A False Rejection Oriented Threat Model for the Design of Biometric Authentication Systems
Conference paper
Abstract
For applications like Terrorist Watch Lists and Smart Guns, a false rejection is more critical than a false acceptance. In this paper a new threat model focusing on false rejections is presented, and the “standard” architecture of a biometric system is extended by adding components like crypto, audit logging, power, and environment to increase the analytic power of the threat model. Our threat model gives new insight into false rejection attacks, emphasizing the role of an external attacker. The threat model is intended to be used during the design of a system.
Keywords
Biometric System Biometric Authentication Attack Tree False Rejection Security Function
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
Download
to read the full conference paper text
References
- 1.Bone, J.M., Blackburn, D.M.: Biometrics for narcoterrorist watch list applications. Technical report, Crane Division, Naval Surface Warfare Center and DoD Counterdrug Technology Development Program Office (July 2003)Google Scholar
- 2.Buhan, I., Hartel, P.: The state of the art in abuse of biometrics. Technical report to appear, Centre for Telematics and Information Technology, Univ. of Twente, The Netherlands (June 2005)Google Scholar
- 3.De Cock, D., Wouters, K., Schellekens, D., Singelee, D., Preneel, B.: Threat modelling for security tokens in web applications. In: Chadwick, D., Preneel, B. (eds.) 8th IFIP TC-6 TC-11 Conference on Communications and Multimedia Security, Lake Windermere, England, September 2004, pp. 131–144. Springer, Berlin (2004)Google Scholar
- 4.Van der Putte, T., Keuning, J.: Biometrical fingerprint recognition: Don’t get your fingers burned. In: Smart Card Research and Advanced Applications, IFIPTC8/W68.8 Fourth Working Conference on Smart Card Reserch and Advanced Applications, September 2001, pp. 289–303 (2001)Google Scholar
- 5.Germany DIN-Deutsches Institut Fur Normung E.V., Berlin. Information technology - security techniques - a framework for security evaluation and testing of biometric technology. Technical Report ISO/IEC JTC 1/SC 27 N 3806, DIN - Deutsches Institut fur Normung e.V. Berlin, Germany (2003)Google Scholar
- 6.UK Government Biometrics Working Group. Biometric device protection profile (BDPP). Technical Report Draft Issue 0.82, UK Goverment Biometrics Working Group (2001)Google Scholar
- 7.Jain, A.K., Pankanti, S., Prabhakar, S., Ross, A., Wayman, J.L.: Biometrics: A grand challenge. In: Proceedings of International Conference on Pattern Recognition, vol. 2, pp. 935–942 (2004)Google Scholar
- 8.Kong, A., Griffith, A., Rhude, D., Bacon, G., Shahs, G.: Department of defense federal biometric system protection profile for medium robustness environments. Technical Report Technical Report Draft Version 0.02, U.S Department of Defense (2002)Google Scholar
- 9.Neuman, P.G., Parker, D.B.: A summary of computer misuse techniques. In: 12th National Computer Security Conference, Baltimor, MaryLand, October 1989, vol. 10(13), pp. 396–407 (1989)Google Scholar
- 10.The Biometrics Management Office and National Security Agency. U.s. government biometric verification mode protection profile for medium robustness environments. Technical Report Version 1.0, The Biometrics Management Office and the National Security Agency (2003)Google Scholar
- 11.Rae, A.J., Wildman, L.P.: A taxonomy of attacks on secure devices. Australian Information Warfare and IT Security, November 20-21, Australia, 251–264 (2003)Google Scholar
- 12.Ratha, N.K., Connell, J.H., Bolle, R.M.: Biometrics break-ins and band-aids. Pattern Recognition Letters 24(13), 2105–2113 (2003)CrossRefGoogle Scholar
- 13.Bolle, R.M., Connel, J.H., Pankanti, S., Ratha, N.K., Senior, A.W.: Guide to Biometrics. Springer, New York (2004)Google Scholar
- 14.Schneier, B.: Attack trees: Modeling security threats. Dr. Dobb’s Journal (1999), www.ddj.com
- 15.Veldhuis, R.N.J., Bazen, A.M., Kauffman, J., Hartel, P.H.: Biometric verification based on grip-pattern recognition (invited paper). In: Delp III, E.J., Wong, P.W. (eds.) IS&T/SPIE 16th Annual Symp. on Electronic Imaging - Security, Steganography, and Watermarking of Multimedia Contents, San Jose, California, January 2004, vol. 5306, pp. 634–641. SPIE – The Int. Society for Optical Engineering, Washington (2004)Google Scholar
Copyright information
© Springer-Verlag Berlin Heidelberg 2005