Encyclopedia of Biometrics

Living Edition
| Editors: Stan Z. Li, Anil K. Jain

Biometric Vulnerabilities: Overview

  • Andy AdlerEmail author
  • Stephanie A. C. Schuckers
Living reference work entry

Latest version View entry history

DOI: https://doi.org/10.1007/978-3-642-27733-7_65-3


Biometric systems, like all security systems, have vulnerabilities. This entry provides a survey of the many possible points of attack against traditional biometric systems. The vulnerabilities of nontraditional systems, such as those based on encoded biometrics, are surveyed in the article Template Security and Security and Liveness, Overview. Here, biometric system security is defined by its absence: a vulnerability in biometric security results in incorrect recognition or failure to correctly recognize individuals. This definition includes methods to falsely accept an individual (spoofing), to decrease overall system performance (denial of service), or to attack another system via leaked data (identity theft). In this entry, each stage of biometrics processing is analyzed and the potential vulnerabilities discussed. Techniques to structure the analysis of vulnerabilities, such Attack Trees, are described, and four application scenarios and their vulnerabilities are considered.


This entry surveys the many types of security vulnerabilities in traditional biometric systems. For a more general survey of security issues in biometric systems, including those for novel and encrypted biometric schemes, see Security and Liveness: Overview. Biometric system vulnerabilities are defined as avenues of attack against a biometric system that involve an active attacker. The resistance of a biometric system to zero-effort attack is the system false accept rate (FAR), and this value is generally considered to be the performance of the biometric system. Since there are many configurations for biometric systems and many possible ways to attack each, the topic of biometric system vulnerabilities is necessarily very broad; this entry describes classes of biometric applications and review the vulnerabilities of each.

Note that this entry concentrates on system vulnerabilities which are part of the biometric processing itself. Since biometric systems are implemented on server computers, they are vulnerable to all cryptographic, virus, and other attacks which plague modern computer systems [5]; we point out these issues, but do not cover them in detail.

Biometric Subsystems and Vulnerabilities

In order to classify biometric security vulnerabilities, it is typical to study each subsystem and interconnection in a system diagram (Fig. 1). Early work is presented in [15], with later contributions coming from [3, 21, 22]. We consider each system module in turn:
Fig. 1

Biometric system block diagram (from [8]). Steps AH are analyzed in detail in this entry. Each presented sample (B) is acquired by a sensor (C) processed via segmentation (D) and feature extraction (D) algorithms. If available, a sample quality (E) assessment algorithm is used to indicate a need to reacquire the sample. Biometric features are encoded into a template, which is stored (H) in a database, on an identity card or in secure hardware. For biometric encryption systems, a code or token is combined with the biometric features in the template. During enrollment, biometric samples are linked to a claimed identity (A), and during subsequent verification or identification, samples are tested against enrolled samples, using a matching algorithm (I), and an identity decision (J) is made, either automatically or by a human agent reviewing biometric system outputs

Identity Claim (A)

Identity claims are not biometric properties, but form an essential part of most biometric security systems. Exceptions are possible: an example is verifying a season ticket holder; the person’s identity does not matter, as long as they have paid. Identity claims are primarily based on links to government-issued identity documents and are thus vulnerable to all forms of fraud of such documents. This is a problem even for highly secure documents, such as passports, which are often issued on the basis of less secure “breeder documents” [17] such as birth certificates issued by local government, hospital, or even religious authorities.

Presentation (B)

An attack on the biometric sensor provides a false biometric sample into the system. Such attacks are designed to either avoid detection (false negative) or masquerade as another (false positive). The latter attack is typically called spoofing, but spoofing can also be used more generally to mean both cases. Clearly, avoiding detection is easier than masquerading, since features simply need to be changed enough to confuse the segmentation or feature extraction module. Changing makeup, facial hair, and glasses or abrading or wetting fingers is often successful, although recent progress in biometric algorithms has reduced the effectiveness of such techniques. There have been reported examples of altering fingerprints including cuts, destruction, or surgical replacement of the fingerprint [23]. Knowledge of the details of algorithms can make such attacks easier; for example, rotating the head will confuse some iris recognition algorithms that do not expect image rotation of more than a few degrees.

