Bestand wählen

Otti Csaba: Security in our hands (?)

Zitierlink des Filmsegments
Embed Code

Automatisierte Medienanalyse

Erkannte Entitäten
so it was introduced itself you presented with university and the even more on the back-end is gonna have to
school where we have an institute for Applied biometrics Institute will be primarily the deal with the by matrix and all security devices were going to the 35 them and do look at their reliability is this reservation would not be possible had our colleagues to see not helped us out of these 3 6 people 4 of us are on stage all the my friend in need is a wonderful have and the set of values and the logical which I myself and I have failed all you follow words about today's presentation and why we are here and for us how many times we have been here we have been at activity for 5 years now it seems sort of around numbered as the back what happened in the past 4 years and you may perhaps that to understand why you think this event is important what is our message to the world why are we doing we're doing every year we represent devices to do and there's 2 vulnerabilities because we think they might be of interest sometimes even the spectacular but what is the connection between the topics and again what is our message with all of its 1st of all we want to move the messages that systems are vulnerable and vulnerabilities are risks of an increased risk is constituted by the false sense of security that users may have when they trusted devices and technologies are not only by not only to thinking of firemen tracking devices and technologies but even a simple more what formal or a vehicle or whatever and devices or around you will fossils of during because we believe that those who designed it also implemented it manufactured and held the data as dear to their hearts as we do our data and what is the solutions are also part of the message we use the need to involve specialists to find the risks and then decrease that level of risk to an acceptable level and this is very much to the and it's easy to prove because the past few weeks uh have had events that to support these use that we have we have picked for all the scandals perhaps the most to lose a lot of scandals of the past month and we
that's checked is that the the security backgrounds of the and risks of these events and what our common through
beforehand more open and to more than we have if you have my side and at the beginning of the development of basic education the fact that we call it's not images of store from the biometric samples is that we store my new shapes that would like to share that all of them that used to create a cold which is always in a reversible you cannot do you get the fingerprint back from the minutia hi how are we did
something but it doesn't seem to work for the laptop my name is and I was there on the small image what we have here is 4 years ago was the 1st time we were on the stage for the 1st time immunize spark where he 1st talked about fingerprint identification systems and we showed that the fingerprint as a biometric identification method that there really we show that we really showed the risks of security of this of this approach that invites you to a small again I'll tell you what the video is about and the question is whether you remember in event to that 2 rings of it that that so that's the video ring a bell in the first one 5 and a half million for because of this sort from the American the federal government we believe it was more like 21 million but we don't have any confirmed information on that the problem is that all these 2 documents and the resultant have the entire fooled fingerprint it's is was not just by you should that there that were all paper there is full fingerprints of somebody has to use them is bad enough but even if you only have a show you can do with the rough if the offender of the approaches restore the initial figuring that was the situation 4 years ago the next want out of pocket and this is the sense sold in itself a cable provides that you got you you you get this decay for development work and this is a great and it's easy to to do more to imagine that this other the sense of of the software that is problematic so obviously if you have if you don't have a firewall that it's your fault order we see on this video we see that the activity teacher just not show well on me so I was allowed to use a different should but what Whitehead we showed a hand vein as the system this is currently the most secure technology worldwide Fujitsu developing it is perhaps the only East security technologies at this 1 the environment metrics which is common criteria and what have we found its problems we initiated the vendors 2 of them did not implement security fit functionality which means that you could cheat with these devices In the past couple weeks there was a problem with a big manufacturer where all the was 0 why did they not you learned that function because it's so the system of the device down so they just by anybody remember to divisive BBB slow and then security being not implemented we needed to things 2 factors for the problem to occur at the there was a malicious attack was 1 of of the most score was hidden in the development environment something else was the human factor we talk a lot about human factor because it whenever we use any studies system the unit vector based arose to people are using it and estimate just mentioned ease of use was the reason that this lack security and all this was needed for an otherwise normal cold to become a danger of a threat as a
