Scribd Logo
Upload

Welcome to Scribd!

  • 17 views

    Attacks On Biometric

    Uploaded by

    Rishik Gupta (Riskytemp)

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd

    Attacks On Biometric

    Uploaded by

    Rishik Gupta (Riskytemp)
    17 views11 pages

    Original Title

    Attacks on biometric

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Download as pptx, pdf, or txt
    17 views11 pages

    Attacks On Biometric

    Uploaded by

    Rishik Gupta (Riskytemp)

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Download as pptx, pdf, or txt
    of 11

    Biometric security

    Presentation attacks

    Presentation attacks involve an impostor using an artefact of some kind to mimic an


    individual who has been enrolled in the system.

    For example: If a fingerprint of the enrolled individual can be captured, this could be
    used to make a matching artefact. For face recognition, a portrait photo of the target
    might easily be taken covertly and used to create an artefact.
    Sensor output interception

    An attacker may seek to modify or intercept the data output from the sensor. A previously
    captured sample might be replayed, or a captured biometric sample could be substituted with
    biometric data of a different individual at enrolment.

    Intercepted data might be used by an attacker to obtain the biometric characteristics of an


    enrolled individual for use in future attacks.
    Reference and database-related vulnerabilities

    An attacker may target data during transmission, or in storage by the biometric system. For
    example, a biometric reference in the enrolment database could be modified to include the
    biometric features of an impostor.

    In implementations where the biometric data is stored on a device held by the individual, such
    as a mobile phone, passport or ID card, an attacker with possession of the device would have
    unfettered access to the biometric data unless it is protected by built-in security features.
    Integrity of enrolment

    There is a possibility that the enrolment process could be subverted, allowing the
    acceptance of inappropriate enrolment data. For example if an artefact is enrolled in the
    system, then an attacker might later be able to use the same artefact to be recognised.

    Alternatively, if an enrolment record contains biometric data of two individuals (for


    example the right hand is properly enrolled, but the enrolled left hand is that of another
    individual, or if a face enrolment uses an image which morphs together photographs of
    two individuals) this may allow one individual to impersonate the other.
    System attacks

    Attacks against the underlying IT on which the biometric system runs are certainly
    feasible and must be considered in cases where the assets being protected are of
    significant value and where the attackers are relatively sophisticated.

    Generally, the mitigation of such attacks relies on traditional IT security methods which
    are not specific to biometric systems.
    Denial of service attacks

    All systems are vulnerable to denial of service attacks. In the case of a biometric system,
    this will divert subjects to the exception handling system. It is therefore important that
    this fallback system is no less secure than the biometric system.
    Insider threat

    All security systems are vulnerable to an attack by a trusted system administrator or


    operator. Due to the level of access and trust held by such people, insider attacks on
    a biometric system can take any of the forms outlined above.
    Known attacks in biometric systems
    Replay Attack: In this attack, the data stream which is contained in the biometric system is injected
    between the sensor and the processing system. A replay attack can be of two to three stage process. It
    first intercepts or copies the sensor transmission, then it modifies or alters the information, thus finally
    replaying the data.
    Spoofing the Feature set: The replacing of the feature set with fake or altered features are called
    spoofing of data. These types of spoofing attacks are typically used to attack various networks, spread
    malware and to gain confidential information.
    Template Tampering Attack: A template represents a set of salient features that summarizes the
    biometric data (signal) of an individual. The templates can be modified to obtain a high verification
    score, no matter which image is presented to the system. The templates which are stored in the
    database can be replaced, stolen or even can be altered.
    Overriding Yes/No response: An inherent error prevailing in your biometric systems is that the result of the
    system is always a binary response, Yes/No (i.e., either match/no match). In other words, there is still a
    fundamental disconnecting between the biometric and applications, which make the system, open to potential
    attacks.

    Trojan horse attack: In Trojan horse attack the feature extractor is itself replaced to produce the desired
    features and to add on those features in the existing database. The spoof detection technology has become a
    crucial part of a biometric system as with an increasing concern for security, the biometric attacks are to be
    identified, controlled and minimized. Researchers are developing various new approaches for a secure
    biometric system.

    Masquerade attack: It was demonstrated that a digital "artifact" image could be created from a fingerprint
    template so that this artifact is submitted to the system, will produce a match.

    You might also like