An artificial biometric which copies that of an authorized user is called a “spoof.” The most well-known artificial biometrics or “spoofs” are for fingerprint, through relatively simple techniques using casts of a finger with molds made of household materials [13, 20]. A morbid concern is the use of dismembered fingers, which can be scanned and verified against enrolled fingers. Other modalities may be spoofed: face using pictures or high- resolution video, iris with contact lenses, and voice recordings for voice biometrics [20]. Techniques to make spoofing more difficult include liveness, layered biometrics, and use of biometrics in combination with a challenge response, passwords, tokens, or smart cards. The goal of liveness detection is to determine if the biometric being captured is an actual measurement from a live person who is present at the time of capture [12]. Liveness detection is a subset of presentation attack detection methods, a broader category which also includes altered biometric detection and methods to detect spoofing which do not necessarily rely on liveness of the individual. Standards are under development by the International Standards Organization under the Subcommittee on Biometrics [9]. Typically, liveness is a secondary measure after biometric authentication which must be met in order to achieve a positive response. Liveness detection examples may include specialized hardware such as pulse oximetry based or software such as measuring texture information in the fingerprint [19].

Sensor (C)

Attacks on the biometric sensor include any technique which subverts or replaces the sensor hardware. In some cases subverting the sensor allows complete bypassing of the biometric system. For example, in some biometric door locks, the sensor module includes the entire biometric system including a Wiegand output or relay output to activate the solenoid in a door lock. Subverting such a system may be as simple as physically bypassing the biometric system.

In many cases, an attack on the sensor would take the form of a replay. The connection between the biometric sensor and the biometric system is subverted to allow input of arbitrary signals, and images from legitimate users are input into the system. In order to obtain the signals, several strategies may be employed. Eavesdropping requires accessing the wiring of the sensor. For biometrics using contactless smart cards such eavesdropping becomes more feasible (see [2]). Another approach is to record signals from a sensor under the control of the attacker. Protection typically requires cryptographic techniques to prevent capture and relay of signals and replacement of the sensor [5]. This imposes a larger cost for sensors with integrated cryptographic capability and for management of the security and key infrastructure.

Segmentation (D)

Biometric segmentation extracts the image or signal of interest from the background, and a failure to segment means the system does not detect the presence of the appropriate biometric feature. Segmentation attacks may be used to escape surveillance or to generate a denial of service (DoS) attack. For example, consider a surveillance system in which the face detection algorithm assumes faces have two eyes. By covering an eye, a person is not detected in the biometric system. Another example would be where parts of a fingerprint core are damaged to cause a particular algorithm to mislocate the core. Since the damaged area is small, it would not arouse the suspicion of an agent reviewing the images.

Feature Extraction (E)

Attacks of the feature extraction module can be used either to escape detection or to create impostors. The first category raises issues similar to those in segmentation. Knowledge of the feature extraction algorithms can be used to design special features in presented biometric samples to cause incorrect features to be calculated.

Characterizing Feature Extraction Algorithms: In order to implement such an attack, it is necessary to discover the characteristics of the feature extraction algorithm. Are facial hair or glasses excluded (face recognition)? How are the eyelid/eyelash regions detected and cropped (iris recognition)? Most current high-performing biometric recognition algorithms are proprietary but are often based on published scientific literature, which may provide such information. Another approach is to obtain copies of the biometric software and conduct off-line experiments. Biometric algorithms are likely susceptible to reverse engineering techniques.

Biometric “Zoo”: There is great variability between individuals in terms of the accuracy and reliability of their calculated biometric features. Doddington et al. developed a taxonomy for different user classes [4]. Sheep are the dominant type, and biometric systems perform well for them. Goats are difficult to recognize. They adversely affect system performance, accounting for a significant fraction of the FRR. Lambs are easy to imitate – a randomly chosen individual is likely to be identified as a lamb. They account for a significant fraction of the FAR. Wolves are more likely to be identified as other individuals, and account for a large fraction of the FAR. The existence of lambs and wolves represents a vulnerability to biometric systems. If wolves can be identified, they may be recruited to defeat systems; similarly, if lambs can be identified in the legitimate user population, either through correlation or via directly observable characteristics, they may be targets of attacks.

