Low-Cost and Efficient Hardware Solution for Presentation Attack Detection in Fingerprint Biometrics Using Special Lighting Microscopes

Biometric recognition is already a big player in how we interact with our phones and access control systems. This is a result of its comfort of use, speed, and security. For the case of border control, it eases the task of person identification and black-list checking. Although the performance rates for verification and identification have dropped in the last decades, protection against vulnerabilities is still under heavy development. This paper will focus on the detection of presentation attacks in fingerprint biometrics, i.e., attacks that are performed at the sensor level, and from a hardware perspective. Most research on presentation attacks has been carried out on software techniques due to its lower price as, in general, hardware solutions require additional subsystems. For this paper, two low-cost handheld microscopes with special lighting conditions were used to capture real and fake fingerprints, obtaining a total of 7704 images from 17 subjects. After several analyses of wavelengths and classification, it was concluded that only one of the wavelengths is already enough to obtain a very low error rate compared with other solutions: an attack presentation classification error rate of 1.78% and a bona fide presentation classification error rate (BPCER) of 1.33%, even including non-conformant fingerprints in the database. On a specific wavelength, a BPCER of 0% was achieved (having 1926 samples). Thus, the solution can be low cost and efficient. The evaluation and reporting were done following ISO/IEC 30107-3

Evaluation of presentation attack detection under the context of common criteria

Mención Internacional en el título de doctorTHE USE OF Biometrics keeps growing. Every day, we use biometric recognition to unlock our phones or to have access to places such as the gym or the office, so we rely on what security manufacturers offer when protecting our privileges and private life. Moreover, an error in a biometric system can mean that a person can have access to an unintended property, critical infrastructure or cross a border. Thus, there is a growing interest on ensuring that biometric systems work correctly on two fronts: our personal information (smartphones, personal computers) and national security (borders, critical infrastructures). Given that nowadays we store increasing sensitive data on our mobile devices (documents, photos, bank accounts, etc.), it is crucial to know how secure the protection of the phone really is. Most new smartphones include an embedded fingerprint sensor due to its improved comfort, speed and, as manufacturers claim, security. In the last decades, many studies and tests have shown that it is possible to steal a person’s fingerprint and reproduce it, with the intention of impersonating them. This has become a bigger problem as the adoption of fingerprint sensor cell phones have become mainstream. For the case of border control and critical infrastructures, biometric recognition eases the task of person identification and black-list checking. Although the performance rates for verification and identification have dropped in the last decades, protection against vulnerabilities is still under heavy development. There have been cases in the past where fake fingers have been used to surpass the security of such entities. The first necessary step for overcoming these issues is to have a common ground for performing security evaluations. This way, different systems’ abilities to detect and reject fake fingerprints can be measured and compared against each other. This is achieved by standardization and the corresponding certification of biometric systems. The new software and hardware presentation attack detection techniques shall undergo tests that follow such standards. The aim of this Thesis is two-fold: evaluating commercial fingerprint biometric systems against presentation attacks (fake fingers) and developing a new presentation attack detection method for overcoming these attacks. Moreover, through this process, several contributions were proposed and accepted in international ISO standards. On the first matter, a few questions are meant to be answered: it is well known that it is possible to hack a smartphone using fake fingers made of Play-Doh and other easy-to-obtain materials but, to what extent? Is this true for all users or only for specialists with deep knowledge on Biometrics? Does it matter who the person doing the attack is, or are all attackers the same when they have