source of danger due to you actions to user actions before effect we check to face recognition systems we presented several of them and 1 of them was a Chinese all of the system so you get the by metrics image xi which then there is used to generate a by magic called that cannot be then restore into the image and also has added functionality is also say the initial the raw image for those of you Braque backdoor in it I don't know whether remember any back toward issues in the recent past but let me help
you well way forms were the coverage I you know of a wire wasn't that surprised about this this is what is a very important fault that he has the user's system can contain backdoors and they must be investigated and last year as analysts said let's me meet off at all and no
more than 1 so it is if you start developing of this on the methodology with none if you have solutions that increase consumption because view of the assumptions we have some methods rudimentary and if you use the Service ability that in real life i don't want going to what the success actually means that 1 that is just this 1 thing what this thing is if you have any technical devices you only get realistic data if you do the testing in realistic circumstances
you might have guessed that I was thinking about the I'll Volkswagen problem yes we talked about this a year ago and this whole escalation this current problem was based on the way we also doing testing and certification and we must talk about what we mean melody need to give you to talk about actual testing or investigation 1st of all of the measurement needs to have a goal and it needs to have some sort of methodology to achieve it and it must be reproducible but above all things if we are talking tests and then we must reflect reality as well as possible we're talking about in this example a methodology that memory method that was of this is that these 20 years old that wasn't even developed for the task it was being used for recently and it was not meant to to be used on diesel engines at all this was then used as a basis and its escalation resulted in the already problem that was
like currently faces let me know getting to the main message that we will talk about this is 1 of the main areas of our activities in the background of all sorts of all activities of problems that we have experienced in the past months all so in the background was always some sort of software software that was written with malicious intent was often that was not written by me with malicious intent but that contain vulnerabilities that malicious people used for malicious purposes and it's important about reasons causing that a couple of causes that I'd like to stress 1 is that everybody is developing software which is not a problem because this is not verbal living but the users the the developed software can you will then access the most different various types of sort of data and actually literalized it could be a vehicle it can be a smartphone it can be a state run the system so it's also that there are no standards procedures are lacking that should be connected to and also with attributes sanctioning punishment is also missing so we as users cannot be sure that what we have here is up to specific requirements and a safety cautious attitude was behind designing them we think about what it because it is a lot of things that they are OK but they have oftentimes not what is the solution if we take the information that you do a larger donor organization to our heart and yes we must involve the organizations that have in-depth knowledge of the risks of that area and also about how they can be made more secure if we do not do this that and the only party that look and talk about the security of the product will be the vendor but we are sure header off if you don't believe what can these scandals lead to if we are not severely affected then we say that such the scandals actually often catalyzed changes security awareness seep into our everyday lives into education etc. etc. and that would result probably in the appropriate legislation as well so we are the ones who need to build these systems and once we and if we call ourselves white hat hackers that we must be leading this activity would like to support this activity and once again will show you 1 of our recent results which is a environment to kill it takes about a by medical technology that we have to this is a hand map the identification technology that we also attacked in software everybody when initially adopted idea and and after the introduction and it is so hard to say anything because obviously we said something 4 years ago it happened this is something that is 0 it happened we studied last year it happened so I'm not going to even get anything this year last year that we use and the only recently and like you don't have to high school so you know we you were hard we're thinking hard about introducing actually soothsaying into next year's curriculum obviously we would be successful and then begin next conventional promises about as we have in the we often use a lot show you alive show where you which will not certainly from those portions of the students saying something about the hand geometry so the maximum of the truth of changing hands that much of the mass that is over that leads to volunteer to come here so as we can tell the future from the past and so do something and the other man is only 1 among you who will have for a very short time 0 4 minutes yes you please come up the of the