BioCryptography and Biometric Penetration Testing
In the world of security, there are many tools at the IT Staff’s disposal which can be used to fight Cybercrimes of all types and levels. Regarding Physical Access Entry, Smart Cards and FOB’s are available to help alleviate the probability of a Social Engineering attack. Regarding Logical Access Entry, Network Intrusion Devices, Firewalls, Routers, etc. are also all ready to be installed and used.
But, there is one problem with all of these tools above: To some degree or another, all of them can be hijacked, stolen, or even spoofed so that a real Cyber hacker can find their way into a corporation very quickly and easily. For instance, a Smart Card can be easily lost or stolen; or even malformed data packets can be sent to a router and tricking it that it is a legitimate employee trying to gain access.
But, there is one Security technology out there which, for the most part, cannot be spoofed or tricked. As a result, it can provide 100% proof positive of the identity of an end user. This technology is known as Biometrics.
An Overview into Biometrics
The science of Biometrics is all about confirming the identity of an individual based upon the unique physiological characteristics and/or behavioral mannerisms which he or she possesses. For example, this includes the following:
- The structure of the minutiae found in the fingerprint;
- The geometric shape of the hand;
- The grouping of blood vessels in the back of the eye which forms the retina;
- The different vector spacing and orientation of the microscopic features which are found in the iris;
- The physical distances between the prominent features of the face such as the chin, the eyes, the nose, and the lips;
- The inflections in the voice;
- The pattern of veins just underneath the palm;
- The rhythmic pattern when typing on a computer keyboard;
- The way in which a particular signature is signed.
In most instances, multiple images or recordings (such as in the case of the voice) need to be captured by the Biometric device. From here, one composite image is created, and the unique features are then extracted using the appropriate algorithms.
The Biometric Template
These unique features are then used to create what is known as the “Biometric Template.” This is nothing than a mathematical file which represents the composite image which was captured by the Biometric device. For instance, in the case of the fingerprint and the hand, a binary mathematical file is created. With the iris and the retina, complex Gabor Wavelet formulas are used. Regarding the face, Eigenvalues are used. With regards to typing on a computer keyboard or signing one’s name, statistical profiling is used, primarily those of Hidden Markov Models.
It should be noted that there are two types of Biometric Templates which are created. These are known as the “Enrollment Template” and the “Verification Template.” When a person first enrolls into a Biometric system, the Enrollment Template is created, and this is permanently stored in the database.
If an individual wishes to gain either Physical or Logical Access Entry, then he or she must present their unique features once again to the Biometric system. At this point, the Verification Template is then created. These two templates are then compared amongst one another, and if there is a close statistical correlation between the two, the individual is then granted access to what they are seeking.
Although the Biometric Template is deemed to be very difficult to reverse engineer (in other words, deconstructing the mathematical files to create the composite image), they still need to be further protected via the use of BioCryptography.
An Introduction to BioCryptography
BioCryptography is the science of scrambling a Biometric Template at the point of origination (also known as “Encryption”) and descrambling it at the point of destination (also known as “Decryption”). One of the main goals of BioCryptography is to ensure that the Biometric Template, while it is in transit, remains in an undecipherable format should it be covertly intercepted by a third party.
To scramble and descramble the Biometric Template, keys are used. The keys themselves are mathematical algorithms, known specifically as “Ciphers.” Obviously, the more complex the Cipher is, the more difficult it becomes to break.
Although there are many types of keys which can be used in BioCryptography, the two most commonly used ones are those of Symmetric Algorithms and Asymmetric Algorithms. These are detailed as follows:
With this, the same key is used to both encrypt and decrypt the Biometric Template. Although this offers great convenience, the security risks which are inherent in it are quite clear. For example, if this type of algorithm were to be intercepted by a malicious Cyber hacker, the key can be broken down very easily, and the data which resides in the Biometric Template can be tapped into very quickly.
Thus, the only way of keeping the key secure is to make sure that only the only sender and the receiver know about it. If any information about it is disclosed, the security of the key will then be 100% compromised.
With this, two keys are generated known as the “Public Key” and the “Private Key.” The former is used to encrypt the Biometric Template, and the latter is used to decrypt it. As a result, the security strength is much higher here versus the use of Symmetric Algorithms. This is so because the Private Key cannot be computed based on knowledge of the Public Key.
Also, another layer of security known as “Hashing Functions” are used here as well. They help to protect the actual integrity of the Biometric Template. For example, once the Biometric Template arrives at the destination point, the hashing function is included with it. If the values derived from it, have not changed from the point of origination, and while it was in transit, then one can be assured that the Biometric Template has remained intact, and has not been altered maliciously.
