当前位置:首页 > 报告详情

Kévin Carta(Louis Reynaud 内阁):注入攻击:远程身份验证面临的主要威胁.pdf

上传人: 芦苇 编号:651664 2025-05-01 19页 783.41KB

1、Cabinet of expertise covering technologies,standards and European policiesTechnology Evaluation Laboratory expert inDigital Identities,Biometrics,Mobile Security,Data Protection and Cyber SecurityWe are member of following associations:Injection attack:a major threat against remote identity verifica

2、tionIFPC 2025,01/04/2025Quick presentation Director of CLR Labs which provides evaluationservices for biometrics(both PAD and IAD),mobile application security,physical accesscontrol and cyber security.PhD on the subject of injection attacks(PhD defense in October 2024)at Ecole des Mines de Saint-Eti

3、enne(France)Editor of the CEN/TS 18099 and the future ISO/IEC 25456Kvin CartaThe standards scopeData captureSignal processingMatchingDecisionApplication DeviceData storage132489567PresentationAttackBiometricData InjectionAttackOverideSignal ProcessorModifyProbeOverrideComparatorModifyScoreOverrideDe

4、cisionOverride orModify DatabaseModifyBiometricReferenceCEN/TS 18099 and ISO/IEC 25456scopesISO/IEC 30107scopeWhat are biometric data injection attacks?Remote identity proofing(RIDP)Different types of fraudsBiometricsID documentPhysicalMaskPhoto printedScreenFake ID documentPrinted on paperAltered I

5、D documentDigitalSelfieReplay attackMorphingDeepfakeReplay attackVideo overlayAugmented reality overlayProblem of digital attacks(as an attacker)How to present a digital attack to the system:With a screen?Ideal:Send the digital attack through a“fictitious”video stream.No or little loss of image qual

6、ity compared to the source media.Bypassing screen detection:liveness detection is purely at the biometric level.Today:State-of-the-art liveness detection systems easily detect the presentation of screensSolution:Injection attacks.UserVerifierIAI(digital)Video injectionIAMApplication or systemVideo c

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
本文主要介绍了生物识别数据注入攻击及其对远程身份验证的影响。作者指出,随着远程生物识别技术的应用,特别是在远程身份验证服务中,数据注入攻击成为一种新兴威胁。例如,2024年注入攻击增加了783%(iProov),2023年增加了200%(Gartner)。为应对这一威胁,法国ANSSI推出了P.V.I.D.认证方案,而欧盟也即将推出EUDI钱包。文章强调了制定生物识别数据注入攻击标准的重要性,以协调不同项目,并确保系统安全性。CEN/TS 18099标准提供了测试方法,包括识别和利用阶段,以及攻击评级方法。此外,作者还发表了几篇关于数据注入攻击的研究论文。
"如何应对生物识别数据注入攻击?" "生物识别数据注入攻击对远程身份验证有何影响?" "如何确保远程身份验证系统的安全性?"
客服
商务合作
小程序
服务号
折叠