Towards the Security Evaluation of Biometric Authentication Systems

Despite the obvious advantages of biometric authentication systems over traditional security ones (based on tokens or passwords), they are vulnerable to attacks which may considerably decrease their security. In order to contribute in resolving such problematic, we propose a modality-independent evaluation methodology for the security evaluation of biometric systems. It is based on the use of a database of common threats and vulnerabilities of biometric systems, and the notion of risk factor. The proposed methodology produces a security index which characterizes the overall security level of biometric systems. We have applied it on two different biometric systems (one research laboratory implementation of keystroke dynamics and a commercial system for physical access control using fingerprints) for clarifying its benefits.

[1]  Christophe Rosenberger,et al.  GREYC keystroke: A benchmark for keystroke dynamics biometric systems , 2009, 2009 IEEE 3rd International Conference on Biometrics: Theory, Applications, and Systems.

[2]  Bruce Schneier,et al.  Inside risks: the uses and abuses of biometrics , 1999, CACM.

[3]  Robert J. Ellison,et al.  Attack Trees , 2009, Encyclopedia of Biometrics.

[4]  J. Wayman,et al.  ANALYSIS OF SECURITY VULNERABILITIES IN BIOMETRIC SYSTEMS , 2009 .

[5]  Andy Adler,et al.  Biometric System Security , 2008 .

[6]  G. Stoneburner,et al.  Risk Management Guide for Information Technology Systems: Recommendations of the National Institute of Standards and Technology , 2002 .

[7]  Nalini K. Ratha,et al.  An Analysis of Minutiae Matching Strength , 2001, AVBPA.

[8]  Anil K. Jain,et al.  Attacks on biometric systems: a case study in fingerprints , 2004, IS&T/SPIE Electronic Imaging.

[9]  Jean-Yves Ramel,et al.  User Classification for Keystroke Dynamics Authentication , 2007, ICB.

[10]  D. Scheuermann,et al.  On security evaluation of fingerprint recognition systems , 2010 .

[11]  Despina Polemi,et al.  Application of Multi-criteria Analysis for the Creation of a Risk Assessment Knowledgebase for Biometric Systems , 2004, ICBA.

[12]  Douglas A. Reynolds,et al.  SHEEP, GOATS, LAMBS and WOLVES A Statistical Analysis of Speaker Performance in the NIST 1998 Speaker Recognition Evaluation , 1998 .

[13]  Václav Matyás,et al.  Biometric authentication - security and usability , 2002, Communications and Multimedia Security.

[14]  Anil K. Jain,et al.  Handbook of Fingerprint Recognition , 2005, Springer Professional Computing.

[15]  Sedat Akleylek,et al.  Security requirements for cryptographic modules , 2013 .

[16]  Carol Woody,et al.  Introduction to the OCTAVE ® Approach , 2003 .

[17]  Sharath Pankanti,et al.  Biometrics: a grand challenge , 2004, Proceedings of the 17th International Conference on Pattern Recognition, 2004. ICPR 2004..

[18]  Shaogang Gong,et al.  Audio- and Video-based Biometric Person Authentication , 1997, Lecture Notes in Computer Science.

[19]  Baptiste Hemery,et al.  A study of users' acceptance and satisfaction of biometric systems , 2010, 44th Annual 2010 IEEE International Carnahan Conference on Security Technology.