August 19-21 - Co-Located Events
August 21-23 - Conference
Hilton San Diego Bayfront - San Diego, CA
More information for Open Source Summit + Embedded Linux Conference North America 2019
Back To Schedule
Wednesday, August 21 • 11:30am - 12:05pm
Broken Fingers: A Deep Dive Into Open Source Fingerprint Authentication and its Security Issues - Seong-Joong Kim, National Security Research Institute*

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Biometric authentication provides distinguished advantages over other techniques such as password-based ones; Biometric information is always with and unique to an individual, and hardly forgeable. One of the most classic biometric authentication is to use fingerprint, which is very popularly used these days in mobile banking or healthcare industry, for 2-factor authentication schemes. The benefits, however, come with an inherent risk: fingerprints cannot be changed once they are stolen.

In this talk, Seong-Joong Kim will address security problems that reside in the most popular open source for supporting fingerprint readers. After auditing, he found several flaws in encryption and key derivation process of the project, which may lead to dreadful consequences: an attacker can extract individual fingerprint images between a fingerprint scanner and a host, or can steal original fingerprints from the fingerprint DB. He will demonstrate those attacks and discuss possible countermeasures.

avatar for Seong-Joong Kim

Seong-Joong Kim

Security Researcher, National Security Research Institute
Seong-Joong Kim is a member of research staff at the National Security Research Institute. Prior to that, he was a researcher at TmaxSoft R&D Center for alternative service as mandatory military service duty. Also, he interned at Samsung Electronics in the capacity of a Software Engineer... Read More →

Wednesday August 21, 2019 11:30am - 12:05pm PDT
Aqua Salon C
  Security & Safety
  • Session Slides Included Yes
  • Session Recorded Yes