Quality Control (F)

Evaluation of biometric sample quality is important to ensure low biometric error rates. Most systems, especially during enrollment, verify the quality of input images. Biometric quality assessment is an active area of research, and current approaches are almost exclusively algorithm specific. If the details of the quality assessment module can be measured (either though trial and error or through off-line analysis), it may be possible to create specific image features which force classification in either category. Quality assessment algorithms often look for high-frequency noise content in images as evidence of poor quality, while line structures in images indicate higher quality. Attacks on the quality control algorithm are of two types: classifying a good image as poor and classifying a low-quality image as good. In the former case, the goal of the attack would be to evade detection, since poor images will not be used for matching. In the latter case, low-quality images will be enrolled. Such images may force internal match thresholds to be lowered (either for that image or, in some cases, globally). Such a scenario will create “lambs” in the database and increase system FAR.

Template Creation (G)

Biometric features are encoded into a template, a (proprietary or standards-conforming) compact digital representation of the essential features of the sample image. It has been claimed that since template creation is a one-way function, it is impossible or infeasible to regenerate the image from the templates [6]; however it has been shown that it is generally possible to regenerate versions of biometric sample images from templates [10]. These regenerated images may be used to masquerade at the sensor or to generate a spoofed biometric for presentation (see Biometric Template Security).

Interoperability: Government applications of biometrics need to be concerned with interoperability. Biometric samples enrolled on one system must be usable on other vendor systems if a government is to allow cross-jurisdictional use and to avoid vendor lock-in. However, studies of biometric interoperability have revealed it to be difficult, even when all vendors are conform to standards. Tests of the International Labour Organization seafarer’s ID card [1] showed incompatibilities with the use of the minutiae-type “other” and incompatible ways to quantize minutiae angles. Such interoperability difficulties present biometric system vulnerabilities, which could be used to increase FRR or for a DoS attack.

Data Storage (H)

Enrolled biometric templates are stored for future verification or identification. Vulnerabilities of template storage concern modifying the storage (adding, modifying, or removing templates), copying template data for secondary uses (identity theft or directly inputting the template information at another stage of the system to achieve authentication), or modifying the identity to which the biometric is assigned.

Storage may take many forms, including databases (local or distributed), on ID documents (into a smart card [2] or 2D barcode [1]), or on electronic devices (a hardened token [7], laptop, mobile telephone, or door access module). Template data may be in plaintext, encrypted, or digitally signed. In many government applications, it may be necessary to provide public information on the template format and encryption used, in order to reassure citizens about the nature of the data stored on their ID cards, but this may also increase the possibility of identity theft. Vulnerabilities of template storage are primarily those of the underlying computer infrastructure and are not dealt with in detail here.

Template Transmission: The transmission medium between the template storage and matcher is similarly vulnerable to the template storage. In many cases, attacks against template data transmission may be easier than against the template storage. This is especially the case for passive eavesdropping and recording of data in transit for wireless transmission (such as contactless ID cards). Encrypted transmission is essential, but may still be vulnerable to key discovery [2].

Matching (I)

A biometric matcher calculates a similarity score related to the likelihood that two biometric samples are from the same individual. Attacks against the matcher are somewhat obscure, but may be possible in certain cases. For biometric fusion systems extreme scores in one biometric modality may override the inputs from other modalities. Biometric matchers which are based on Fisher discriminant strategies calculate global thresholds based on the between-class covariance, which may be modified by enrolling specifically crafted biometric samples.

Decision (J)

Biometric decisions are often reviewed by a human operator (such as for most government applications). Such operators are well known to be susceptible to fatigue and boredom. One of the goals of DoS attacks can be to force operators to abandon a biometric system or to mistrust its output (by causing it to produce a sufficiently large number of errors) [5].

