Security of Biometric Authentication Systems

Speaker/Bio

Nehemiah Dureus is a rising junior in the college of engineering studying computer engineering. He is currently working in the software division of a lab that is on track to sending a student-built satellite into low earth orbit in November, all in hopes of analyzing the fluctuations in earth's magnetic field at the poles that causes the auras. Back on earth his rising area of interest is encryption - being able to send or store data in a way that no one else except the intended user (or users) can access it a fascinating topic. Given the escalating need to keep exponentially increasing amounts of data safe from unwanted eyes, he hopes to study this ever relevant topic in the future so he can help keep individuals secure.

Abstract

_(Taken from Ambalakat, Parvathi. "Security of biometric authentication systems." 21st Computer Science Seminar. 2005)

Biometric based authentication, the science of using physical or behavioral characteristics for identity verification is becoming a security mainstay in many areas. Their utilization as an authentication technology has become widespread from door access to e-commerce especially after the September 11th terrorist attacks. This paper examines the major forms of known attacks against biometric systems such as Spoofing, Replay attacks and Biometric template database attacks. Biometric systems that use face, fingerprints, iris and retina are used for the study. A literature study of the attack points in each of the biometric system and the various methods to combat the attacks at these points is conducted and analyzed in this paper. The methods covered are Liveness detection mechanisms, Challenge-Response systems, Steganographic and Watermarking techniques, Multimodal biometrics, Soft biometrics and Cancelable biometrics. Each mechanism is explained in detail. Potentials and weaknesses of the methods are shown and discussed. The effectiveness of the solutions is measured in terms of the various security metrics like cost, amount of effort, practicality, etc. The results of the study indicate that spoofing attacks are a still a major threat to the biometric systems. Liveness detection mechanisms are easily defeated in the case of face and fingerprints, while iris and retina systems are very resistant to spoofing attacks. The systems that use watermarking techniques suffer from the lack of algorithms to deal with image degradation introduced by the watermarks. Although soft biometrics like gender, age color, race etc can be used to improve the speed of biometric matching through efficient filtering of the database for candidate templates, there exists no real accepted mechanisms for automatic extraction of soft biometric characteristics.