Session:Dr. Strangethumb or: How I Learned to Stop Worrying and Love Biometrics
| Description | In this workshop, we'll discuss and learn how to use and abuse biometric authentication in our daily lives. |
|---|---|
| Website(s) | |
| Type | Hands-On |
| Kids session | No |
| Keyword(s) | hardware, art, hacking, security |
| Tags | biometrics, spoofing, fingerprints, vein scanners, face recognition |
| Person organizing | User:Ben, User:Henryk |
| Language | en - English |
Other sessions...
| |
| Starts at | 2015/08/15 14:30 |
|---|---|
| Ends at | 2015/08/15 15:30 |
| Duration | 60 minutes |
| Location | Village:Hardware Hacking Area |
[PLEASE CHECK BACK FOR TIMES AND LOCATIONS. CURRENT SCHEDULE TENTATIVE.]
Workshop objective: Empower attendees to make an informed decision about whether or how to use and abuse biometric authentication in their daily lives, by
- giving them some hands-on experience using spoofs to achieve reliable false positives
- investigating the privacy- and security benefits and drawbacks of biometric authentication over or in combination with other authentication methods
- discussing ways in which users can protect their privacy and device security without writing biometrics off as a total threat
What we'll do:
- Scan or photograph latent fingerprints and pre-process them to use as spoof-templates
- Mould wood glue fingerprints and tweak them for better success
- Bypass human face authentication with 'liveness check'
- First-steps work in progress: palm-vein spoofing, and overcoming 3D facial recognition with arts-and-crafts supplies
What we'll talk about:
- Where can we really draw the line between the three authentication factors (Something we KNOW, Something we ARE, What we HAVE)?
- In terms of privacy, security, usability, and even 'power', what do we lose or gain by using different biometrics to authenticate to our devices?
- What are best-practices for both users and non-users of biometric authentication?
- Should or can the spread of biometric authentication and identification be stopped?