Attack Trees

Complex systems are exposed to multiple possible vulnerabilities, and the ability to exploit a given vulnerability is dependent on a chain of requirements. Vulnerabilities vary in severity and may be protected against by various countermeasures, such as supervision of enrollment or verification, liveness detection, template anonymization, cryptographic storage and transport, and traditional network security measures. Countermeasures vary in maturity, cost, and cost-effectiveness. In order to analyze such a complex scenario, the factors may be organized into attack trees. This analysis methodology was developed by Schneier [18] and formalized by Moore et al. [14]. In [18], the example attack “Open Safe” is analyzed to occur due to “Pick Lock,” “Learn Combo,” “Cut Open Safe,” or “Install Improperly.” “Learn Combo” may, in turn, occur due to “Eavesdrop,” “Bribe,” or other reasons, which in turn depend on further factors. The requirements for each factor can be assessed (eavesdropping requires a technical skill, while bribing requires an amount of money). Attack trees may be analyzed by assigning each node with a feasibility, the requirement for special equipment, or cost.

Attack tree techniques for biometric system security have been developed by Cukic and Barlow [3]. Figure 2 shows a fraction of the attack tree of [3] for image regeneration from templates [22].
Fig. 2

Attack tree fraction adapted from [3] (dotted blocks represent removed tree portions) to implement the template regeneration attack of [22]. AND/OR nodes indicate that all/one of the subblocks are/is required

Application Profiles and Vulnerabilities

This entry reviews a large list of possible vulnerabilities in biometric security systems. Such a large list can perhaps give the impression that biometric systems are extremely insecure. In this context, it is important to clarify that many potential vulnerabilities are not a concern in many biometric applications. For example, in a particular application, if security is one of the primary reasons for choosing a biometric (over, say, convenience), it is also important to look at the context of the security mechanism it is replacing. One could certainly argue that biometrically enabled passports (even with weaknesses as discussed below) have improved security in this application over conventional passports.

In order to clarify the security requirements of various biometric implementations, four different biometric application scenarios are considered: government ID cards, physical access, computer and network access, and digital content protection.

Government Identity Cards

Perhaps the most widely discussed applications for biometrics are for government identity cards. For example, the ICAO machine-readable passport standards require biometric data in passports. Passports have an embedded contactless smart card, into which face recognition (mandatory) and fingerprint or iris (optional) biometric templates are stored encrypted in a standardized format.

In order to allow data interchange, the encryption key is based on information available in machine-readable zone. For example, it was possible to contactlessly read the UK passports [2]. This raises the concern that biometric and biographical data may be surreptitiously copied and used for identity theft. Biometric-enabled passports have been strongly criticized by privacy advocates (e.g., [16]). Given the privacy concerns associated with a large government database, several authors have questioned whether the additional security is worth it [17].

Government ID applications of biometrics are characterized by the following requirements and concerns:
  • Interoperability and standards compliance: Interoperability is difficult to achieve for complex systems such as biometrics (e.g., [1]); systems which do not interoperate well give poor performance and are vulnerable to attacks such as denial of service.

  • Cryptographic compatibility: In order to allow interchange of encrypted documents, public key cryptographic systems are required, in which the public keys are made available to receiving governments. Considering the wide distribution of keys, it must be assumed that the public keys will be fairly easily available to attackers.

  • Large databases of vulnerable data: Identity document data is typically stored in large centralized databases; however, these become vulnerable and high-value targets for attack. Several high-profile cases of compromise of government databases have occurred.

  • Secondary use of government IDs: Government identity cards often have secondary uses; for example, driver’s licenses are used to prove name, age, and even citizenship. This means that biometric documents designed for a narrow range of security concerns may be used in very different threat environments, with inadvertent side effects.

  • Typically supervised use: For most applications of government biometric identity, the point of application will be supervised (e.g., immigration control). This makes spoofing more difficult for these applications.

Physical Access

Physical access systems for biometrics are typically for government and industrial applications. In “time and attendance systems” biometrics measure arrival and departure times of staff. In physical access security systems, secure spaces are controlled by biometric sensors. These spaces may be an entire site or restricted parts of a worksite.

Physical access applications are characterized by the following requirements and concerns:
  • Concern about privacy: Staff are often concerned that biometric records will be controlled by the employer and may be provided to police. It is important to address this concern both technically and by clear communication with staff.

