Security Considerations for the Implementation of Biometric Systems
暂无分享,去创建一个
Biometric systems serve as a component in security systems—they identify individuals to support strong user authentication. As such, the interface between the biometric system and the other components in a security system, as well as potential vulnerabilities inherent within the biometric system, need to be fully understood to avoid introducing points at which an attacker can mount an attack. This has become even more important as the biometrics industry adopts standardized Application Programming Interface definitions, such as BioAPI [1], to allow the interchange of different biometric components, as these interfaces, by definition, are available to developers and attackers alike. This chapter reviews some of the implementation issues that relate to biometric systems within security systems and presents details of steps that can be taken to mitigate potential vulnerabilities. API-specific issues are discussed in Section 20.2; more general system design issues are discussed in Section 20.3; the relationship with privacy issues is covered in Section 20.4; a discussion of the Common Criteria framework appears in Section 20.5; and conclusions are stated in Section 20.6. This chapter presents these issues within the general context of biometrics—all issues are relevant to fingerprints and other types of biometric systems. See [2] for further discussion on fingerprint verification issues on personal digital assistants (PDAs).
[1] J. L. Wayman,et al. Best practices in testing and reporting performance of biometric devices. , 2002 .
[2] Sharath Pankanti,et al. On the Individuality of Fingerprints , 2002, IEEE Trans. Pattern Anal. Mach. Intell..
[3] Nalini K. Ratha,et al. An Analysis of Minutiae Matching Strength , 2001, AVBPA.
[4] Douglas R. Stinson,et al. Cryptography: Theory and Practice , 1995 .
[5] Randall K. Nichols. ICSA guide to cryptography , 1998 .