the same base knowledge? Are smartphone fingerprint sensors as reliable as desktop sensors? What is the easiest way of stealing a fingerprint from someone? To answer these, five experiments were performed on several desktop and smartphone fingerprint readers, including many different attackers and fingerprint readers. As a general result, all smartphone capture devices could be successfully hacked by inexperienced people with no background in Biometrics. All of the evaluations followed the pertinent standards, ISO/IEC 30107 Parts 3 and 4 and Common Criteria and an analysis of the attack potential was carried out. Moreover, the knowledge gathered during this process served to make methodological contributions to the above-mentioned standards. Once some expertise had been gathered on attacking fingerprint sensors, it was decided to develop a new method to detect fake fingerprints. The aim was to find a low-cost and efficient system to solve this issue. As a result, a new optical system was used to capture fingerprints and classify them into real or fake samples. The system was tested by performing an evaluation using 5 different fake finger materials, obtaining much lower error rates than those reported in the state of the art at the moment this Thesis was written. The contributions of this Thesis include: • • Improvements on the presentation attack detection evaluation methodology. • • Contributions to ISO/IEC 30107 - Biometric presentation attack detection - Part 3: Testing and reporting and Part 4: Profile for evaluation of mobile devices. • • Presentation attack detection evaluations on commercial desktop and smartphone fingerprint sensors following ISO/IEC 30107-3 and 4. • • A new low-cost and efficient optical presentation attack detection mechanism and an evaluation on the said system.EL USO DE la Biometría está en constante crecimiento. Cada día, utilizamos reconocimiento biométrico para desbloquear nuestros teléfonos o para tener acceso a lugares como el gimnasio o la oficina, por lo que confiamos en lo que los fabricantes ofrecen para proteger nuestros privilegios y nuestra vida privada. Además, un error en un sistema biométrico puede significar que una persona pueda tener acceso a una propiedad no debida, a una infraestructura crítica o a cruzar una frontera. Por lo tanto, existe un interés creciente en asegurar que los sistemas biométricos funcionen correctamente en dos frentes: nuestra información personal (teléfonos inteligentes, ordenadores personales) y la seguridad nacional (fronteras, infraestructuras críticas). Dado que hoy en día almacenamos cada vez más datos sensibles en nuestros dispositivos móviles (documentos, fotos, cuentas bancarias, etc.), es crucial saber cómo de segura es realmente la protección del teléfono. La mayoría de los nuevos teléfonos inteligentes incluyen un sensor de huellas dactilares integrado debido a su mayor comodidad, velocidad y, como afirman los fabricantes, seguridad. En las últimas décadas, muchos estudios y pruebas han demostrado que es posible robar la huella dactilar de una persona y reproducirla, con la intención de hacerse pasar por ella. Esto se ha convertido en un problema mayor a medida que la adopción de los teléfonos celulares con sensor de huellas dactilares se ha ido generalizando. En el caso del control fronterizo y de las infraestructuras críticas, el reconocimiento biométrico facilita la tarea de identificación de las personas y la comprobación de listas negras. Aunque las tasas de rendimiento en materia de verificación e identificación han disminuido en las últimas décadas, la protección antifraude todavía está bajo intenso desarrollo. Existen casos en los que se han utilizado dedos falsos para vulnerar la seguridad de dichas entidades. El primer paso necesario para superar estos problemas es contar con una base común desde la que realizar evaluaciones de seguridad. De esta manera, se pueden medir y comparar las capacidades de los diferentes sistemas para detectar y rechazar huellas dactilares falsas. Esto se consigue mediante la estandarización y la correspondiente certificación de los sistemas biométricos. Las nuevas técnicas de detección de ataques de presentación de software y hardware deben someterse a pruebas que se ajusten a dichas normas. Esta Tesis tiene dos objetivos: evaluar los sistemas biométricos de huellas dactilares comerciales contra ataques de presentación (dedos falsos) y desarrollar un nuevo método de detección de ataques de presentación para disminuir la eficacia de estos ataques. Además, a través de este proceso, se propusieron y aceptaron varias contribuciones en las