stairs anyone else what preferences and their there come on please you very welcome you can also jump up on stage of your job we and if the got and while we prepare and the Pentagon funding everything necessary for something you're fortunate unintelligible will tell you a few words what will happen you know what you actually see with they're all horses secondly students staged this piece of equipment works in a way that the 3 dimensional stores the three-dimensional much of the hands and it provides identification unique colds has to be provided in the this image matches you can go and have no they're not in 1998 we came up with the 1st person on this was based on my table top self from college and started working memory working with this piece of equipment evidence of that might recommend that prosecutors services inside the but there are areas where we can achieve the best results with these pieces of equipment usually in an industrial circumstance to identify workers why isn't it a problem that you can actually go around the outside these devices 1st of all we can make them more secure will not sure that he was in the interests of the country their security systems where these devices have these were what was accompanied with a couple of thousand of them please and I want to guarantee more or less but only those and toward the because it can handle this and it's a problem the worker go school as well to drink and enhances God over to his brother-in-law single please go and take my place because I have too much to drink last nite which was a lot of legal and other problems so that we have a device that this a system like this that operates in also alignment with also people this can be very and Michael is getting everything that I do have 1 or more common we have unveiled the fingerprints and I must actually mention that this technology has its own police as well because it was designed for 1 has introduced fingerprint identification and I asked the question what fine I would not say suggests that for security chief to use a single form of identification was supported fifty year old girl who take selfies of herself loses the full and these can be whose instantly on pages where they will be impossible to their for individuals who live in houses in a very simple means of identification like our fingerprint identification is placed on the phone no 1 will have access to the content yes this does carry out an immense amount of significance in this
application which are not yet although I do have some most of his and that his son was the problem in recent years to have a look at it and I just like to show you is on the technology that was introduced by Fisher was a device and that the and logical answer of life to share with you when is capable of identification of such as the 1st 4 people just look at the power and the handling the end of the genetics of the number of times and then the different sex than that and she will be very high and will moral similar was all the more or less effects so moralistic is absolutely not true because you have clearly is continuing to examine their hands on the Semantic resolution itself has unique features which are capable of identification so you can see on this drawing according to this means of drawing 30 program answers can be defined on the real and the length and the width of the fingers and size of the bounding area and in the case of the 5 fingers and you have 4 fingers and the thumb this obviously multiplies on on the and in compliance of the unique features that we can have a you can measure as in the case of year and that kind of dedication of all of all things considered implications of this technology is capable of some sort of identification if you ever have the structure of the neck and the strangely instead of your girlfriend you know it can have consequences this device will not fabulous the face like your from which you notice is all the news and you help um then the other similar consequences another question is that that even in the middle symmetrical arises in nature 1 of these being the pounds of plants that are situations where we use that they found to other we actually perform such activities as well and the technology refuse to work by people because they want tests and that's you'll see things that so 2 hands out and they may have a a symmetrical and in a way that they can actually be substituted which means that says that there is a problem with 1 of its the user actually said that division of the right hand side if you please the other hand in order in which they will be able to identify their hand as well that almost to the same extent this is also included in his last security function as you will see or not see you by the end of presentation of all of them on the list was this year in the biology behind us such derivative of seawater identification methodologies and so on and so it's inevitable that was the subject of an identification is not in fact bacterial real identifications in biometry we differentiation 2 types of identification innovative warning about this 1 prepared handle it with all of this is real identification from given database we can select actually stands for clues as to what you know what on mean this is excellent part of what we call what was available you disagree sinking and holes and problem or the samples and having different in the in the database and uh it can perform its identification with what we see in the possibilities for access to all of them in this case we have pilot applications that 1 too