜV Informationstechnik GmbH Member of TÜV NORD Group 15

Thank you very much for your attention! Nils Tekampe Information Security Ralph Breithaupt Langemarckstrasse 20 45141 Essen, Germany Phone: +49 201 8999 622 Fax: +49 201 8999 666 E-Mail: n.tekampe@tuvit.de URL: www.tuvit.net E-Mail: r.breithaupt@bsi.de 3/26/10 TÜV Informationstechnik GmbH Member of TÜV NORD Group 16

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information