Issues and Concerns in Biometric IT Security

Philip Statham, CESG, U.K.

Introduction

Biometric Source Feature and Biometric Image—A Note on Terminology

Authentication, Identification, and Verification

Performance and Security

Positive Identification and Verification Applications

Negative Identification Applications

Measuring Biometric System Performance

Performance Test Results Available in the Public Domain

Spoofing, Mimicry, and Liveness Detection

Capturing the Biometric Characteristics Belonging to an Enrollee

Manufacturing an Artifact Containing a Copy of the Captured Biometric Source Feature

Presenting the Artifact to the Biometric System at a Later Time to Be Identified or Verified as the Enrollee

Countermeasures to Spoofing

Mimicry

Miscellaneous Advice

Protecting Data Within the Biometric System

Template Integrity

Template Confidentiality

Transitory Data and Data Flow Protection

Reverse Engineering of Templates

Latent and Residual Images Within the Biometric System

Binding Biometric Templates to Applications

Miscellaneous Topics

Biometric Encryption and Templateless Biometrics

Multimodal Biometrics

Biometric Security Concerns

Biometrics Do Not Provide Absolute Identification

Biometrics Are Not Secret

Biometrics Do Not Possess the Equivalent Level of Randomness That Passwords Have

Biometrics Cannot Be Changed When Compromised

Biometrics May Not Offer Nonrepudiation

Biometric Characteristics May Be Collected Accidentally or Covertly Without Consent

Biometric Identity Theft ...

Get Handbook of Information Security: Threats, Vulnerabilities, Prevention, Detection, and Management, Volume 3 now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.