long will we identify ourselves with the growing of the kinds of rendered into the hands of the device finds out that the biometric validation present all of them which will be on the order of 1 of the litigation over others you what you have heard so in images created here and the that and improve and improve image in the world of the parametres and then you have made into a quarter of a wider system of in the world and the Internet and applications compares the stored in the woods and so the court that was written on the right you get a point on event which is the 1 that has the size of the that Commission is positive or negative 1 would have thought of but also the complicated was even more complicated than was union and the face difficulties in the interstellar provision of most of his representations of regularly have progress in a very similar to that of previous content on universal the wall actually kind of William of inevitable devices fingerprints I don't think can and identification of this case it's a handle geometry identify this device has characteristics of this which can be used to reduce probability this communities with some sort of control device the control device is also precipitated from devices systems as a presented as so this is now a matter of we have a source of water to the line of thought that biological lots identifies in the control device that provides the information from plots based upon that application and controls the devices so devices that things are attached to the inside of you that have this operates science so it can be connected to the network G and very very happy about this and this to assist through the theory that network and the software is good or not good that's pretty and and the software uh there's something about in this case a database of what I mean and what we have to solve a community itself with which it does something of have this case if it is the user's events at the end of and this is something that you don't want to pushes this so we will need to know what was the 1st to willing to with is the full and what we're going to deal with the of the mind of what takes place in the characteristics of the I management of the devices that that was going on with the bias that that we know that any of them how vulnerable the devices is to what extent it can be fooled around with the concept of what we usually do we want to do with the database as well as men and women who want to examine the influence of what takes place in this situation with that in my own life to go out and make it would like to know about the whole system we asked 3 questions to themselves and not just as well as the we'll see what happens in 1 hand and the band is about ensuring the users don't all around the comedians outside of the matrix of images that have ways can barometric identities and so of thinking how easily and you can't have we circumvent this sort of control mechanisms and if so how problem of the experience of the world knows that this velocity use mind presentation interesting analogies instability and it's all over the Internet will be as can about about natural so we use these terms and 1 of the many competitor what usually as you said it first-rank area and the 1 and only 1 and then 1 more results of this was
that we will be done under the histology guided refinement a star that's what underlies all out so if you think you know what you want to know about are stopping at any major way for predecessor University of any you require any classifier structure-reactivity to establish a constellation from the stars you shall know instantly large distance from each other now if we had some help in creativity and we discovered us so far are undiscovered house solution putting them on the molecule is and this is the great right hand concentration if you like in some way that on the modulation degree rights and has a very
serious trouble if not all of the kinematics of about every every and we established an answer to that constant question that some of the material that would have the answer no assistance to this slide we'll see now is the device the requirements from the modulation of the 2 regions right hand side of development and I have so as you can see it has something to do with the human hand on the kind ground that you know that requires a semantically it's about what we have to be able to afford notice is that this is indeed a hand of assistance devices into and see what I can do through the camera on that people will think about it that we always see now as a very simple diametrical and and all the nodes and and you have the thank you the betterment of condemning the lines this this was the purposes of identifying and they're interested in what kind of of the of the future and this is why I have to keep on telling stories in the dark you know when we can be something that I like to ask for some more lines and and do my best to nominate was seeking was we about the camera will be able to see the the the the the main since business and that the model is what will be tried to do that further and used to because recalled so this constellation the replies and into the 1st year has yet and make a which which I think is something that you really want a person without a little physician lives in the myself at the scale of movement or looking at the age how people look at us give is another living includes the likelihood of is more beautiful than could just give you a case and that's it and it asks me please to release this constellation of great clients hands