Attacks On Biometric
Attacks On Biometric
Attacks On Biometric
Presentation attacks
For example: If a fingerprint of the enrolled individual can be captured, this could be
used to make a matching artefact. For face recognition, a portrait photo of the target
might easily be taken covertly and used to create an artefact.
Sensor output interception
An attacker may seek to modify or intercept the data output from the sensor. A previously
captured sample might be replayed, or a captured biometric sample could be substituted with
biometric data of a different individual at enrolment.
An attacker may target data during transmission, or in storage by the biometric system. For
example, a biometric reference in the enrolment database could be modified to include the
biometric features of an impostor.
In implementations where the biometric data is stored on a device held by the individual, such
as a mobile phone, passport or ID card, an attacker with possession of the device would have
unfettered access to the biometric data unless it is protected by built-in security features.
Integrity of enrolment
There is a possibility that the enrolment process could be subverted, allowing the
acceptance of inappropriate enrolment data. For example if an artefact is enrolled in the
system, then an attacker might later be able to use the same artefact to be recognised.
Attacks against the underlying IT on which the biometric system runs are certainly
feasible and must be considered in cases where the assets being protected are of
significant value and where the attackers are relatively sophisticated.
Generally, the mitigation of such attacks relies on traditional IT security methods which
are not specific to biometric systems.
Denial of service attacks
All systems are vulnerable to denial of service attacks. In the case of a biometric system,
this will divert subjects to the exception handling system. It is therefore important that
this fallback system is no less secure than the biometric system.
Insider threat
Trojan horse attack: In Trojan horse attack the feature extractor is itself replaced to produce the desired
features and to add on those features in the existing database. The spoof detection technology has become a
crucial part of a biometric system as with an increasing concern for security, the biometric attacks are to be
identified, controlled and minimized. Researchers are developing various new approaches for a secure
biometric system.
Masquerade attack: It was demonstrated that a digital "artifact" image could be created from a fingerprint
template so that this artifact is submitted to the system, will produce a match.