A taxonomy of biometric system vulnerabilities and defences

The interest in biometric technology is received much attention in the recent years. However, the security issue still persists the main challenge for the reliable functioning of biometric-based authentication systems. Much has been reported on the vulnerabilities of biometric systems that breach the security and user privacy. We present a high-level classification of biometric system vulnerabilities and discuss the defence techniques of these vulnerabilities. We present a multidimensional threat environment of the biometric systems that includes faults, failures and security attacks. A framework of biometric security attacks on man-machine model is presented and the system vulnerabilities are represented using Ishikawa's diagram. The provable defence techniques such as biometric vitality detection and biometric template protection are critically evaluated, in particular, a classification of current state-of-the-art of vitality detection techniques of commonly used biometrics is proposed. Our main contributions include: 1 propose a taxonomy of biometric system vulnerabilities; 2 present a framework of biometric security attacks using man-machine model; 3 representation of vulnerabilities using Ishikawa's diagram; 4 an evaluation of defence techniques of these vulnerabilities.

[1]  Phalguni Gupta,et al.  Correlation-based classification of heartbeats for individual identification , 2011, Soft Comput..

[2]  Tieniu Tan,et al.  Live face detection based on the analysis of Fourier spectra , 2004, SPIE Defense + Commercial Sensing.

[3]  Nalini K. Ratha,et al.  An Analysis of Minutiae Matching Strength , 2001, AVBPA.

[4]  Y. S. Moon,et al.  Wavelet based fingerprint liveness detection , 2005 .

[5]  Joseph G. Voelkel,et al.  Guide to Quality Control , 1982 .

[6]  Kishor S. Trivedi,et al.  The fundamentals of software aging , 2008, 2008 IEEE International Conference on Software Reliability Engineering Workshops (ISSRE Wksp).

[7]  Gian Luca Marcialis,et al.  Power spectrum-based fingerprint vitality detection , 2007, 2007 IEEE Workshop on Automatic Identification Advanced Technologies.

[8]  Dimitrios Hatzinakos,et al.  Sorted Index Numbers for Privacy Preserving Face Recognition , 2009, EURASIP J. Adv. Signal Process..

[9]  T. Charles Clancy,et al.  Secure smartcardbased fingerprint authentication , 2003, WBMA '03.

[10]  Gérard Chollet,et al.  Audiovisual Speech Synchrony Measure: Application to Biometrics , 2007, EURASIP J. Adv. Signal Process..

[11]  Josef Bigün,et al.  Evaluating liveness by face images and the structure tensor , 2005, Fourth IEEE Workshop on Automatic Identification Advanced Technologies (AutoID'05).

[12]  Y. Singh,et al.  Bioelectrical Signals as Emerging Biometrics: Issues and Challenges , 2012 .

[13]  Anil K. Jain,et al.  Attacks on biometric systems: a case study in fingerprints , 2004, IS&T/SPIE Electronic Imaging.

[14]  Jang-Hee Yoo,et al.  Liveness Detection for Embedded Face Recognition System , 2008 .

[15]  Carl E. Landwehr,et al.  Basic concepts and taxonomy of dependable and secure computing , 2004, IEEE Transactions on Dependable and Secure Computing.

[16]  L. O'Gorman,et al.  Comparing passwords, tokens, and biometrics for user authentication , 2003, Proceedings of the IEEE.

[17]  Shoude Chang,et al.  Artificial finger detection by spectrum analysis , 2011, Int. J. Biom..

[18]  Andrew Beng Jin Teoh,et al.  Secure speech template protection in speaker verification system , 2010, Speech Commun..

[19]  Ton van der Putte,et al.  Biometrical Fingerprint Recognition: Don't Get Your Fingers Burned , 2001, CARDIS.

[20]  Andrew Teoh Beng Jin,et al.  High security Iris verification system based on random secret integration , 2006 .

[21]  Susan Snedakar Vulnerability Assessment Tools , 2007 .

[22]  Michael Wagner,et al.  Liveness Verification in Audio-Video Speaker Authentication , 2004 .

[23]  Bhagavatula Vijaya Kumar,et al.  Biometric Encryption: enrollment and verification procedures , 1998, Defense + Commercial Sensing.

[24]  Nalini K. Ratha,et al.  Biometric perils and patches , 2002, Pattern Recognit..

[25]  Madhu Sudan,et al.  A Fuzzy Vault Scheme , 2006, Des. Codes Cryptogr..

[26]  Stephanie Schuckers,et al.  Spoofing and Anti-Spoofing Measures , 2002, Inf. Secur. Tech. Rep..

[27]  Andrea C. Arpaci-Dusseau,et al.  An analysis of data corruption in the storage stack , 2008, TOS.

[28]  Harry Wechsler,et al.  The FERET database and evaluation procedure for face-recognition algorithms , 1998, Image Vis. Comput..

[29]  Feng Hao,et al.  Combining Crypto with Biometrics Effectively , 2006, IEEE Transactions on Computers.

[30]  S. Rahman,et al.  A New Antispoofing Approach for Biometric Devices , 2008, IEEE Transactions on Biomedical Circuits and Systems.

[31]  Julian Fiérrez,et al.  Author's Personal Copy Future Generation Computer Systems a High Performance Fingerprint Liveness Detection Method Based on Quality Related Features , 2022 .

[32]  Phalguni Gupta,et al.  Biometrics Method for Human Identification Using Electrocardiogram , 2009, ICB.

[33]  Bruce Schneier,et al.  Inside risks: the uses and abuses of biometrics , 1999, CACM.

[34]  Sanjay Kumar Singh,et al.  Fusion of electrocardiogram with unobtrusive biometrics: An efficient individual authentication system , 2012, Pattern Recognit. Lett..

[35]  Satoshi Hoshino,et al.  Impact of artificial "gummy" fingers on fingerprint systems , 2002, IS&T/SPIE Electronic Imaging.

[36]  Julian Fiérrez,et al.  An evaluation of indirect attacks and countermeasures in fingerprint verification systems , 2011, Pattern Recognit. Lett..

[37]  Nalini K. Ratha,et al.  Generating Cancelable Fingerprint Templates , 2007, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[38]  Dario Maio,et al.  Fake finger detection by skin distortion analysis , 2006, IEEE Transactions on Information Forensics and Security.

[39]  Dario Maio,et al.  Fake Fingerprint Detection by Odor Analysis , 2006, ICB.

[40]  Anil K. Jain,et al.  Biometric Template Security , 2008, EURASIP J. Adv. Signal Process..

[41]  Stephanie Schuckers,et al.  Time-series detection of perspiration as a liveness test in fingerprint devices , 2005, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).

[42]  Anil K. Jain,et al.  Handbook of Fingerprint Recognition , 2005, Springer Professional Computing.

[43]  Lawrence G. Bahler,et al.  Speaker verification using randomized phrase prompting , 1991, Digit. Signal Process..

[44]  Andrew Watson Biometrics: easy to steal, hard to regain identity , 2007, Nature.

[45]  Sanjay Kumar Singh,et al.  Vitality detection from biometrics: State-of-the-art , 2011, 2011 World Congress on Information and Communication Technologies.

[46]  Andy Adler Sample images can be independently restored from face recognition templates , 2003, CCECE 2003 - Canadian Conference on Electrical and Computer Engineering. Toward a Caring and Humane Technology (Cat. No.03CH37436).