Wolf Attack Probability: A New Security Measure in Biometric Authentication Systems

  • Masashi Une
  • Akira Otsuka
  • Hideki Imai
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4642)

Abstract

This paper will propose a wolf attack probability (WAP) as a new measure for evaluating security of biometric authentication systems. The wolf attack is an attempt to impersonate a victim by feeding “wolves” into the system to be attacked. The “wolf” means an input value which can be falsely accepted as a match with multiple templates. WAP is defined as a maximum success probability of the wolf attack with one wolf sample. In this paper, we give a rigorous definition of the new security measure which gives strengh estimation of an individual biometric authentication system against impersonation attacks. We show that if one reestimates using our WAP measure, a typical fingerprint algorithm is turned out to be much weaker than theoretically estimated by Ratha et al. Moreover, we apply the wolf attack to a finger-vein-pattern matching algorithm. Surprisingly, we show that there exists an extremely strong wolf which falsely matches all templates for any threshold values.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    International Organization for Standardization (ISO), International Electrotechnical Commission (IEC): ISO/IEC CD 19792: Information technology – Security techniques – Security evaluation of biometrics (2006)Google Scholar
  2. 2.
    Matsumoto, T., Matsumoto, H., Yamada, K., Hoshino, S.: Impact of Artificial ’Gummy’ Fingers on Fingerprint Systems. In: Optical Security and Counterfeit Deterrence Techniques IV, Proc. SPIE, vol. 4677, pp. 275–289 (2002)Google Scholar
  3. 3.
    Ratha, N.K., Connell, J.H., Bolle, R.M.: Enhancing security and privacy in biometrics-based authentication systems. IBM Syst. J. 40, 614–634 (2001)CrossRefGoogle Scholar
  4. 4.
    Miura, N., Nagasaka, A., Miyatake, M.: Feature Extraction of Finger Vein Patterns Based on Iterative Line Tracking and its Application to Personal Identification. IEICE Trans. Inf. & Syst (Japanese edn.) J-86-D-II, 678–687 (2003)Google Scholar
  5. 5.
    Doddington, G., Liggett, W., Martin, A., Przybocki, M., Reynolds, D.: SHEEP, GOATS, LAMBS and WOLVES: A Statistical Analysis of Speaker Performance in the NIST 1998 Speaker Recognition Evaluation. In: Proc. ICSLP, vol. 98, pp. 1351–1354 (1998)Google Scholar
  6. 6.
    Daugman, J.: How Iris Recognition Works. IEEE Trans. Circuits and Syst. Video Technology 14, 21–30 (2004)CrossRefGoogle Scholar
  7. 7.
    Daugman, J.: Probing the Uniqueness and Randomness of IrisCodes: Results From 200 Billion Iris Pair Comparisons. Proc. IEEE 94, 1927–1935 (2006)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Masashi Une
    • 1
  • Akira Otsuka
    • 2
  • Hideki Imai
    • 2
    • 3
  1. 1.Center for Information Technology Studies (CITECS), Institute for Monetary and Economic Studies (IMES), Bank of Japan, 2-1-1, Nihonbashi-Hongokucho, Chuo, Tokyo 103-8660Japan
  2. 2.Research Center for Information Security (RCIS), National Institute of Advanced Industrial Science and Technology (AIST), Akihabara-Daibiru Room 1102, 1-18-13, Sotokanda, Chiyoda, Tokyo 101-0021Japan
  3. 3.Faculty of Science and Engineering, Chuo University, 1-13-27, Kasuga, Bunkyo, Tokyo 112-8551Japan

Personalised recommendations