Translator Disclaimer
Paper
18 March 2008 Security issues of Internet-based biometric authentication systems: risks of Man-in-the-Middle and BioPhishing on the example of BioWebAuth
Author Affiliations +
Abstract
Beside the optimization of biometric error rates the overall security system performance in respect to intentional security attacks plays an important role for biometric enabled authentication schemes. As traditionally most user authentication schemes are knowledge and/or possession based, firstly in this paper we present a methodology for a security analysis of Internet-based biometric authentication systems by enhancing known methodologies such as the CERT attack-taxonomy with a more detailed view on the OSI-Model. Secondly as proof of concept, the guidelines extracted from this methodology are strictly applied to an open source Internet-based biometric authentication system (BioWebAuth). As case studies, two exemplary attacks, based on the found security leaks, are investigated and the attack performance is presented to show that during the biometric authentication schemes beside biometric error performance tuning also security issues need to be addressed. Finally, some design recommendations are given in order to ensure a minimum security level.
© (2008) COPYRIGHT Society of Photo-Optical Instrumentation Engineers (SPIE). Downloading of the abstract is permitted for personal use only.
Christian Zeitz, Tobias Scheidat, Jana Dittmann, Claus Vielhauer, Elisardo González Agulla, Enrique Otero Muras, Carmen García Mateo, and José L. Alba Castro "Security issues of Internet-based biometric authentication systems: risks of Man-in-the-Middle and BioPhishing on the example of BioWebAuth", Proc. SPIE 6819, Security, Forensics, Steganography, and Watermarking of Multimedia Contents X, 68190R (18 March 2008); https://doi.org/10.1117/12.767632
PROCEEDINGS
12 PAGES


SHARE
Advertisement
Advertisement
Back to Top