Vulnerability Assessment of Fingerprint Matching Based on Time Analysis

  • Javier Galbally
  • Sara Carballo
  • Julian Fierrez
  • Javier Ortega-Garcia
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5707)


A time analysis of a reference minutiae-based fingerprint matching system is presented. We study the relation between the score generated by the system (NFIS2 from NIST) and the time required to produce the matching score. Experimental results are carried out on a subcorpus of the MCYT database and show a clear correlation between both matching variables (time and score). Thus, a new threat against biometric systems is arisen as attacks based on the matching score could be largely simplified if the time information is used instead.


Vulnerability Assessment Biometric System Matching Time Brute Force Attack Fingerprint Match 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Galbally, J., Fierrez, J., et al.: On the vulnerability of fingerprint verification systems to fake fingerprint attacks. In: Proc. IEEE of International Carnahan Conference on Security Technology (ICCST), pp. 130–136 (2006)Google Scholar
  2. 2.
    Uludag, U., Jain, A.K.: Attacks on biometric systems: a case study in fingerprints. In: Proc. SPIE-IE, vol. 5306, pp. 622–633 (2004)Google Scholar
  3. 3.
    Hill, C.J.: Risk of masquerade arising from the storage of Biometrics, B.S. Thesis. Autralian National University (2001)Google Scholar
  4. 4.
    CC: Common Criteria for Information Technology Security Evaluation. v3.1 (2006)Google Scholar
  5. 5.
    BEM: Biometric Evaluation Methodology. v1.0 (2002)Google Scholar
  6. 6.
    Adler, A.: Sample images can be independently restored from face recognition templates. In: Proc. Canadian Conference Electrical and Computing Engineering (CCECE), vol. 2, pp. 1163–1166 (2003)Google Scholar
  7. 7.
    Martinez-Diaz, M., Fierrez, J., et al.: Hill-climbing and brute force attacks on biometric systems: a case study in match-on-card fingerprint verification. In: Proc. IEEE of International Carnahan Conference on Security Technology (ICCST), pp. 151–159 (2006)Google Scholar
  8. 8.
    Galbally, J., Fierrez, J., Ortega-Garcia, J.: Bayesian hill-climbing attack and its application to signature verification. In: Lee, S.-W., Li, S.Z. (eds.) ICB 2007. LNCS, vol. 4642, pp. 386–395. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  9. 9.
    Kocher, P.C.: Timing attacks on implementations of diffie-hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
  10. 10.
    Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, p. 388. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  11. 11.
    Watson, G.I., Garris, M.D., et al.: User’s guide to NIST Fingerprint Image Software 2 (NFIS2). National Institute of Standards and Technology (2004)Google Scholar
  12. 12.
    Ortega-Garcia, J., Fierrez-Aguilar, J., et al.: MCYT baseline corpus: a bimodal biometric database. IEE Proc. Vision, Image and Signal Processing 150, 391–401 (2003)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Javier Galbally
    • 1
  • Sara Carballo
    • 1
  • Julian Fierrez
    • 1
  • Javier Ortega-Garcia
    • 1
  1. 1.Biometric Recognition Group–ATVS, EPSUniversidad Autonoma de MadridMadridSpain

Personalised recommendations