The assessment of vulnerability is vital for ensuring biometric security, and is a concept distinct from system accuracy. A perfectly accurate biometric system may still be highly vulnerable to attack, as unauthorized users may find alternates ways by which they can be falsely accepted by a system.
Compared with the effort expended on determining performance accuracy, significantly less effort has been given to the problem of determining if a presented biometric is real or fake. With the increasing use of biometric systems, the understanding of vulnerability related risks and their appropriate treatment will be a vital part of future biometric deployments.
All the attack methods described in this chapter are vulnerabilities that are publicly known. As a general principle, the public dissemination of points of vulnerably is an important step towards ensuring system designers can put in place appropriate risk mitigations. Secrecy about avenues of attack can help potential fraudsters more than the disclosure of risks, since where the risks are not understood by the system owners, attack methods may be easily exploited. The principle of security through transparency is accepted practice in the cryptographic community.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Biometric device protection profile BDPP. (http://www.cesg.gov.uk/site/iacs/itsec/media/protection-profiles/bdpp082.pdf (2001)
Communications security establishment certification body canadian common criteria evaluation and certification scheme. (http://www.cse-cst.gc.ca/documents/services/ccs/ccs_biometrics121.pdf (2001)
U.S. government biometric verification mode protection profile for basic robustness environments. (http://www.niap.bahialab.com/cc-scheme/pp/pp_bvm_mr_v1.0.pdf (2001)
Common criteria common methodology for information technology security evaluation: Biometric evaluation methodology supplement BEM. (http://www.cesg.gov.uk/site/ast/biometrics/media/BEM_10.pdf (2002)
Transcript: Defense department briefing. (http://www.america.gov/st/washfile-english/2002/October/20021017192919ross@pd.state.gov0.9141504.html (2002)
Episode 59 -crimes and myth-demeanors 2. (http://en.wikipedia.org/wiki/MythBusters_ (season_4)#Episode_59_.E2.80.94_.22Crimes_and_Myth-Demeanors_2.22(2006)
Adler, A.: Sample images can be independentlyrestored from face recognition templates. Electrical and Computer Engineering, 2003. IEEE CCECE 2003. Canadian Conference on 2 (2003)
Boyce, C., Ross, A., Monaco, M., Hornak, L., Li, X.: Multispectral iris analysis: A preliminarystudy. Proc. Conf. Computer Vision and Pattern Recognition Workshop pp. 51–59 (2006)
Czajka, A., Strzelczyk, P., Pacut, A.: Making iris recognition more reliable and spoof resistant. SPIE The International Society for Optical Engineering (2007)
Daugman, J.: Iris Recognition and Anti-Spoofing Countermeasures. 7th International Biometrics Conference (2004)
Drahansky, M., Lodrova, D.: Liveness detection for biometric systems based on papillary lines.International Conference on Information Securityand Assurance, 2008. ISA 2008. pp. 439–444 (2008)
Dunstone, T., Poulton, G., Roux, C.: Update, Biometrics Institute vulnerability assessment project. In: The Biometrics Institute, Sydney Conference (2008)
Faundez-Zanuy, M.: On the vulnerability of biometric security systems. Aerospace and Electronic Systems Magazine, IEEE 19(6), 3–8 (2004)
Godesberger, A.: Common criteria protection profile biometric verification mechanisms, german federal office for information security (bsi). (http://www.bsi.bund.de/zertifiz/zert/reporte/PP0016b.pdf (2005)
Harrison, A.: Hackers claim new fingerprint biometric attack. (http://www.securityfocus.com/news/6717 (2003)
Hill, C.: Risk of masquerade arising from the storage of biometrics.Bachelor of science thesis, Dept. of CS, Australian National University (2002)
Kryszczuk, K., Drygajlo, A.: Addressing the vulnerabilities of likelihood-ratio-based face verification. Proceedings of 6th International Conference on Audio-and Video-Based Biometric Person Authentication (AVBPA), T. Kanade and NR (AK)Jain, Eds., vol. LNCS 3546, 426–435 (2005)
Maltoni, D., Maio, D., Jain, A., Prabhakar, S.: Handbook of Fingerprint Recognition.Springer (2003)
Matsumoto, T.: The test object approach in measuring security of fingerprint and vein pattern authentication systems.In: The Biometrics Institute, Sydney Conference (2008)
Matsumoto, T., Matsumoto, H., Yamada, K., Hoshino, S.: Impact of artificial gummy fingers on fingerprint systems. In: Proc. of the SPIE, Optical Security and Counterfeit Deterrence Techniques IV, vol. 4677 (2002)
Pan, G., Sun, L., Wu, Z., Lao, S.: Eyeblink-basedanti-spoofing in face recognition from a generic webcamera.Computer Vision, 2007. ICCV 2007. IEEE 11th International Conference on pp. 1–8 (2007)
Parthasaradhi, S., Derakhshani, R., Hornak, L.A., Schuckers, S.: Time-series detection of perspiration as a liveness test in fingerprint devices. Systems, Man and Cybernetics, Part C, IEEE Transactions on 35(3), 335–343 (2005)
van der Putte, T., Keuning, J., Origin, A.: Biometrical fingerprint recognition: Don’t get your fingers burned. Smart Card Researchand Advanced Applications: Ifip Tc8/Wg8. 8 Fourth Working Conference on Smart Card Research and Advanced Applications, September 20-22, 2000, Bristol, United Kingdom (2000)
Schuckers, S.: Spoofing and anti-spoofing measures. Information Security Technical Report 7(4), 56–62 (2002)
Statham, P.: UK government biometrics security assessment programme, cesg biometrics. (http://www.biometrics.org/bc2004/CD/PDF_PROCEEDINGS/bc247a_Statham.ppt (2003)
Thallheim, L., Krissler, J., Ziegler, P.: Body check: biometrics defeated. (http://www.extremetech.com/print_article/0,3998,a=27687,00.asp (2002)
Uludag, U., Jain, A.: Attacks on biometric systems: a case study in fingerprints. Proceedings of SPIE 5306, 622–633 (2004)
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag US
About this chapter
Cite this chapter
(2009). Vulnerabilities. In: Dunstone, T., Yager, N. (eds) Biometric System and Data Analysis. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-77627-9_12
Download citation
DOI: https://doi.org/10.1007/978-0-387-77627-9_12
Published:
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-77625-5
Online ISBN: 978-0-387-77627-9
eBook Packages: Computer ScienceComputer Science (R0)