  • Unsupervised sensors: Physical access sensors are typically unsupervised. This means that there is a potential vulnerability to spoofing and other attacks at the presentation and sensor.

  • Workarounds: It is well known that busy staff see security as a burden to work around. Biometrics has the advantage that staff often see it as more convenient than keys or identity cards, encouraging compliance. However, if the system is implemented in a cumbersome way, there is an incentive to work around burdensome infrastructure, by propping open doors, sharing keys, and manual overrides.

Computer and Network Access

A biometric system can facilitate secure access to computer systems and networks; this is an important requirement in government, health care, and banking applications, as well as many others. Biometric sensors are currently delivered with some laptop computers and mobile telephones. These applications are characterized by the following requirements and concerns:
  • Assurance levels: The biometric system security needs to be matched to the security level (or assurance level) of the overall system. An excellent review of the security of biometric authentication systems is [7]. Each assurance level from “passwords and PINs” to “hard crypto token” is analyzed to determine whether (and which type of) biometric devices are suitable.

  • Network attacks: Biometric systems for network access are vulnerable to many of the attacks which can be mounted across a computer network. Examples are relay of issued credentials, and virus and other security compromises of the desktop computers (to which biometrics are often attached). Security must therefore include computer security and cryptographic protection of biometric data and security tokens.

  • Password caching: Many biometric software solutions do not actually replace passwords, but simply keep a cache of security keys. A valid biometric sample will make the software search for the appropriate key to unlock the application. However, this means that cracking the software will release both the security keys and the biometric template of the user.

Digital Content Protection

Biometrics have been considered as a way to protect copyright content, such as music and videos. In such a scenario, the content is encrypted and bound to the biometrics of the purchaser [11]. It may be assumed that biometrically locked digital documents will be subject to attacks, especially since both the documents and the software to access them will be widely distributed [11]. These applications are characterized by the following concerns:
  • Incentive to crack systems: Digital content protection systems are under the control of a (often hostile) user population which creates an incentive to crack the security systems. Additionally, any such security breaches tend to be published on the Internet resulting in wide-scale use and potential poor publicity for the content providers.

  • Privacy and identity theft concerns: Locking of digital content with biometrics tends to create concerns about privacy among users, since breaches of the security can potentially compromise the biometric security for large numbers of users.


This entry provides a broad overview of vulnerabilities in biometric systems. Vulnerabilities are defined in terms of possible active attacks against biometric systems. A model of biometric processing [8] is considered in detail, and the potential vulnerabilities at each stage of processing are considered: identity claim, presentation, sensor, segmentation, feature extraction, quality control, template creation, data storage, matching, and decision. In order to understand the vulnerabilities of a large biometric system, attack tree methods are explained. Finally, four example scenarios are given for biometric applications; the vulnerabilities are considered: government identity cards, physical access, computer and network access, and digital content protection. However, in addition to the vulnerabilities specific to the biometric technology, it is important to note that the vulnerabilities of any networked computer security system continue to be a concern; specifically, such systems are vulnerable to social engineering and all the security issues which plague modern computer networks. Finally, biometric vulnerabilities must be compared to those of the systems they are designed to replace. In many cases, the biometric system, with the vulnerabilities considered in this entry, will still be dramatically more secure than identity cards, passwords, or other tokens. Additionally combinations of biometrics with traditional methods (e.g., biometric and pin) may provide additional security as each may have different vulnerabilities.

