Show simple item record

dc.contributor.authorRoberts, Chris Men_NZ
dc.date.available2011-04-07T03:11:47Z
dc.date.copyright2007-02en_NZ
dc.identifier.citationRoberts, C. M. (2007). Biometric attack vectors and defences. Computers & Security, 26(1), 14–256. doi:10.1016/j.cose.2006.12.008en
dc.identifier.urihttp://hdl.handle.net/10523/1243
dc.descriptionThis is a post-print of the paper (i.e., draft post-refereeing). There may be small differences between this version and the final published version; please refer to the publisher's web site for the final published version.en_NZ
dc.description.abstractMuch has been reported on attempts to fool biometric sensors with false fingerprints, facial overlays and a myriad of other spoofing approaches. Other attack vectors on biometric systems have, however, had less prominence. This paper seeks to present a broader and more practical view of biometric system attack vectors, placing them in the context of a risk-based systems approach to security and outlining defences.en_NZ
dc.format.mimetypeapplication/pdf
dc.relation.ispartofComputers & Securityen_NZ
dc.subjectbiometricen_NZ
dc.subjectidentificationen_NZ
dc.subjectsecurityen_NZ
dc.subjectattack vectoren_NZ
dc.subjectthreaten_NZ
dc.subjectcountermeasuresen_NZ
dc.subjectdefencesen_NZ
dc.subject.lcshQA75 Electronic computers. Computer scienceen_NZ
dc.titleBiometric attack vectors and defencesen_NZ
dc.typeJournal Articleen_NZ
dc.description.versionPublisheden_NZ
otago.date.accession2007-03-19en_NZ
otago.relation.issue1en_NZ
otago.relation.pages14-256en_NZ
otago.relation.volume26en_NZ
dc.identifier.doi10.1016/j.cose.2006.12.008en_NZ
otago.openaccessOpen
dc.identifier.eprints559en_NZ
dc.description.refereedPeer Revieweden_NZ
otago.school.eprintsSecurity Research Groupen_NZ
otago.school.eprintsInformation Scienceen_NZ
dc.description.referencesAdler Andy. Reconstruction of source images from quantized biometric match score data. University of Ottawa, <http://www.wvu.edu/wbknc/2004%20Abstracts/Reconstruction%20source%20images%20from%20quantized.pdf> [accessed 25.11.05]. AS/NZS 4360:2004 risk management, Standards New Zealand, <http://www.standards.co.nz> [accessed 01.09.06]. Bartlow Nick, Cukic Bojan. The vulnerabilities of biometric systems – an integrated look and old and new ideas. Technical report, West Virginia University; 2005a. Bartlow Nick, Cukic Bojan. Biometric system threats and countermeasures: a risk-based approach. In: Biometric Consortium Conference, <http://www.biometrics.org/bc2005/Presentations/Conference/2%20Tuesday%20September%2020/Tue_Ballroom%20B/Cukic_Threats%20and%20countermeasures.pdf>; September 2005b. Biometric Device Protection Profile, UK Government Biometrics Working Group, Draft issue 0.82-5, <http://www.cesg.gov.uk/site/ast/biometrics/media/bdpp082.pdf>; September 2001 [accessed 13.10.06]. Biometrics security technical implementation guide version 1. Release 2. Defense information systems agency for the US department of defense, <http://csrc.nist.gov/pcig/STIGs/biometrics-stig-v1r2.pdf>; 23 August 2004 [accessed 13.09.05]. Bromba Manferd. On the reconstruction of biometric raw data from template data, M.U.A. Bromba, Bromba GmbH <http://www.bromba.com/>; July 2003 [accessed 14.08.06]. Check Body, Thalheim Lisa, Krissler Jan, Ziegler Peter-Michael. Biometrie (Translated from the original German by Robert W. Smith) c’t magazine 2002;114. <http://www.heise.de/ct/english/02/11/114/> [accessed 05.02.06]. Chetty Girija, Wagner Michael. Audio–video biometric systems with liveness checks, University of Canberra, <http://pixel.otago.ac.nz/ipapers/24.pdf> [accessed 03.09.06]. Clarkson University Engineer Outwits High-Tech Fingerprint Fraud, Clarkson University, <www.yubanet.com/artman/publish/printer_28878.shtml>; 10 December 2005 [accessed 19.12.05]. COBIT, Information Systems Audit and Control Association, <http://www.isaca.org/> [accessed 10.09.06]. Computer Crime and Security Survey, University of Otago, <http://eprints.otago.ac.nz/342/01/2005NZComputerCrimeAndSecuritySurveyResults.pdf>; 2005 [accessed 08.09.06]. Computer Security Resource Center, National Institute of Standards and Technology, <http://csrc.nist.gov/> [accessed 10.09.06]. CSI/FBI annual surveys, computer security institute, 1996 to 2006, <http://www.gocsi.com>. Cybersecurity operations handbook. 