Session:Dr. Strangethumb or: How I Learned to Stop Worrying and Love Biometrics

From Camp_2015_Wiki
Revision as of 16:03, 10 August 2015 by Ben (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Description In this workshop, we'll discuss and learn how to use and abuse biometric authentication in our daily lives.
Website(s)
Type Hands-On
Kids session No
Keyword(s) hardware, art, hacking, security
Tags biometrics, spoofing, fingerprints, vein scanners, face recognition
Person organizing User:Ben, User:Henryk
Language en - English
en - English
Other sessions... ... further results

Starts at 2015/08/15 14:30
Ends at 2015/08/15 15:30
Duration 60 minutes
Location Village:Hardware Hacking Area

[PLEASE CHECK BACK FOR TIMES AND LOCATIONS. CURRENT SCHEDULE TENTATIVE.]

Workshop objective: Empower attendees to make an informed decision about whether or how to use and abuse biometric authentication in their daily lives, by

  • giving them some hands-on experience using spoofs to achieve reliable false positives
  • investigating the privacy- and security benefits and drawbacks of biometric authentication over or in combination with other authentication methods
  • discussing ways in which users can protect their privacy and device security without writing biometrics off as a total threat

What we'll do:

  • Scan or photograph latent fingerprints and pre-process them to use as spoof-templates
  • Mould wood glue fingerprints and tweak them for better success
  • Bypass human face authentication with 'liveness check'
  • First-steps work in progress: palm-vein spoofing, and overcoming 3D facial recognition with arts-and-crafts supplies

What we'll talk about:

  • Where can we really draw the line between the three authentication factors (Something we KNOW, Something we ARE, What we HAVE)?
  • In terms of privacy, security, usability, and even 'power', what do we lose or gain by using different biometrics to authenticate to our devices?
  • What are best-practices for both users and non-users of biometric authentication?
  • Should or can the spread of biometric authentication and identification be stopped?