A Risk Analysis Approach for
Biometric Authentication Technology
Author: Arslan Brömme
Submission: International Journal of Network Security
Speaker: Chun-Ta Li
Outline






Introduction
Fundamentals
A High-Level Component & Process Model for
Integrated Security Risk Analysis of Biometric
Authentication Technology
A Holistic Security Risk Analysis Approach for
Biometric Authentication Technology
Conclusions
Comments
2
Introduction

Biometric technology





Standardize data formats for biometric data
interchange
Communication protocols
Unified programming interface for enabling the
interoperability of different biometric systems
Person authentication, identification and surveillance
Risk analysis (core processes and components)
3
Fundamentals

Risk analysis for biometric authentication
technology






IT security biometrics
Privacy
Safety
Performance
Security risk analysis for biometric authentication
technology
Biometric authentication systems
4
Fundamentals (cont.)

IT security biometrics

Studying on person recognition methods





Sensing of a person’s biological characteristics
Measuring of the captured or scanned biometrics
Computing of biometric signatures and biometric templates
Verifying and identifying against biometric templates
Privacy


Privacy is everyone’s fundamental human right
The principle of necessity of data collection means to avoid
or at least to minimize personal data within an ICT system
5
Fundamentals (cont.)

Safety/Performance risks

Risk


Safety



Failure and Fault
Risk degradation
Reliability and Availability ↑
Performance


Throughput ↑
Latency ↓
6
Fundamentals (cont.)

Security risk of biometric authentication technology

The probability that a specific threat to biometric
authentication technology

Security & Application Risk Traffic Light Model [Brunnstein 2003]




Green: low probability
Yellow : medium probability
Red : high probability
A specific vulnerability of biometric authentication
technology
7
Fundamentals (cont.)

Biometric Authentication Systems

General authentication process [Brömme 2003]






Enrollment
Biometric authentication
Authroization
Access control
Derollment
Basic elements

Persons, hardware components, biometric communication channel,
biometric process, biometric algorithms, biometric signature and
biometric databases
8
A High-Level Component & Process Model for Integrated
Security Risk Analysis of Biometric Authentication Technology
High-level Component & Process Model for integrated Security
Risk Analysis of Biometric Authentication Technology
(ComProMiSe.Risk.of.BiT)
Biometric authentication technology
scope of high-level component & process model

capture
sensing
transmission
storage
computation
send
receive
(en|de)crypt
query
update
write
(en|de)rollment
authentication
high-level processes/functions
high-level process components/
Function modules
High-level process components/function modules
for high-level processes/function of
high-level methods capture, transmission and storage
(P)
preprocessing
high-level methods
(N)
normalization
(D)
decision
(Q)
(C)
(S)
(B)
quality check (cluster|classifi)cation biometric signal computation of
and enhancement
processing Biometric signature
sub-level processes/functions
sub-level processes components/functions modules
lines of code
9
A High-Level Component & Process Model for Integrated
Security Risk Analysis of Biometric Authentication
Technology (cont.)

Processes


Components


P, Q, N, S, B, C, D
Risk aspect (1)


Enrollment, Authentication, Derollment
security, privacy, safety, performance
Risk aspect (2)

attack, misuse, fault, failure
10
A Holistic Security Risk Analysis Approach for
Biometric Authentication Technology

Four potential risk interrelations





: has potential risk effect
: has risk effect
: has no risk effect
: has no potential risk effect
Two placeholders


★: empty or Risk aspect (1)
◇: empty or Risk aspect (2)
11
A Holistic Security Risk Analysis Approach for
Biometric Authentication Technology (cont.)

