Resources
- Identity Use Cases & Scenarios.
- FIDIS Deliverables.
- Identity of Identity.
- Interoperability.
- Profiling.
- Forensic Implications.
- HighTechID.
- D3.1: Overview on IMS.
- D3.2: A study on PKI and biometrics.
- D3.3: Study on Mobile Identity Management.
- D3.5: Workshop on ID-Documents.
- D3.6: Study on ID Documents.
- D3.7: A Structured Collection on RFID Literature.
- D3.8: Study on protocols with respect to identity and identification – an insight on network protocols and privacy-aware communication.
- D3.9: Study on the Impact of Trusted Computing on Identity and Identity Management.
- D3.10: Biometrics in identity management.
- D3.11: Report on the Maintenance of the IMS Database.
- D3.15: Report on the Maintenance of the ISM Database.
- D3.17: Identity Management Systems – recent developments.
- D12.1: Integrated Workshop on Emerging AmI Technologies.
- D12.2: Study on Emerging AmI Technologies.
- D12.3: A Holistic Privacy Framework for RFID Applications.
- D12.4: Integrated Workshop on Emerging AmI.
- D12.5: Use cases and scenarios of emerging technologies.
- D12.6: A Study on ICT Implants.
- D12.7: Identity-related Crime in Europe – Big Problem or Big Hype?.
- D12.10: Normality Mining: Results from a Tracking Study.
- Privacy and legal-social content.
- Mobility and Identity.
- Other.
- IDIS Journal.
- FIDIS Interactive.
- Press & Events.
- In-House Journal.
- Booklets
- Identity in a Networked World.
- Identity R/Evolution.
D3.10: Biometrics in identity management
In the previously presented reference model (see above figure 3) of a biometric system, we can identify a number of potential points of attack. These attack points vary in function of the operation mode (identification or verification) and the control model. The main risks of a biometric system have been compiled by several IT security and certification organisations. An example of such a compilation can be found in the ISACA auditing guidelines G36 Biometric controls. An extract of such a risk list is presented in the table below. The references in the 4th column refer to :
Regardless of any details of a specific biometric system, it is always true that general design principles to make a system more secure also apply to biometric systems. Such concepts are compartmentalisation, defence in depth, shared control, tamper resistant devices, security audits and certifications and other methods and techniques.
Risks | Examples | Possible Countermeasures |
|
Spoofing and mimicry attacks | Artificial finger used on fingerprint biometric device | Multimodal biometrics, vitality detection, interactive protocol | 1,2, 8 |
Fake reference template risk | Fake reference template stored in server or supplied during enrolment | Encryption, intrusion detection system (IDS), supervised enrolment | 1,2, 6,7,8, |
Transmission risk | Data intercepted during transmission during enrolment or data acquisition | Interactive recognition, rejection of identical signals, system integration | 1-7 |
Component alternation risk | Malicious code, Trojan, etc. | System integration, wellimplemented security policy | 5,6,9 |
Enrolment, administration and system use risk | Data altered during enrolment, administration or system use | Well-implemented security policy | 1-7 |
Similar template/similar characteristics risk | An illegitimate user has a template similar to a legitimate user. | Technology assessment, multimodal access, calibration review | 1-6 |
Brute-force attack risk | An intruder uses brute force to deceive the system. | Account lock after number of unsuccessful attempts | 1 |
Injection risk | Captured digital signal injected into authentication system | Secure transmission; heat sensor activated scanner (warm body present); date/time stamps in digital representation of images | 4 |
Users’ rejection | The invasive nature of biometrics techniques could cause users to reject using the system. | Training and awareness of users and the selection of the least intrusive technique possible | 1 |
Changes in physical characteristics | Some techniques depend on face or hand characteristics, but these human aspects change with the years. | Monitoring of template evolution during use of system | 4,5,6 |
Cost of integration with other legacy systems | Coherence with other techniques used for legacy systems than have to be integrated | Cost-benefit analysis | 9 |
Risk of loss of data | Hard disk/hardware failure | Data backup and restoration | 6,9 |
Risk of biometric data dissemination | Exchange of biometric data between operators without consent of data subjects | No storage of raw data, limit for the lifetime of a biometric template, encapsulated storage of biometric data in the hand of the data subject | 2,3,4,6 |
Table 6: Main risks of a biometric system
Figure : Fault sensitive points of a biometric system:
Spoofing of biometric identifier by physical entity
Spoofing of biometric identifier data by electronic data manipulation
Alteration of captured data
Alteration of template
Manipulation of matching algorithm or policy
Alteration or dissemination of reference template
Error introduction in transmission of identity claim (verification mode)
False identity claim during query or enrolment step)
Manipulation of system components, DoS
The problem of impostors spoofing biometric credentials of another person, however, is not an intrinsic problem of biometrics only. There are certainly much easier and therefore more frequent attacks on secret based credentials (PIN, password, passphrase etc). But the issue of biometric spoofing is often discussed in the community of security professionals. In this report we will discuss the threats and methods of impostors to biometric systems more in depth in section .
16 / 40 |