The assessment of vulnerability is vital for ensuring biometric security, and is a concept distinct from system accuracy. A perfectly accurate biometric system may still be highly vulnerable to attack, as unauthorized users may find alternates ways by which they can be falsely accepted by a system.

Compared with the effort expended on determining performance accuracy, significantly less effort has been given to the problem of determining if a presented biometric is real or fake. With the increasing use of biometric systems, the understanding of vulnerability related risks and their appropriate treatment will be a vital part of future biometric deployments.

All the attack methods described in this chapter are vulnerabilities that are publicly known. As a general principle, the public dissemination of points of vulnerably is an important step towards ensuring system designers can put in place appropriate risk mitigations. Secrecy about avenues of attack can help potential fraudsters more than the disclosure of risks, since where the risks are not understood by the system owners, attack methods may be easily exploited. The principle of security through transparency is accepted practice in the cryptographic community.


Replay Attack Biometric System Iris Recognition Face Recognition System Attack Method 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
  2. 2.
    Communications security establishment certification body canadian common criteria evaluation and certification scheme. ( (2001)
  3. 3.
    U.S. government biometric verification mode protection profile for basic robustness environments. ( (2001)
  4. 4.
    Common criteria common methodology for information technology security evaluation: Biometric evaluation methodology supplement BEM. ( (2002)
  5. 5.
  6. 6.
    Episode 59 -crimes and myth-demeanors 2. ( (season_4)#Episode_59_.E2.80.94_.22Crimes_and_Myth-Demeanors_2.22(2006)
  7. 7.
    Adler, A.: Sample images can be independentlyrestored from face recognition templates. Electrical and Computer Engineering, 2003. IEEE CCECE 2003. Canadian Conference on 2 (2003)Google Scholar
  8. 8.
    Boyce, C., Ross, A., Monaco, M., Hornak, L., Li, X.: Multispectral iris analysis: A preliminarystudy. Proc. Conf. Computer Vision and Pattern Recognition Workshop pp. 51–59 (2006)Google Scholar
  9. 9.
    Czajka, A., Strzelczyk, P., Pacut, A.: Making iris recognition more reliable and spoof resistant. SPIE The International Society for Optical Engineering (2007)Google Scholar
  10. 10.
    Daugman, J.: Iris Recognition and Anti-Spoofing Countermeasures. 7th International Biometrics Conference (2004)Google Scholar
  11. 11.
    Drahansky, M., Lodrova, D.: Liveness detection for biometric systems based on papillary lines.International Conference on Information Securityand Assurance, 2008. ISA 2008. pp. 439–444 (2008)Google Scholar
  12. 12.
    Dunstone, T., Poulton, G., Roux, C.: Update, Biometrics Institute vulnerability assessment project. In: The Biometrics Institute, Sydney Conference (2008)Google Scholar
  13. 13.
    Faundez-Zanuy, M.: On the vulnerability of biometric security systems. Aerospace and Electronic Systems Magazine, IEEE 19(6), 3–8 (2004)Google Scholar
  14. 14.
    Godesberger, A.: Common criteria protection profile biometric verification mechanisms, german federal office for information security (bsi). ( (2005)
  15. 15.
    Harrison, A.: Hackers claim new fingerprint biometric attack. ( (2003)
  16. 16.
    Hill, C.: Risk of masquerade arising from the storage of biometrics.Bachelor of science thesis, Dept. of CS, Australian National University (2002)Google Scholar
  17. 17.
    Kryszczuk, K., Drygajlo, A.: Addressing the vulnerabilities of likelihood-ratio-based face verification. Proceedings of 6th International Conference on Audio-and Video-Based Biometric Person Authentication (AVBPA), T. Kanade and NR (AK)Jain, Eds., vol. LNCS 3546, 426–435 (2005)Google Scholar
  18. 18.
    Maltoni, D., Maio, D., Jain, A., Prabhakar, S.: Handbook of Fingerprint Recognition.Springer (2003)Google Scholar
  19. 19.
    Matsumoto, T.: The test object approach in measuring security of fingerprint and vein pattern authentication systems.In: The Biometrics Institute, Sydney Conference (2008)Google Scholar
  20. 20.
    Matsumoto, T., Matsumoto, H., Yamada, K., Hoshino, S.: Impact of artificial gummy fingers on fingerprint systems. In: Proc. of the SPIE, Optical Security and Counterfeit Deterrence Techniques IV, vol. 4677 (2002)Google Scholar
  21. 21.
    Pan, G., Sun, L., Wu, Z., Lao, S.: Eyeblink-basedanti-spoofing in face recognition from a generic webcamera.Computer Vision, 2007. ICCV 2007. IEEE 11th International Conference on pp. 1–8 (2007)Google Scholar
  22. 22.
    Parthasaradhi, S., Derakhshani, R., Hornak, L.A., Schuckers, S.: Time-series detection of perspiration as a liveness test in fingerprint devices. Systems, Man and Cybernetics, Part C, IEEE Transactions on 35(3), 335–343 (2005)Google Scholar
  23. 23.
    van der Putte, T., Keuning, J., Origin, A.: Biometrical fingerprint recognition: Don’t get your fingers burned. Smart Card Researchand Advanced Applications: Ifip Tc8/Wg8. 8 Fourth Working Conference on Smart Card Research and Advanced Applications, September 20-22, 2000, Bristol, United Kingdom (2000)Google Scholar
  24. 24.
    Schuckers, S.: Spoofing and anti-spoofing measures. Information Security Technical Report 7(4), 56–62 (2002)Google Scholar
  25. 25.
    Statham, P.: UK government biometrics security assessment programme, cesg biometrics. ( (2003)
  26. 26.
    Thallheim, L., Krissler, J., Ziegler, P.: Body check: biometrics defeated. (,3998,a=27687,00.asp (2002)
  27. 27.
    Uludag, U., Jain, A.: Attacks on biometric systems: a case study in fingerprints. Proceedings of SPIE 5306, 622–633 (2004)Google Scholar

Copyright information

© Springer-Verlag US 2009

Personalised recommendations