Attacking Biometric Access Control Systems

Presented at DEF CON 13 (2005), July 30, 2005, 3 p.m. (50 minutes).

This talk explores how to attack biometric authentication systems, primarily physical access control systems. Previous literature on this topic has focused on attacking a biometric reader in the form of spoofing a biometric trait. This presentation goes a step further and provides a general methodology for attacking on complete biometric systems. The methodology can be applied to any biometric system and outlines how to find common weaknesses in these systems. Real world examples and case studies are included. The talk concludes by illustrating possible defense strategies. This talk is technical but no prior knowledge of biometrics or physical access control systems is needed to understand it, a brief overview of both is included. A knowledge of conventional penetration testing techniques would be helpful but is no required.

Presenters:

  • Zamboni - Researcher, Miskatonic Research Labs
    "The great Zamboni" has been in the security industry for over 6 years, most recently working at a Fortune 500 company. His work has covered many areas including penetration testing, assessing the security of systems and engineering computer security systems. Recently his job has focused on integrating physical and logical security systems. Outside of work Zamboni is a founding member of Miskatonic Research Labs, a non-profit security research group located in Northeastern Ohio. Some of his many interests include penetration testing techniques, wireless security, lock picking and the convergence of physical and computer security. He is also a core member of the Notacon planning committee.

Links:

Similar Presentations: