Share Email Print

Proceedings Paper

Security issues of Internet-based biometric authentication systems: risks of Man-in-the-Middle and BioPhishing on the example of BioWebAuth
Author(s): Christian Zeitz; Tobias Scheidat; Jana Dittmann; Claus Vielhauer; Elisardo González Agulla; Enrique Otero Muras; Carmen García Mateo; José L. Alba Castro
Format Member Price Non-Member Price
PDF $17.00 $21.00

Paper Abstract

Beside the optimization of biometric error rates the overall security system performance in respect to intentional security attacks plays an important role for biometric enabled authentication schemes. As traditionally most user authentication schemes are knowledge and/or possession based, firstly in this paper we present a methodology for a security analysis of Internet-based biometric authentication systems by enhancing known methodologies such as the CERT attack-taxonomy with a more detailed view on the OSI-Model. Secondly as proof of concept, the guidelines extracted from this methodology are strictly applied to an open source Internet-based biometric authentication system (BioWebAuth). As case studies, two exemplary attacks, based on the found security leaks, are investigated and the attack performance is presented to show that during the biometric authentication schemes beside biometric error performance tuning also security issues need to be addressed. Finally, some design recommendations are given in order to ensure a minimum security level.

Paper Details

Date Published: 18 March 2008
PDF: 12 pages
Proc. SPIE 6819, Security, Forensics, Steganography, and Watermarking of Multimedia Contents X, 68190R (18 March 2008); doi: 10.1117/12.767632
Show Author Affiliations
Christian Zeitz, Univ. of Magdeburg (Germany)
Tobias Scheidat, Univ. of Magdeburg (Germany)
Jana Dittmann, Univ. of Magdeburg (Germany)
Claus Vielhauer, Univ. of Magdeburg (Germany)
Elisardo González Agulla, Univ. of Vigo (Spain)
Enrique Otero Muras, Univ. of Vigo (Spain)
Carmen García Mateo, Univ. of Vigo (Spain)
José L. Alba Castro, Univ. of Vigo (Spain)

Published in SPIE Proceedings Vol. 6819:
Security, Forensics, Steganography, and Watermarking of Multimedia Contents X
Edward J. Delp III; Ping Wah Wong; Jana Dittmann; Nasir D. Memon, Editor(s)

© SPIE. Terms of Use
Back to Top