Session:Dr. Strangethumb or: How I Learned to Stop Worrying and Love Biometrics
|In this workshop, we'll discuss and learn how to use and abuse biometric authentication in our daily lives.
|hardware, art, hacking, security
|biometrics, spoofing, fingerprints, vein scanners, face recognition
|en - English
|Village:Hardware Hacking Area
[PLEASE CHECK BACK FOR TIMES AND LOCATIONS. CURRENT SCHEDULE TENTATIVE.]
Workshop objective: Empower attendees to make an informed decision about whether or how to use and abuse biometric authentication in their daily lives, by
- giving them some hands-on experience using spoofs to achieve reliable false positives
- investigating the privacy- and security benefits and drawbacks of biometric authentication over or in combination with other authentication methods
- discussing ways in which users can protect their privacy and device security without writing biometrics off as a total threat
What we'll do:
- Scan or photograph latent fingerprints and pre-process them to use as spoof-templates
- Mould wood glue fingerprints and tweak them for better success
- Bypass human face authentication with 'liveness check'
- First-steps work in progress: palm-vein spoofing, and overcoming 3D facial recognition with arts-and-crafts supplies
What we'll talk about:
- Where can we really draw the line between the three authentication factors (Something we KNOW, Something we ARE, What we HAVE)?
- In terms of privacy, security, usability, and even 'power', what do we lose or gain by using different biometrics to authenticate to our devices?
- What are best-practices for both users and non-users of biometric authentication?
- Should or can the spread of biometric authentication and identification be stopped?