normas internacionales ISO. Sobre el primer asunto, hay que responder algunas preguntas: es bien sabido que es posible hackear un teléfono inteligente con dedos falsos hechos de Play-Doh y otros materiales fáciles de obtener, pero ¿hasta qué punto? ¿Es esto cierto para todos los usuarios o sólo para los especialistas con un profundo conocimiento de la Biometría? ¿Importa quién es la persona que realiza el ataque, o todos los atacantes son iguales cuando parte de la misma base de conocimiento? ¿Son los sensores de huellas dactilares de los teléfonos inteligentes tan fiables como los de sobremesa? ¿Cuál es la manera más fácil de robar una huella digital a alguien? Para responder estas preguntas, se realizaron cinco experimentos en varios lectores de huellas dactilares de escritorio y de teléfonos inteligentes, incluyendo muchos atacantes y lectores de huellas dactilares diferentes. Como resultado general, todos los dispositivos de captura pudieron ser hackeados con éxito por personas sin experiencia en Biometría. Todas las evaluaciones siguieron las normas pertinentes, ISO/IEC 30107 Partes 3 y 4 y Common Criteria y se llevó a cabo un análisis del potencial de ataque. Además, los conocimientos adquiridos durante este proceso sirvieron para aportar una contribución metodológica a las normas mencionadas. Una vez adquiridos algunos conocimientos sobre ataques a sensores de huellas dactilares, se decidió desarrollar un nuevo método para detectar huellas falsas. El objetivo era encontrar un sistema de bajo coste y eficiente para resolver este problema. Como resultado, se utilizó un nuevo sistema óptico para capturar las huellas dactilares y clasificarlas en muestras reales o falsas. El sistema se probó mediante la realización de una evaluación utilizando 5 materiales de dedos falsos diferentes, obteniendo tasas de error mucho más bajas que las reportadas en el estado del arte en el momento de redactar esta Tesis. Las contribuciones de esta Tesis incluyen: • • Mejoras en la metodología de evaluación de detección de ataques de presentación. • • Contribuciones a “ISO/IEC 30107 - Biometric presentation attack detection - Part 3: Testing and reporting” y “Part 4: Profile for evaluation of mobile devices”. • • Evaluaciones de detección de ataques de presentación en sensores de huellas dactilares comerciales de escritorio y de teléfonos inteligentes siguiendo la norma ISO/IEC 30107-3 y 4. • • Un nuevo y eficiente mecanismo óptico de detección de ataques de presentación, de bajo coste, y una evaluación de dicho sistema.Programa de Doctorado en Ingeniería Eléctrica, Electrónica y Automática por la Universidad Carlos III de MadridPresidente: Enrique Cabello Pardos.- Secretario: Almudena Lindoso Muñoz.- Vocal: Patrizio Campis

Educação ambiental baseada no lugar com realidade aumentada : métodos e diretrizes para a transposição didática no desenvolvimento e uso de aplicativos

Tese (doutorado)—Universidade de Brasília, Faculdade de Educação, Programa de Pós-Graduação em Educação, 2019.Os sistemas de realidade aumentada (RA) permitem a apresentação conjunta de elementos tridimensionais reais e virtuais em tempo real. Com o aumento da capacidade dos dispositivos de rastreamento, processamento e apresentação de imagens, verificado nos últimos anos, esta tecnologia vive agora seu pico de expectativas, apontando novos caminhos para o ensino. De particular relevância é sua utilização para representar fenômenos abstratos ou de difícil visualização in loco, o que inclui aqueles multideterminados e de grande amplitude, como é o caso dos fatores ecológicos trabalhados em educação ambiental. Quando os indivíduos não são capazes de identificar e situar os determinantes da qualidade ambiental no contexto em que vivem, têm limitado seu poder de atuação para conservação e exigência de melhorias frente à sua comunidade e o poder público. Essa necessidade tem se tornado relevante com relação à questão hídrica no Distrito Federal tanto no que se refere à disponibilidade de água para consumo, como no que tange à conservação de um meio ambiente ecologicamente equilibrado, bem de uso comum do povo, cuja defesa está prevista na constituição. Dois casos nos quais nos debruçamos no presente estudo são: o da região em torno do Ribeirão Sobradinho, que tem sofrido com racionamentos nas escolas e residências; e o do pirá-brasília (Simpsonichthys boitonei), espécie de peixe endêmica ao Distrito Federal e que atualmente consta na lista de espécies ameaçadas de extinção. O objetivo do presente trabalho foi desenvolver dois aplicativos em RA para o ensino de educação ambiental com sistemas de RA, baseados