An Example of an Asymmetric BioCryptography Approach-The Public Key Infrastructure (PKI)
In BioCryptography, one of the most widely used forms of the Asymmetric approach is that of the Public Key Infrastructure, also known as the “PKI.” It typically consists of the following components, assuming that a Client-Server network topology is being deployed:
The Digital Certificates:
This is considered to be the PKI’s version of both the public key and the private key. These certificates are kept within the Biometric device itself, as well as the central server, which houses the database for storage of the Biometric Templates. Verification and/or Identification transactions are also processed at the server level.
The Biometric Devices/Central Servers:
This will typically be the Biometric device (such as a Fingerprint Recognition System, an Iris Recognition System, etc.). Ultimately, they will all be connected to the central server.
The Certificate Authority, also known as the “CA”:
Much more complex PKIs make use of what is known as the “CA.” This entity is often viewed as a trusted third party, from which the Digital Certificates are issued and verified. The CA can be looked upon as “unbiased third party”, and as a result, the structural integrity of the Digital Certificates is viewed with much more trust and confidence.
In our example, let us assume that we have a series of Fingerprint Recognition Systems and Iris Recognition Systems all networked together, and in turn, they are linked up to the central server. Once the end user has completed the Enrollment process at any one of these devices, the CA will encrypt the Enrollment Template with a Public based Digital Certificate. Once this template makes its way across the network medium and into the central server, it will then decrypt it with a Private based Digital Certificate, and subsequently, store that into the database.
If the same end user wishes to gain either Physical or Logical access to a specific resource, the Verification Template will also be encrypted with a Public based Digital Certificate, and decrypted at the central server with a Private based Digital Certificate. The two templates will then be compared with one another, and if they are deemed to be statistically close enough, the end user will gain access.
Penetration Testing on Biometric Technology
There are four areas at which Penetration Testing can occur, and they are as follows:
It is the mathematical algorithms which are the heart and soul of any Biometric device. After all, they extract the unique features from either the physiological or behavioral characteristics, and also create the Enrollment and the Verification Templates for subsequent comparison. Therefore, it is not only important to test their robustness, but also to ensure that they are as “hacker” proof as possible.
The Penetration Tests are normally conducted with a subset of the actual Enrollment Templates from the database and are processed in a repetitive fashion. Any security vulnerabilities found in these templates are then compared to known attack signatures which have been previously launched against other Biometric systems. This is done to ascertain the degree of severity of the vulnerabilities which have been discovered.
Penetration Testing is done here to discover any security vulnerabilities in the software applications which have been specifically designed for a particular Biometric system. The primary goal of the tests is quite simple: To discover any hidden trapdoors which may have been left behind either intentionally or non-intentionally.
There are many applications for Biometric Technology, and the major ones include those of Physical Access Entry, Logical Access Entry, and Time/Attendance. The goal of Penetration Testing in this category is to discover any security weaknesses of a Biometric system when it is deployed in a certain application environment. For example, Penetration Tests can be conducted in a Single Sign-On environment, to determine the effectiveness of either a Fingerprint Recognition System or an Iris Recognition System when they are used to help protect the login credentials of an employee.
The Penetration Tests conducted in this category are done on the actual hardware itself. For example, it is important to ascertain just how a Biometric device can be attacked, defeated, or even fail on its own accord. A vendor neutral entity which conducts such types of tests is known as the International Biometric Group. They carry out simulated Cyber hacks such as Spoof Attacks, Replay Attacks, Communication Attacks, and other related attempts to totally defeat a Biometric system or circumvent it.
In summary, this article has provided an overview as to what Biometric Technology is all about, and what the technical constructs of a Biometric Template are. An in-depth examination of BioCryptography was given, as well as examples of the types of Penetration Tests which can be conducted on a Biometric system.
As it was mentioned, since Biometric Templates are nothing but mathematical files, theoretically, they are difficult to reverse engineer. But just like anything else which exists in a networked environment, Biometric Templates are also prone to Cyber attacks, even when the principles of BioCryptography are applied.
Therefore, another means of protecting a Biometric Template at a much deeper level lies in the use of the Virtual Private Network, or “VPN”. In this scenario, not only will the Biometric Template be encrypted, but it will also be encased into another data packet. By also making use of the IPsec tunneling protocol, the Biometric Template will subsequently become invisible to the outside world.
Computer Networking: A Top Down Approach, Kurose, J.F. and Ross, K.W., 2008, Pearson Education.