Examples

e◇
★a
(efaul
safea)
A less reliable enrollment process which has a potential safety risk effect on the
authentication process resulting in the false recognition and/or acceptance of persons

d◇
★a
(dattc
secua)
An attack for a derollment process which has a potential security risk effect on a
subsequent authentication process can arise resulting for example in the nonderollment of the selected person or derollment of a third not selected person with the
intention to later on false recognize and/or accept the person which should be derolled
12
A Holistic Security Risk Analysis Approach for
Biometric Authentication Technology (cont.)
Example


eBattc
secuaD
A possible risk attacks describes the manipulation of
enrollment computations of biometric signatures for
intended false acceptance of imposters and/or false
rejection genuines in subsequent authentication attempts
More than seven thousand1 single possible risk effect classes
given here
Flexibility of the ◇ ★ relation in combination with a risk
matrix enables the systematic exploration and discussion of
holistic security risks


1
13
Conclusions

Author presents a systematic approach for a
holistic security risk analysis of biometric
authentication technology



Processes & Components
Four risk interrelations
Biometric authentication risk matrices
14
Comments

Evaluation of Paper


Recommendation


Confirmatory
Accept after minor revision
Details:



In the proposed approach, there are eight risk aspects, three processes
and eighteen components in the risk matrix, please briefly showed all
of these process & components in the paper.
In addition, there are four relations between elements. Are they
enough to describe all of the risk effect for biometric authentication
methods? Furthermore, how to define the condition of “potential”
there should be described more clearly.
In the risk matrix, how to define the interrelations between these
elements. Are these relations are defined by users or the system? The
author must briefly describe it.
15
An Online Biometrics-based Secret
Sharing Scheme for Multiparty
Cryptosystem Using Smart Cards
Advisor: Min-Shiang Hwang
Speaker: Chun-Ta Li
Notations
Ui
User
Si
System
Ri
A trusted registration center
G
A group of n users
IDi
Identity of user
Bi
Biometric template of user
PWi
The common password shared between Ui and Si
Qi
An integer computed from PWi
P
A large prime
S
A secret key maintained by Si
Rci
A random number generated by Ui
Rs
A random number generated by Si
PKs
Public key of Si
H(.)
One-way hashing function
⊕
XOR operation
EPK{.}
Asymmetric encryption with the public key PK
Ex[.]
Symmetric encryption with the key x
K
Primary secret sharing key maintained by Si
17
The Proposed Scheme

Registration phase
G
Ri
1. IDi, Bi, PWi
Secret channel
2. Generates the Lagrange interpolating
polynomial with degree t-1
(yi = K+a1xi+a2xi2+…+ at-1xit-1 mod P)
3. Computes Xi = IDifi mod P
Computes ei = (yiS mod P) ⊕ Xi
Computes gi = XiSQi mod P
4. Smart card (IDi, P, H(.), fi, ei, gi)
// fi = H(H(Bi)) //
Secret channel
18
The Proposed Scheme (cont.)

Reconstruction phase
U1
U2
…
Ut
Si
1. Every participant, Ui (i = 1 to t), inserts
his/her smart card and inputs Bi into
specific biometric device
?
2. Verifies H(H(Bi)) = fi
3. If it holds, Ui computes following messages
Xi` = IDifi mod P
ei` = ei ⊕ Xi` = yiS mod P
Mi1 = gi
Qi-1
mod P = XiS mod P
Mi2 = (Xi`)Qi mod P
4. Ui sends his/her
Mi3 = EPKs{IDi||Mi1||Mi2||Rci} to Si
19
The Proposed Scheme (cont.)

Reconstruction phase (cont.)
U1
U2
…
Ut
Si
5. Si decrypts Mi3 and checks the
format of Ui’s IDi
6. If it holds, Si computes
-1
Mi4 = (Mi2)Qi mod P = Xi` mod P
7. Then, Si verifies (Mi4)S ?= Mi1
9. Ui decrypts Mi5
and verifies Mi4 ?= Xi`
8. If Step 7 holds, Si sends
Mi5 = ERc[IDi||Rs||Mi4] to Ui
10. If Step 9 holds, Ui sends
Mi6 = ERs[IDi||ei`] to Si
20