论文信息 - A False Rejection Oriented Threat Model for the Design of Biometric Authentication Systems

A False Rejection Oriented Threat Model for the Design of Biometric Authentication Systems

For applications like Terrorist Watch Lists and Smart Guns, a false rejection is more critical than a false acceptance. In this paper a new threat model focusing on false rejections is presented, and the “standard” architecture of a biometric system is extended by adding components like crypto, audit logging, power, and environment to increase the analytic power of the threat model. Our threat model gives new insight into false rejection attacks, emphasizing the role of an external attacker. The threat model is intended to be used during the design of a system.

Pieter H. Hartel | Raymond N. J. Veldhuis | Asker M. Bazen | Ileana Buhan

[1] Sharath Pankanti,et al. Guide to Biometrics , 2003, Springer Professional Computing.

[2] Anil K. Jain,et al. Attacks on biometric systems: a case study in fingerprints , 2004, IS&T/SPIE Electronic Imaging.

[3] Nalini K. Ratha,et al. Biometrics break-ins and band-aids , 2003, Pattern Recognit. Lett..

[4] Luke Wildman,et al. A taxonomy of attacks on secure devices , 2003 .

[5] Andrew P. Moore,et al. Attack Modeling for Information Security and Survivability , 2001 .

[6] Bart Preneel,et al. Threat Modelling for Security Tokens in Web Applications , 2004, Communications and Multimedia Security.

[7] Ton van der Putte,et al. Biometrical Fingerprint Recognition: Don't Get Your Fingers Burned , 2001, CARDIS.

[8] Pieter H. Hartel,et al. The state of the art in abuse of biometrics , 2005 .

[9] Mike Bone,et al. Biometrics for Narcoterrorist Watch List Applications , 2003 .

[10] Pieter H. Hartel,et al. Biometric verification based on grip-pattern recognition , 2004, IS&T/SPIE Electronic Imaging.

[11] Somesh Jha,et al. Automated generation and analysis of attack graphs , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[12] Sharath Pankanti,et al. Biometrics: a grand challenge , 2004, ICPR 2004.

[13] Gerhard Jentzsch,et al. Working group on , 1991 .

[14] P. Vittoz. Man , 1962, Bloom.

[15] Arslan Br̈omme. A FRAMEWORK FOR SECURITY EVALUATION AND TESTING OF BIOMETRIC TECHNOLOGY ” , 2003 .