The state of the art in abuse of biometrics

For applications like Terrorist Watch Lists and Smart Guns, a false rejection is more critical than a false acceptance. In this paper a new threat model focusing on false rejections is presented, and the standard architecture of a biometric system is extended by adding components like crypto, audit logging, power, and environment to increase the analytic power of the threat model. Our threat model gives new insight into false rejection attacks, emphasizing the role of an external attacker. The threat model is intended to be used during the design of a system.

[1]  B. Gladman,et al.  Security Engineering: a Guide to Building Dependable Distributed Systems Physical Tamper Resistance 14.1 Introduction , 2022 .

[2]  Nalini K. Ratha,et al.  Biometrics break-ins and band-aids , 2003, Pattern Recognit. Lett..

[3]  Luke Wildman,et al.  A taxonomy of attacks on secure devices , 2003 .

[4]  Stephen M. Matyas,et al.  A Biometric Standard for Information Management and Security , 2000, Comput. Secur..

[5]  Nalini K. Ratha,et al.  Enhancing security and privacy in biometrics-based authentication systems , 2001, IBM Syst. J..

[6]  Sharath Pankanti,et al.  Biometrics: a grand challenge , 2004, Proceedings of the 17th International Conference on Pattern Recognition, 2004. ICPR 2004..

[7]  Sharath Pankanti,et al.  Guide to Biometrics , 2003, Springer Professional Computing.

[8]  P. Vittoz Man , 1962, Bloom.

[9]  Arslan Br̈omme A FRAMEWORK FOR SECURITY EVALUATION AND TESTING OF BIOMETRIC TECHNOLOGY ” , 2003 .

[10]  Pieter H. Hartel,et al.  Biometric verification based on grip-pattern recognition , 2004, IS&T/SPIE Electronic Imaging.

[11]  D. L. Lough,et al.  A taxonomy of computer attacks with applications to wireless networks , 2001 .

[12]  Sharath Pankanti,et al.  BIOMETRIC IDENTIFICATION , 2000 .

[13]  Somesh Jha,et al.  Automated generation and analysis of attack graphs , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[14]  Gerhard Jentzsch,et al.  Working group on , 1991 .

[15]  Anil K. Jain,et al.  Attacks on biometric systems: a case study in fingerprints , 2004, IS&T/SPIE Electronic Imaging.

[16]  Andrew P. Moore,et al.  Attack Modeling for Information Security and Survivability , 2001 .

[17]  Mike Bone,et al.  Biometrics for Narcoterrorist Watch List Applications , 2003 .

[18]  Ton van der Putte,et al.  Biometrical Fingerprint Recognition: Don't Get Your Fingers Burned , 2001, CARDIS.

[19]  Bruce Schneier,et al.  Inside risks: the uses and abuses of biometrics , 1999, CACM.