Related Entries


  1. 1.
    Biometric testing campaign report (addendum to part i), Technical report, International Labour Organization, Geneva, 2005, http://www.ilo.org/public/english/dialogue/sector/papers/maritime/sid-test-report2.pdf
  2. 2.
    Cracked it! The Guardian, 17 Nov 2006, http://www.guardian.co.uk/idcards/story/0,,1950229,00.html
  3. 3.
    B. Cukic, N. Barlow, Threats and countermeasures, in Biometrics Consortium Conference, Washington, DC, 2005Google Scholar
  4. 4.
    G. Doddington, W. Liggett, A. Martin, N. Przybocki, D. Reynolds, Sheep, goats, lambs and wolves: an analysis of individual differences in speaker recognition performance, in Proceedings of the International Conference on Auditory-Visual Speech Processing, Sydney, 1998Google Scholar
  5. 5.
    N. Ferguson, B. Schneier, Practical Cryptography. Wiley, Hoboken (2003)Google Scholar
  6. 6.
    Generating images from templates, Technical report, 2002, http://www.ibgweb.com/reports/public/reports/templates_images.html
  7. 7.
    InterNational Committee for Information Technology Standards (INCITS), Study report on biometrics in e-authentication, technical report incits m1/06-0693. Technical report, 2006 http://www.incits.org/tc_home/m1htm/2006docs/m1060693.pdf
  8. 8.
    ISO, Standing document 2, version 5 – harmonized biometric vocabulary. Technical report, 2006. Technical report ISO/IEC JTC 1/SC 37 N 1480Google Scholar
  9. 9.
    ISO/IEC Working Draft 30107, Information technology – anti-spoofing and liveness detection. ISO/IEC JTC 1/SC 37 BiometricsGoogle Scholar
  10. 10.
    A.K. Jain, A. Nagar, K. Nandakumar, Biometric template security. EURASIP J. Adv. Signal Process. Article ID 579416, 17pp (2008)Google Scholar
  11. 11.
    D. Kundur, C.-Y. Lin, B. Macq, H. Yu, Special issue on enabling security technologies for digital rights management, in Proceedings of the IEEE, vol. 92, 2004, pp. 879–882Google Scholar
  12. 12.
    Liveness detection in biometric systems, Technical report, 2002, http://www.ibgweb.com/reports/public/reports/liveness.html
  13. 13.
    T. Matsumoto, H. Matsumoto, K. Yamada, S. Hoshino, Impact of artificial “gummy” fingers on fingerprint systems. 4677 (2002) Proceedings of SPIE Google Scholar
  14. 14.
    A.P. Moore, R.J. Ellison, R.C. Linger, Attack modeling for information security and survivability. Technical report, Carnegie Mellon University, Pittsburgh, 2001Google Scholar
  15. 15.
    N.K. Ratha, J.H. Connell, R.M. Bolle, Enhancing security and privacy in biometrics-based authentication systems. IBM Syst. J. 40, 614–634 (2001)CrossRefGoogle Scholar
  16. 16.
    P.E. Ross, Loser: passport to nowhere. IEEE Spectr. 42, 54–55 (2005)CrossRefGoogle Scholar
  17. 17.
    M.B. Salter, Passports, mobility, and security: how smart can the border be? Int. Stud. Perspect. 5, 71–91 (2004)CrossRefGoogle Scholar
  18. 18.
    B. Schneier, Attack trees. Dr. Dobb’s J. 24, 21–29 (1999)Google Scholar
  19. 19.
    B. Tan, S. Schuckers, Spoofing protection for fingerprint scanner by fusing ridge signal and valley noise. Pattern Recognit. 43(8), 2845–2857 (2010)CrossRefzbMATHGoogle Scholar
  20. 20.
    L. Thalheim, J. Krissler, Body check: biometric access protection devices and their programs put to the test. c’t Magazine, Nov 2002, http:www.heise.de/ct/english/02/11/114/
  21. 21.
    C. Tilton, Biometrics in e-authentication: threat model, in Biometrics Consortium Conference, Baltimore, 2006, http://www.biometrics.org/bc2006/presentations/Wed_Sep_20/Session_III/Biometrics_and_EAuth/20_Tilton_e-auth_threat.pdf
  22. 22.
    U. Uludag, A.K. Jain, Attacks on biometric systems: a case study in fingerprints, in Proceedings of SPIE-EI 2004, Security, Steganography and Watermarking of Multimedia Contents VI, San Jose, 2004, pp. 622–633Google Scholar
  23. 23.
    S. Yoon, J. Feng, A.K. Jain, Altered fingerprints: analysis and detection. IEEE Trans. Pattern Anal. Mach. Intell. 34(3), 451–464 (2012)CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media New York 2014

Authors and Affiliations

  1. 1.Systems and Computer EngineeringClarkson UniversityOttawa, ONCanada
  2. 2.Clarkson UniversityPotsdam, NYUSA