Towards More Secure Biometric Readers for Effective Digital Forensic Investigation

  • Zouheir Trabelsi
  • Mohamed Al-Hemairy
  • Ibrahim Baggili
  • Saad Amin
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 53)

Abstract

This paper investigates the effect of common network attacks on the performance, and security of several biometric readers. Experiments are conducted using Denial of Service attacks (DoSs) and the ARP cache poisoning attack. The experiments show that the tested biometric readers are vulnerable to DoS attacks, and their recognition performance is significantly affected after launching the attacks. However, the experiments show that the tested biometric readers are secure from the ARP cache poisoning attack. This work demonstrates that biometric readers are easy targets for malicious network users, lack basic security mechanisms, and are vulnerable to common attacks. The confidentiality, and integrity of the log files in the biometric readers, could be compromised with such attacks. It then becomes important to study these attacks in order to find flags that could aid in a network forensic investigation of a biometric device.

Keywords

Fingerprint reader Iris reader Biometrics scanners Denial of Service attack (DoS) forensic investigation Firewall Intrusion Detection/Prevention Systems (IDS/IPS) 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Vacca, J.: Biometric Technologies and Verification Systems. Butterworth-Heinemann Publisher, Butterworths (2007) ISBN-10: 0750679670Google Scholar
  2. 2.
    Wayman, J., Jain, A., Maltoni, D., Maio, D.: Biometric Systems: Technology Design and Performance Evaluation. Springer Publisher, Heidelberg (2004) ISBN-10: 1852335963Google Scholar
  3. 3.
    Chirillo, J., Blaul, S.: Implementing Biometric Security. Wiley Publisher, Chichester (2003) ISBN-10: 0764525026Google Scholar
  4. 4.
    Panasonic Iris reader BM-ET330, Specification Sheet, ftp://ftp.panasonic.com/pub/Panasonic/cctv/SpecSheets/BM-ET330.pdf
  5. 5.
    Nitgen Fingerprint reader NAC 3000, Specification Sheet, http://www.nitgen.com
  6. 6.
    Daugman, J.: Recognising Persons by Their Iris Patterns. In: Li, S.Z., Lai, J.-H., Tan, T., Feng, G.-C., Wang, Y. (eds.) SINOBIOMETRICS 2004. LNCS, vol. 3338, pp. 5–25. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  7. 7.
    The MIT Technology Review in the Emerging Technologies That Will Change the World, Ten emerging technologies that will change the world (January/February 2001), http://www.techreview.com
  8. 8.
    Duagman, J.: How Iris Recognition Works. IEEE Transactions on Circuits and Systems for Video Technology 14, 21–30 (2004)CrossRefGoogle Scholar
  9. 9.
    Tony, M.: Biometric authentication in the real world, Centre for Mathematics and Scientific Computing, National Physical Laboratory, UK (Online) (2001), http://www.npl.co.uk/upload/pdf/biometrics_psrevho.pdf
  10. 10.
    Al-Raisi, A., Al-Khouri, A.: Iris Recognition and the Challenge of Homeland and Border Control Security in UAE. Journal of Telematics and Informatics 25, 117–132 (2008)CrossRefGoogle Scholar
  11. 11.
    Trabelsi, Z., Shuaib, K.: A Novel Man-in-the-Middle Intrusion Detection Scheme for Switched LANs. The International Journal of Computers and Applications 3(3) (2008)Google Scholar
  12. 12.
    FrameIP Packet Generator, http://www.FrameIP.com
  13. 13.
  14. 14.
    Al-Hemairy, M., Trabelsi, Z., Amin, S.: Sniffing Attacks Prevention/Detection Techniques in LAN networks & the effect on Biometric Technology. A thesis submitted to The British University in Dubai, School of Informatics (May 2010)Google Scholar

Copyright information

© ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering 2011

Authors and Affiliations

  • Zouheir Trabelsi
    • 1
  • Mohamed Al-Hemairy
    • 2
  • Ibrahim Baggili
    • 3
  • Saad Amin
    • 4
  1. 1.Faculty of Information TechnologyUAE UniversityAl AinUAE
  2. 2.Research Affairs SectorUAE UniversityAl AinUAE
  3. 3.College of Information Technology, Advanced Cyber Forensics Research LaboratoryZayed UniversityAbu DhabiUAE
  4. 4.College of InformaticsBritish University in DubaiDubaiUAE

Personalised recommendations