1st ed. Rittinghouse and Hancock: Elsevier Digital Press, ISBN 1-55558-306-7; 2003. Evaluation criteria for IT security – Parts 1, 2 & 3: International Organization for Standardization, <http://www.iso.org> [accessed 10.09.06]. Harrison Ann. Hackers claim new fingerprint biometric attack. SecurityFocus, http://www.securityfocus.com/print/news/ 6717, 13 August 2003 [accessed 13.08.06]. Information Security Management Systems, International Organization for Standardization, <http://www.iso.org> [accessed 10.09.06]. Information security standard. BSI management systems, <http://emea.bsi-global.com/InformationSecurity/Overview/index.xalter> [accessed 10.09.06]. Integrated risk management framework (IRMF), the treasury board of Canada secretariat (TBS), <http://www.tbs-sct.gc.ca/pubs_pol/dcgpubs/RiskManagement/dwnld/rmf-cgr_e.pdf>; April 2001 [accessed 01.09.06]. ISO/IEC 27001:2005, Information technology – security techniques – information security management systems – requirements, <http://www.iso.org> [accessed 10.02.06]. IT infrastructure library, Hompage, <http://www.itil.co.uk/> [accessed 10.02.06]. Jain Anil K, Uludag Umut. IEEE transactions on pattern analysis and machine intelligence, vol. 25, No. 11, November 2003. <http://biometrics.cse.msu.edu/Publications/SecureBiometrics/JainUludag_HidingBiometrics_PAMI03.pdf> [accessed 08.09.06]. Jain Anil K, Ross Arun, Uludag Umut. Biometric template security: challenges and solutions. In: Proceedings of the 13th European signal processing conference (9EU-SIPCO). Turkey: Antalya, <http://biometrics.cse.msu.edu/Publications/SecureBiometrics/JainRossUludag_TemplateSecurity_EUSIPCO05.pdf>; 2005 [accessed 03.09.06]. Jain Anil K, Pankanti Sharath, Prabhakar Salil, Hong Lin, Ross Arun, Wayman James L. In: Proceedings of international conference on pattern recognition (ICPR) Cambridge, UK, Aug. 2004. Michigan State University/IBM T. J. Watson Research Center/DigitalPersona Inc./Siemens Corporate Research/West Virginia University/San Jose State University. <http://biometrics.cse.msu.edu/icprareareviewtalk.pdf> [accessed 05.02.06]. Liveness detection in biometric systems, Biometrics information resource, <http://www.biometricsinfo.org/whitepaper1.htm> [accessed 05.02.06]. Martinez-Diaz M, Fierrez-Aguilar J, Alonso-Fernandez F, Ortega-Garcia J, Siguenza, JA. Hill-climbing and brute-force attacks on biometric systems: a case study in match-on-card fingerprint verification, Universidad Autonoma de Madrid, <http://fierrez.ii.uam.es/docs/2006_ICCST_HillClimbingAttackMoC_Martinez.pdf> [accessed 03.09.06]. Matsumoto Tsutomu, Matsumoto Hiroyuki, Yamada Koji, Hoshino Satoshi. In: Proceedings of SPIE. Optical security and counterfeit deterrence techniques IV, vol. #4677. Japan: Graduate School of Environment and Information Sciences Yokohama National University, http://cryptome.org/gummy.htm; 24–25 January 2002 [accessed 29.09.05]. Nessus vulnerability scanner. Tenable network security, <http://www.nessus.org/index.php> [accessed 10.09.06]. Ratha NK, Connell JH, Bolle RM. Enhancing security and privacy in biometrics-based authentication systems. IBM Systems Journal (3), http://domino.research.ibm.com/tchjr/journalindex.nsf/a3807c5b4823c53f85256561006324be/dd12e71773f23bcb85256bfa00685d76?OpenDocument; 2001;40 [accessed 01.09.06]. Risk Management Guide for Information Technology Systems. Special publication 800-30, National Institute of Standards and Technology, <http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf> [accessed 01.09.06]. Site security handbook, RFC 2196, Internet engineering task force, <http://tools.ietf.org/html/rfc2196> [accessed 10.09.06]. Soutar Colin. Biometric systems security, Bioscrypt Inc., <http://www.silicon-trust.com/pdf/secure_5/46_techno_4.pdf> [accessed 03.09.06]. Study report on biometrics in E-authentication Ver 0.2. InterNational Committee for Information Technology Standards, <http://www.incits.org/tc_home/m1htm/2006docs/m1060112.pdf>; February 2006 [accessed 08.09.06]. Wayman JL. Technical testing and evaluation of biometric devices [Michigan State University]. In: Jain AK, Bolle R, Pankanti S, editors. Biometrics – personal identification in networked society. Kluwer Academic Publisher, <http://www.cse.msu.edu/w;cse891/Sect601/textbook/17.pdf>; 1999. Wills David, Lees Mike. Six biometric devices point the finger at security. Network Computing, http://www.networkcomputing.com/910/910r1.html 1 June 1998 [accessed 29.01.06]. Yeung Minerva M, Pankanti Sharath. Verification watermarks on fingerprint recognition and retrieval, <http://www.research.ibm.com/ecvg/pubs/sharat-water.pdf> [accessed 08.09.06].en_NZ
 Find in your library

Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record