Biometric perils and patches

Abstract Biometrics authentication offers many advantages over conventional authentication systems that rely on possessions or special knowledge. With conventional technology, often the mere possession of an employee ID card is proof of ID, while a password potentially can be used by large groups of colleagues for long times without change. The fact that biometrics authentication is non-repudiable (hard to refute) and, yet, convenient, is among its most important advantages. Biometrics systems, however, suffer from some inherent biometrics-specific security threats. These threats are mainly related to the use of digital signals and the need for additional input devices, though we also discuss brute-force attacks of biometrics systems. There are also problems common to any pattern recognition system. These include “wolves” and “lambs”, and a new group we call “chameleons”. An additional issue with the use of biometrics is the invasion of privacy because the user has to enroll with an image of a body part. We discuss these issues and suggest some methods for mitigating their impact.

[1]  Douglas A. Reynolds,et al.  SHEEP, GOATS, LAMBS and WOLVES A Statistical Analysis of Speaker Performance in the NIST 1998 Speaker Recognition Evaluation , 1998 .

[2]  Sharath Pankanti,et al.  BIOMETRIC IDENTIFICATION , 2000 .

[3]  Anil K. Jain,et al.  A Real-Time Matching System for Large Fingerprint Databases , 1996, IEEE Trans. Pattern Anal. Mach. Intell..

[4]  John Daugman,et al.  High Confidence Visual Recognition of Persons by a Test of Statistical Independence , 1993, IEEE Trans. Pattern Anal. Mach. Intell..

[5]  Sharath Pankanti,et al.  An identity-authentication system using fingerprints , 1997, Proc. IEEE.

[6]  T. Parthasarathy,et al.  Development of a Mathematical Formula for the Calculation of Fingerprint Probabilities Based on Individual Characteristics , 1977 .

[7]  B. Miller,et al.  Vital signs of identity [biometrics] , 1994, IEEE Spectrum.

[8]  Bruce Schneier,et al.  Inside risks: the uses and abuses of biometrics , 1999, CACM.

[9]  S. Sclove The Occurrence of Fingerprint Characteristics as a Two-Dimensional Process , 1979 .

[10]  Chitra Dorai,et al.  Detecting dynamic behavior in compressed fingerprint videos: distortion , 2000, Proceedings IEEE Conference on Computer Vision and Pattern Recognition. CVPR 2000 (Cat. No.PR00662).

[11]  Bruce Schneier,et al.  SECURITY PITFALLS IN CRYPTOGRAPHY , 1998 .

[12]  Robert M. Davison,et al.  GSS for presentation support , 2000, CACM.

[13]  Anil K. Jain,et al.  FVC2000: Fingerprint Verification Competition , 2002, IEEE Trans. Pattern Anal. Mach. Intell..

[14]  Nalini K. Ratha,et al.  Enhancing security and privacy in biometrics-based authentication systems , 2001, IBM Syst. J..

[15]  B. Ripley,et al.  Pattern Recognition , 1968, Nature.