nas problemáticas do Ribeirão Sobradinho e do pirá-brasília, e investigar os requisitos necessários à transposição didática para fomentar a educação ambiental baseada no lugar (EBL). Nossa tese é que essa transposição didática depende de métodos de desenvolvimento dialógicos entre desenvolvedor, comunidade, professores e estudantes. Iniciamos o trabalho realizando uma revisão conceitual do termo virtual, conforme proposto por Pierre Lévy, situando na discussão a RA. Em seguida, realizamos uma revisão sistemática da literatura sobre a utilização da RA no ensino de ciências. Analisamos então o processo de desenvolvimento dos aplicativos. Nossa revisão conceitual reposicionou a virtualização como um processo progressivo, nunca regressivo e concluiu pela rejeição da separação entre virtual e possível quanto à subjetividade humana e os sistemas informáticos. A revisão sistemática da literatura revelou a RA como ferramenta eficaz na promoção da interação e engajamento, mas encontrou lacunas quanto à fundamentação de diretrizes para o desenvolvimento de aplicações para a educação baseada no lugar. A análise do processo de desenvolvimento e implementação dos aplicativos supramencionados permitiu avaliar os métodos de desenvolvimento utilizados e estabelecer diretrizes adequadas aos objetivos da educação baseada no lugar com uso de RA para professores e desenvolvedores. Concluímos pela necessidade de inclusão dos estudantes no processo de desenvolvimento para que o saber ensinado mantenha estreita relação com o saber a ensinar.Coordenação de Aperfeiçoamento de Pessoal de Nível Superior (CAPES).Systems of augmented reality (AR) allow us to present real and virtual tridimensional elements together. With the increased capacity of tracking, processing and imaging devices seen in recent years, this technology now lives up to its peak of expectations, pointing out new avenues for teaching. Of particular relevance is its use to represent abstract phenomena or difficult in situ visualization, which includes those multidetermined and on large scale, as is the case for the ecological factors in environmental education. When individuals cannot identify and situate the determinants of environmental quality in the context in which they live, they have limited power of action for conservation. Their ability to demand the government for improvements in their community is also diminished. This need has become relevant with respect to the water issue in Distrito Federal, both in terms of the availability of water for consumption, and in relation to the conservation of an ecologically balanced environment, a common good guaranteed by the constitution. Two cases that we address in the present study are those of: the Ribeirão Sobradinho region, which have suffered from water rationing in schools and residences; and the pirá-brasília (Simpsonichthys boitonei), a species of fish endemic to the Federal District and currently on the list of endangered species. The objective of the present work was to develop two applications in AR for the teaching of environmental education with AR systems based on the problems of Ribeirão Sobradinho and pirá-brasília, and to investigate the requirements for didactic transposition to foster place-based environmental education (EBL). Our thesis is that this kind of didactic transposition depends on dialogical methods of development including developer, community, teachers and students. We start the work performing a conceptual review of the term virtual, as proposed by Pierre Lévy, placing AR in the discussion. We then carry out a systematic review of the literature on the use of AR in science education. Next, we look at the application development process. Our conceptual review repositioned virtualization as a progressive process, never regressive, and concluded that the separation of virtual and possible concerning human subjectivity and computer systems should be rejected. The systematic review of the literature has revealed AR as an effective tool in promoting interaction and engagement, but has found gaps in the foundation of guidelines for the development of applications for place-based education. The analysis of the development and implementation processes of the above-mentioned applications allowed us to evaluate the development methods used and to establish guidelines appropriate to the objectives of the place-based education with the use of AR for teachers and developers. We conclude that it is necessary to include the students in the development process so that the knowledge taught has a close relationship with the knowledge to be taught