Skip to main content
SpringerLink
Log in

Vulnerabilities

  • Chapter
  • First Online:
Biometric System and Data Analysis

  • 1451 Accesses

The assessment of vulnerability is vital for ensuring biometric security, and is a concept distinct from system accuracy. A perfectly accurate biometric system may still be highly vulnerable to attack, as unauthorized users may find alternates ways by which they can be falsely accepted by a system.

Compared with the effort expended on determining performance accuracy, significantly less effort has been given to the problem of determining if a presented biometric is real or fake. With the increasing use of biometric systems, the understanding of vulnerability related risks and their appropriate treatment will be a vital part of future biometric deployments.

All the attack methods described in this chapter are vulnerabilities that are publicly known. As a general principle, the public dissemination of points of vulnerably is an important step towards ensuring system designers can put in place appropriate risk mitigations. Secrecy about avenues of attack can help potential fraudsters more than the disclosure of risks, since where the risks are not understood by the system owners, attack methods may be easily exploited. The principle of security through transparency is accepted practice in the cryptographic community.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Biometric device protection profile BDPP. (http://www.cesg.gov.uk/site/iacs/itsec/media/protection-profiles/bdpp082.pdf (2001)

  2. Communications security establishment certification body canadian common criteria evaluation and certification scheme. (http://www.cse-cst.gc.ca/documents/services/ccs/ccs_biometrics121.pdf (2001)

  3. U.S. government biometric verification mode protection profile for basic robustness environments. (http://www.niap.bahialab.com/cc-scheme/pp/pp_bvm_mr_v1.0.pdf (2001)

  4. Common criteria common methodology for information technology security evaluation: Biometric evaluation methodology supplement BEM. (http://www.cesg.gov.uk/site/ast/biometrics/media/BEM_10.pdf (2002)

  5. Transcript: Defense department briefing. (http://www.america.gov/st/washfile-english/2002/October/20021017192919ross@pd.state.gov0.9141504.html (2002)

  6. Episode 59 -crimes and myth-demeanors 2. (http://en.wikipedia.org/wiki/MythBusters_ (season_4)#Episode_59_.E2.80.94_.22Crimes_and_Myth-Demeanors_2.22(2006)

  7. Adler, A.: Sample images can be independentlyrestored from face recognition templates. Electrical and Computer Engineering, 2003. IEEE CCECE 2003. Canadian Conference on 2 (2003)

    Google Scholar 

  8. Boyce, C., Ross, A., Monaco, M., Hornak, L., Li, X.: Multispectral iris analysis: A preliminarystudy. Proc. Conf. Computer Vision and Pattern Recognition Workshop pp. 51–59 (2006)

    Google Scholar 

  9. Czajka, A., Strzelczyk, P., Pacut, A.: Making iris recognition more reliable and spoof resistant. SPIE The International Society for Optical Engineering (2007)

    Google Scholar 

  10. Daugman, J.: Iris Recognition and Anti-Spoofing Countermeasures. 7th International Biometrics Conference (2004)

    Google Scholar 

  11. Drahansky, M., Lodrova, D.: Liveness detection for biometric systems based on papillary lines.International Conference on Information Securityand Assurance, 2008. ISA 2008. pp. 439–444 (2008)

    Google Scholar 

  12. Dunstone, T., Poulton, G., Roux, C.: Update, Biometrics Institute vulnerability assessment project. In: The Biometrics Institute, Sydney Conference (2008)

    Google Scholar 

  13. Faundez-Zanuy, M.: On the vulnerability of biometric security systems. Aerospace and Electronic Systems Magazine, IEEE 19(6), 3–8 (2004)

    Google Scholar 

  14. Godesberger, A.: Common criteria protection profile biometric verification mechanisms, german federal office for information security (bsi). (http://www.bsi.bund.de/zertifiz/zert/reporte/PP0016b.pdf (2005)

  15. Harrison, A.: Hackers claim new fingerprint biometric attack. (http://www.securityfocus.com/news/6717 (2003)

  16. Hill, C.: Risk of masquerade arising from the storage of biometrics.Bachelor of science thesis, Dept. of CS, Australian National University (2002)

    Google Scholar 

  17. Kryszczuk, K., Drygajlo, A.: Addressing the vulnerabilities of likelihood-ratio-based face verification. Proceedings of 6th International Conference on Audio-and Video-Based Biometric Person Authentication (AVBPA), T. Kanade and NR (AK)Jain, Eds., vol. LNCS 3546, 426–435 (2005)

    Google Scholar 

  18. Maltoni, D., Maio, D., Jain, A., Prabhakar, S.: Handbook of Fingerprint Recognition.Springer (2003)

    Google Scholar 

  19. Matsumoto, T.: The test object approach in measuring security of fingerprint and vein pattern authentication systems.In: The Biometrics Institute, Sydney Conference (2008)

    Google Scholar 

  20. Matsumoto, T., Matsumoto, H., Yamada, K., Hoshino, S.: Impact of artificial gummy fingers on fingerprint systems. In: Proc. of the SPIE, Optical Security and Counterfeit Deterrence Techniques IV, vol. 4677 (2002)

    Google Scholar 

  21. Pan, G., Sun, L., Wu, Z., Lao, S.: Eyeblink-basedanti-spoofing in face recognition from a generic webcamera.Computer Vision, 2007. ICCV 2007. IEEE 11th International Conference on pp. 1–8 (2007)

    Google Scholar 

  22. Parthasaradhi, S., Derakhshani, R., Hornak, L.A., Schuckers, S.: Time-series detection of perspiration as a liveness test in fingerprint devices. Systems, Man and Cybernetics, Part C, IEEE Transactions on 35(3), 335–343 (2005)

    Google Scholar 

  23. van der Putte, T., Keuning, J., Origin, A.: Biometrical fingerprint recognition: Don’t get your fingers burned. Smart Card Researchand Advanced Applications: Ifip Tc8/Wg8. 8 Fourth Working Conference on Smart Card Research and Advanced Applications, September 20-22, 2000, Bristol, United Kingdom (2000)

    Google Scholar 

  24. Schuckers, S.: Spoofing and anti-spoofing measures. Information Security Technical Report 7(4), 56–62 (2002)

    Google Scholar 

  25. Statham, P.: UK government biometrics security assessment programme, cesg biometrics. (http://www.biometrics.org/bc2004/CD/PDF_PROCEEDINGS/bc247a_Statham.ppt (2003)

  26. Thallheim, L., Krissler, J., Ziegler, P.: Body check: biometrics defeated. (http://www.extremetech.com/print_article/0,3998,a=27687,00.asp (2002)

  27. Uludag, U., Jain, A.: Attacks on biometric systems: a case study in fingerprints. Proceedings of SPIE 5306, 622–633 (2004)

    Google Scholar 

Download references

Editor information

Editors and Affiliations

  1. Biometix National Innovation Centre, The Australian Technology Park, Eveleigh, NSW 1430, Australia

    Ted Dunstone  & Neil Yager  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag US

About this chapter

Cite this chapter

(2009). Vulnerabilities. In: Dunstone, T., Yager, N. (eds) Biometric System and Data Analysis. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-77627-9_12

Download citation

  • DOI: https://doi.org/10.1007/978-0-387-77627-9_12

  • Published:

  • Publisher Name: Springer, Boston, MA

  • Print ISBN: 978-0-387-77625-5

  • Online ISBN: 978-0-387-77627-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation