Exploitation of smart cards and human biometrics attributes RNDr. Luděk Smolík Martin Drahanský.

Exploitation of smart Exploitation of smart cards and human cards and human

biometrics attributesbiometrics attributes

RNDr. Luděk Smolík

Martin Drahanský

Smart CardA card-shaped portable data carrier that contains one or more integrated circuits for data storage and processing. A typical smart card chip includes a microprocessor or CPU, ROM (for storing operating instructions), RAM (for storing data during processing) and EPROM (or

EEPROM) memory for nonvolatile storage of information.

BiometricsThe automated technique of measuring a physical characteristic or personal trait of an individual and comparing that characteristic to a comprehensive

database for purposes of identification.

Biometrics

Physical Behavioural

Hand

Face

Finger Signature Keystroke

VoiceRetina

Iris

Usage of the Different Biometric Characteristics (1999)

Fingerprint Sensors

Optical sensor

Ultrasonic sensor

E-field sensor

Polymer TFT sensor (Thin Film Transistor)

Thermal sensor

Capacitive sensor

T

R

papillary lines

Ultrasonic method of acquiring fingerprint representation is based on sending acoustic signals towards the finger surface and detecting the echo.

Ultrasonic Transducer short pulse ~ 20 ns

Ultrasonic Receiver

0.3 - 0.9 mm

ridge

valey

= =

SW1 SW2+

VCC

VRef

Comparator

Counter0.......255CC

Finger surface CP

224

288

8-bit per pixel

Capacitive Sensor in CMOS Technology(infineon)

2550wat

er air

N

Fingerprint classes

Plain Arch Left Loop Right Loop

Tended Arch Whorl

Minutiae

Ridge Ending

Bifurcation

Island

Lake

Dot

Back

Bridge

Diagonal

X

Trifurcation

Hook

Break

DiversionDelta

Double Bifurcation

How the Technology Works

Original Orientation Binarized Thinned Minutiae Minutia Graph

Vectors:

V1.....Vn

Template

one way

Identification / Verification

Identification (One-to-Many)

Verification (One-to-One)

Fingerprint search that compares the minutiae from a candidate

fingerprint image against the fingerprint minutiae database to

determine whether or not the candidate exists in the database.

Fingerprint search that compares the minutiae from an individual's

live fingerprint image against fingerprint minutiae stored on a card

or in a specific database record to determine whether or not the

individual is who he or she claims to be.

ABCDEFF ,

ABCDEF

Smart Card - Logical Structure

NPU RAM

CPU EEPROM

ROM

I/OCLKRSTVCC

GND

NPU : numerical processing unit (cryptographic co-processor),

Smart Card - File Structure

Container for data (cryptographic key)or “programs”

Access with PIN

Problem & Solution

SensorSmart Card Microprocessor

Problem & Solution

NPU RAM

CPU EEPROM

ROM

I/O

Readout

Cryptography

Com.

“VP-Channel”

Conclusion• Protection of the users “private keys” is very important

• PKI solutions store keys in a PSE (Personal Security Environment) or on smart card

• Access control is traditionally done by password or PIN

• Biometrics can replace password and PIN

• Access to the private keys can be controlled by a biometric characteristic

• Non-transferability of biometric characteristics is important for Electronic Signature

• There is no “real” smart card with fingerprint sensor “on board”

• There is no “real matching” on a smart card, existing CPU for smart card have not sufficient computing power (~20 mips needed)

• The existing recognition algorithms are not faulty tolerant enough

f ( ) = 010......0100101