and all that and that's the was you do require some amount of skills and qualifications the it's only happens to be the 1st time on the last thing we could not be without a care about was that the devices said that the hand is acceptable that opinion on the thing and I think this is not to keep it served this simple and you will see and identify the set of people don't have time to show you have to press the being code data alone and it has that this degree right and then please note that using clean lines which means that the use of the device sensitivity given the whole words you was recently that they had been and would then look a spectacular as its equivalent of 1 of those constellations of the green light tanks reviewing the Avon is actually adequate for the device to interpret sets has and thank you for which we cannot turn back to the presentation you have given of automatic of the amount of the question was can we actually go beyond the boundaries of biometrics in the simple answer is yes so
have about same next question you we can identities to overlapping with the right antecedent recently began with that will we is the biggest scissors on the part of the work of water in the system on each device that an image of this was actually a telecommunication mobile here for the test were going to use a better devices and I can think of when made a very simple was resistant software that's all you introduction there was also the needs of the situation that the majority of his then that becomes very similar identifying some businesses cooperation these devices are also working in the and you know and cupolas happy and we willing to help you will always saying that they are explained how we how we did it with a photograph of event someone's hand tools and devices made from levels and are used took scaled who's on the top of the difference between the point of the thing is they all a number of years people have really interesting because he had to make sure that the image into is the exact equivalent in size of the original we applied certain traits that experiments in which we move on to other systems actually because the sound of all in the in the rest of the scissors and as it does require some way the what when you read it would face this research will respond on top of this is the cleanest of individual this was identities that was good was 1 9 9 0 this is your hand and to using 3 D is a that of what we see here not only in fundamental research and also the ways that tell users to very similar to the that was the previous until you have to be on my colleague Daniel punch independently of the 1 9 9 0 and if you want to place the hands here there is this is in position them with a very good 1 9 0 me that Apple had survival the sequences the 1 on on different with the education situation he has this set of people seem as individual individual went what about the world by colleagues so we gave our hands on it was seems like he is present in the so the 2nd question was guidance is accomplished through answer if only goes from yes and when we find how difficult is it going on in the world as we presented it wasn't all that will be a camera bit scissors paper print your genome would but may ask if we can them over the database yes we can do that tell you what's going to happen canonical to identify with his own code the 1990 called and it's your lab we don't use a camera to do this the audience will be able to see it on what we want to achieve is that what we have the following you everything in that we did here even the paper hand stuff should be replaced with something simpler algorithm that it was a surprisingly behind the entirety system and on the software side there is the band also offers a lot so there is a very old database old access databases and sold access databases the easy that's what we need we need to win 1 of the fastest programmatic endowed from the internet and the the battle is roughly 10 to 12 characters long this is what we need to track takes roughly 26 and also we need that for a year database management version that is still able to normally handled this sole database and we know some little knowledge of what this is all the things that provides the all the time you this is to say that the crack the password export to 1 table from the database into an existing an empty database that recently created that where we can actually access to the table we can open the to it the properties of we can replace samples of belonging to the individual users to you we we modify the access rights everything was we did this we back in the back of the standard back into the original data based on the 2nd into the so called protected data and we did it we show you that this is the core of my colleagues can access this device and unit called put your hand on a piece of a big let be big big green light which means that he was accepted as he entered the system a show that I with my hand cannot use his codes to get into the system or anybody else can that OK because already entered but you on it and you you want so nothing happens cannot access system with his hand and let me tell you about a specific system function which is only useful especially enrollment which means that if somebody's hand is the part of there is a wound on it as something it's hard to know what scada happens so when you're what can I would judges would fill of there and that you can still add these colleagues in the system which means that it does not do it abundantly clear identification you still have to do with