Date post: | 15-Jul-2015 |
Category: |
Technology |
Upload: | bojan-simic |
View: | 85 times |
Download: | 1 times |
Cyber Vulnerabilities of
BiometricsBojan Simic
CTO @ Hypr Corp.
@bojansimic
hypr.com
What’s this talk about?
Current methods of proving
Am I who I say I am?
have failed miserably.
Our Authentication Failures
1. 123456
2. Password
3. 12345
4. 12345678
5. Qwerty
6. 123456789
7. 1234
8. baseball
9. dragon
10. football
11. 1234567
12. monkey
13. letmein
14. abc123
15. 111111
Top 15 Passwords of 2014
“2FA Systems Used by Banks Bypassed
with Malware, Rogue Mobile Apps”
Biometrics to the Rescue
Not so fast...
• Man in the Middle Attacks (MITM)
• Malware
• Biometric Storage (Digital Lockers)
• BYOD/Internet of Things
Biometrics the Wrong Way – Example 1
Malware Bypasses Client Side Verification
Biometrics the Wrong Way – Part 2
Man in the Middle Attacks – Biometric Storage
Do’s and Dont’s of Biometric Security
Do encrypt everything
Do device tracking
Do behavioral analysis
Do require 3-factor
security
Don’t do Client Side Verification
Don’t store biometric data in a
centralized repository
Don’t rely on passwords
Don’t do verification of template
data remotely
Do
Don’t
Free tools for your consideration
Fast Identity Online (FIDO) alliance
Read it
Learn it
Love it
Open Web Application Security Project (OWASP)
Read the top 10 – Especially authentication
Join and participate
Dozens of free tools and documentation
Join pilot programs for new biometric tech
FIDO Spec Biometric Registration Process
FIDO Spec Biometric Authentication Process