An in-depth analysis of biometric authentication, exploring how the technology works, its applications in security, and the significant privacy risks involved. The summary covers biometric templates, threats like deepfakes, and mitigation strategies such as cancellable biometrics and multi-factor authentication.
Mazharul Islam from the University of Wisconsin—Madison introduces CASPER, a novel deception-based framework designed to detect the misuse of passkeys stolen from cloud storage providers. CASPER uses a system of decoy secrets and passkeys to enable relying parties (websites) to identify and flag unauthorized login attempts, effectively balancing security, usability, and deployability without disrupting the user experience.
This talk introduces an "abusability analysis framework" to evaluate technologies like passkeys under interpersonal threat models, such as intimate partner violence. An analysis of 19 services revealed critical implementation flaws, including irrevocable cloned passkeys and the failure of password resets to secure accounts, which can create persistent backdoors for abusers.