the encoder than you would you handle device has someone something happens on the other hand the role and saying OK was accepted that on that because that is the reason that the person cannot be accepted by this means that with this cold that he knows about this so that you can enter the set of that person if you know where special enrollment cold which which was this case making the exorcism but on to do now my fun and we use this especially enrollment of the the to use as an identifier this is also a templated don't have to actually fight it too hard you put it into the database and the problem here also in we will replace it we is what do samples and brushes sample will be swapped for my colleagues to the left of the sample mean and from now on that and I should be able to it as if you think it was the colleagues from his was removed by the cable problem
some water lakes and you will get to the end of it I'm sure
that by the time the technology will move begin again the presented want to its anybody has the world have our spirit time after reason we can surely be taken to a joy to him again the causal what you what is the last step on this database trick on the last step is the following or whatever we have want the machine in the database that must be conveyed to the device there is a database of mediation between the
2 devices anyway we will actually do this activity but it was what happens also like call it has not happened so you will see more about what the show was 1 of the way in which you will see whether address can enter the system with the 1990 called OK I'm writing 1 9 9 0 lt peculiar logic C and lo and behold it was me so this was the biggest part event I was missing also the arts OK the
it might be a good news that somebody can use to my hand to enter some place without him hacking my hand off you know I believe that and hope that we could convincingly demonstrated the number of ways you can attack these technologies and devices and to believe that this novel adapted but only applies to the 6 specific device which most of them so that we have to we have heard about it will always be the case that the apple case the Volkswagen the bear greatest names would interact into the model and what is the lesson from all of this it is that vulnerabilities are all around us and on devices software and the question is whether the universe is whether we know about them or not what will be the outcome that will be that we as plain users will also have to know a lot of the basics of security just as we do in other areas areas of life for instance protection against car theft 30 or 40 years ago uh we didn't have various and if the devices in our cars we do now and this applies to a lot of other scenarios like this 1 and this also should be part of the new curriculum and I believe that this should be the that teaching this should be got began in grade school the police should have already use social networks and then we have no idea what those what they do with the data axis there we at our university and the institutes have permission to make the room more secure more security and this knowledge is the breeding with and outside the US was of the university so in closing we repeat our vision they more security-conscious world is the thank you for listening to us and enjoy your
Gruppe <Mathematik>
Metropolitan area network
Shape <Informatik>
Kategorie <Mathematik>
Güte der Anpassung
Kontextbezogenes System
Natürliche Sprache
Dienst <Informatik>
Rechter Winkel
Grundsätze ordnungsmäßiger Datenverarbeitung
Elektronischer Fingerabdruck
Charakteristisches Polynom
Ordnung <Mathematik>
Tabelle <Informatik>
Folge <Mathematik>
Selbst organisierendes System
Abgeschlossene Menge
Räumliche Anordnung
Mathematische Logik
TUNIS <Programm>
Virtuelle Maschine
Arithmetische Folge
Reelle Zahl
Elektronischer Fingerabdruck
Inhalt <Mathematik>
Ganze Funktion
Attributierte Grammatik
Feinstruktur <Mengenlehre>
Wort <Informatik>
Natürliche Zahl
Hintertür <Informatik>
Kartesische Koordinaten
Einheit <Mathematik>
Prozess <Informatik>
Maschinelles Sehen
Zentrische Streckung
Lineares Funktional
Physikalischer Effekt
Plot <Graphische Darstellung>
Algorithmische Programmiersprache
Arithmetisches Mittel
Parametrische Erregung
Derivation <Algebra>
Kombinatorische Gruppentheorie
Physikalische Theorie
Digitale Photographie
Speicher <Informatik>
Bildgebendes Verfahren
Leistung <Physik>
Einfach zusammenhängender Raum
NP-hartes Problem
Digitales Zertifikat
Einfache Genauigkeit
Physikalisches System


Formale Metadaten

Titel Otti Csaba: Security in our hands (?)
Untertitel Problems of a biometric identification technology
Alternativer Titel Otti Csaba: Kézben a biztonság (?)
Egy biometrikus technológia problémái
Serientitel Hacktivity 2015
Teil 08
Anzahl der Teile 29
Autor Fehér, András
Kapitány, Sándor
Martinkovics, Dániel
Lizenz CC-Namensnennung 3.0 Deutschland:
Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen.
DOI 10.5446/18857
Herausgeber Hacktivity
Erscheinungsjahr 2015
Sprache Englisch

Inhaltliche Metadaten

Fachgebiet Informatik
Abstract A kézgeometria azonosítás egy széles körben elterjedt és használható technológia, amely bizonyos esetekben hatékonyan képes helyettesíteni a környezeti körülményekkel szemben kevésbé ellenálló társait, ugyanakkor kevesen tudják csak azt, hogy valójában hogyan muködik. Élo bemutatónk keretében megvizsgáljuk a technológia elonyeit, hátrányait, felfedjük sebezhetoségeit, és olyan támadásokat hajtunk végre, amelyek túlmutatnak magán a technológián.

Zugehöriges Material

Ähnliche Filme