tesina sobri

REVERSE ENGINEERING AND REVERSE ENGINEERING AND MALWARE THREAT IN MALWARE THREAT IN

DISTRIBUTED BIOMETRIC DISTRIBUTED BIOMETRIC SYSTEMSSYSTEMS

Proyecto fin de carreraProyecto fin de carrera

Autor: Benxamín Porto Domínguez

Tutores: Carmen García MateoClaus Vielhauer

22

REVERSE ENGINEERING AND MALWARE THREATREVERSE ENGINEERING AND MALWARE THREAT IN DISTRIBUTED BIOMETRIC SYSTEMS IN DISTRIBUTED BIOMETRIC SYSTEMS

<!- - Benxamín Porto Domínguez - ->

ContentsContents

IntroductionIntroduction MalwareMalware Reverse Engineering Reverse Engineering ConclusionsConclusions Question timeQuestion time

33



IntroductionIntroduction

Biometrics refers to the processing of Biometrics refers to the processing of biometrics signals in order to verify an biometrics signals in order to verify an user’s identity or identify within a group user’s identity or identify within a group of possibilitiesof possibilities

The most used biometric traits are based The most used biometric traits are based on: voice, face, fingerprint, signature, on: voice, face, fingerprint, signature, etc. etc.

INTRODUCTION

44



ObjectivesObjectives

Analysis of the possible vulnerabilities that Analysis of the possible vulnerabilities that can be found in distributed biometric can be found in distributed biometric systems due to Malware or Reverse systems due to Malware or Reverse Engineering attacksEngineering attacks

Check the results shown by these attacksCheck the results shown by these attacks

Find alternative implementations that can Find alternative implementations that can counter these types of attacks or at least counter these types of attacks or at least minimize themminimize them

INTRODUCTIONINTRODUCTION

55



The systemThe system

The system used is a prototype developed The system used is a prototype developed in Universidad de Vigoin Universidad de Vigo

It is called BioWebAuthIt is called BioWebAuth

It is a distributed authentication system It is a distributed authentication system that uses biometrics to authenticate users that uses biometrics to authenticate users on the interneton the internet

It is based on a Client-Server architectureIt is based on a Client-Server architecture


66




SensorFeature Extraction Matcher Decision

Template Database

Client Server

Internet

77



BioWebAuthBioWebAuthINTRODUCTIONINTRODUCTION

88



BioWebAuth (II)BioWebAuth (II)INTRODUCTION

99



ProcedureProcedure

Not use of knowledge unavailable for the Not use of knowledge unavailable for the attackerattacker

Use of diverse hacking tools to emulate Use of diverse hacking tools to emulate MalwareMalware

Seek for the reverse engineering Seek for the reverse engineering processes of the biometric modalitiesprocesses of the biometric modalities

Use of the reversed samples to test the Use of the reversed samples to test the systemsystem

INTRODUCTION

MalwareMalware

1111



MalwareMalware

Set of instructions that run in one Set of instructions that run in one computer and make that system do computer and make that system do something that an attacker wants it to dosomething that an attacker wants it to do

It can be found in any platform and in any It can be found in any platform and in any computer languagecomputer language

Growing problem in today’s Internet Growing problem in today’s Internet security security

MALWARE

1212



MethodologyMethodology

Study the different types of existent Study the different types of existent Malware Malware

Find possible techniques against Find possible techniques against distributed biometric systemsdistributed biometric systems

Create a threat level list reagarding the Create a threat level list reagarding the sucess possibilities of the different types sucess possibilities of the different types of Malwareof Malware

MALWARE

1313



Malware TypesMalware Types

Malicious mobile codeMalicious mobile code

VirusVirus

WormsWorms

Trojan HorsesTrojan Horses

BackdoorsBackdoors

User and Kernel level RootKitsUser and Kernel level RootKits

Combo MalwareCombo Malware

MALWARE

1414



Malware level threatMalware level threat Malicious mobile code: lowMalicious mobile code: low

Virus: lowVirus: low

Worms: mediumWorms: medium

Trojan Horses: mediumTrojan Horses: medium

Backdoors: highBackdoors: high

User and Kernel RootKits: very HighUser and Kernel RootKits: very High

Combo Malware: the highestCombo Malware: the highest

MALWARE

+

lev

el t

hrea

t

|

1515



TechniquesTechniques

Keylogger:Keylogger:

Password recovery: Password recovery:

MALWARE

1616



Techniques (II)Techniques (II)MALWARE

1717



TechniquesTechniques (III) (III) Vulnerabilities scanningVulnerabilities scanning

MALWARE

1818



Techniques (IV)Techniques (IV) Cookie stealingCookie stealing

MALWARE

Reverse EngineeringReverse Engineering

2020



Reserve EngineeringReserve Engineering

Process of analyzing a subject system to Process of analyzing a subject system to identify the system's components and their identify the system's components and their interrelationships and create interrelationships and create representations of the system in another representations of the system in another form or a higher level of abstractionform or a higher level of abstraction

Used for reconstruction of an input sampleUsed for reconstruction of an input sample

Grey box model is chosen in this workGrey box model is chosen in this work

REVERSE ENGINEERING

2121



REVERSE ENGINEERING

SensorFeature Extraction Matcher Decision

Template Database

Client Server

Internet

ReverseEngineering

2222



MethodologyMethodology

Study of the data distribution of templatesStudy of the data distribution of templates

Find information about the algorithmsFind information about the algorithms

Create a reverse algorithm through the Create a reverse algorithm through the inversion of Gabor Jetsinversion of Gabor Jets

Bypass the system with the use of these Bypass the system with the use of these samplessamples

REVERSE ENGINEERING

2323



Data Distribution StudyData Distribution StudyREVERSE ENGINEERING

2424



Reverse AlgorithmReverse Algorithm Creation Creation

REVERSE ENGINEERING

2525



System AttackSystem AttackREVERSE ENGINEERING

2626



ResultsResults

The system was bypassed in all the The system was bypassed in all the matchings between the spoofed image matchings between the spoofed image and the template where it came fromand the template where it came from

Correlated tests between different Correlated tests between different templates images of the same subject templates images of the same subject showed a 10% of successshowed a 10% of success

REVERSE ENGINEERING

ConclusionsConclusions

2828



ConclusionsConclusions

Reverse engineering of the system is a serious Reverse engineering of the system is a serious threat due to the possibility of acquiring an threat due to the possibility of acquiring an user’s sampleuser’s sample

Malware can give an attacker important Malware can give an attacker important information about the userinformation about the user

Malware can modify the input devices and thus Malware can modify the input devices and thus invalidate the whole processinvalidate the whole process

Biometric templates have to be stored using Biometric templates have to be stored using encryption techniques or, at least, methods for encryption techniques or, at least, methods for obscuring the identification of different patternsobscuring the identification of different patterns

CONCLUSIONS

2929



Conclusions (II)Conclusions (II)

System have to advise all the users System have to advise all the users against social engineering attacks against social engineering attacks

Use of liveness detection techniques is Use of liveness detection techniques is highly recommended, although they do highly recommended, although they do not ensure full protection against Malwarenot ensure full protection against Malware

CONCLUSIONS

Question timeQuestion time

Thanks for your timeThanks for your time

I hope you enjoyedI hope you enjoyed

tesina sobri

Technology

malware threat

biometric modalitiesuse

highcombo malware

reverse engineering

used biometric traits

threat level list reagarding

types of attacks

kernel rootkits