Professional Documents
Culture Documents
Biometric Vulnerabilities
Biometric Vulnerabilities
Biometric Vulnerabilities
net/publication/258100839
CITATIONS READS
27 2,304
2 authors:
Some of the authors of this publication are also working on these related projects:
All content following this page was uploaded by Yogendra Narain Singh on 21 May 2014.
New Age International, New Delhi. He has published over 20 research articles
on information security, biometrics and soft computing.
1 Introduction
Biometric systems are becoming popular for security and authentication in most of the IT
community, but preserving the systems from threats that breach their security is a
potential challenge. Commonly used biometric systems authenticate a person by
capturing his/her facial or iris images, scanning the fingerprints or recording the voice or
speech samples. Persons authentication using biometric is attractive because the
authenticate process principally based on those characteristics that are unique and
measurable, in addition those are something that cannot be easily stolen and shared to
others. A significant difference between the traditional identity management system and
the biometric-based authentication system lies on the fact of matching process, i.e.,
error-free matching or error-tolerance matching. Unlike to a traditional identity
management system (e.g., passwords, tokens or PINs) that results the authentication
request to a simple ‘yes’ (completely matched) or ‘no’ (non-matched) outcome, a
biometric security system results the authentication request to how much similar or
dissimilar the biometric query is to its counterpart stored in the database.
Although the biometrics are unique among individuals but their representation may
vary during measurements. The variations in the biometric sample can be resulted due to
the acquisition environment or users interaction to the acquisition device. That yields the
inter-users similarity or intra-users dissimilarity. In order to fix the variability level of the
biometric data such that not to reject many authorised users or not to accept many
unauthorised users may open the space to intruders to making the system vulnerable and
circumvent its security. Instead, the framework of a biometric system that includes data
acquisition, processing, storing of templates and matching can also be threaten by an
adversary that result the problems of authentication accuracy, reliability, robustness
against fraudulent attacks, secrecy of biometric data and privacy protection.
A practical biometric system which is employed to different applications can perform
better and achieve the desired accuracy, but it is highly vulnerable to simple methods that
can circumvent the security (Dunstone and Poulton, 2011). The methods includes the
synthetic reproduction of anatomical identities, e.g., acquisition of facial images or lifting
of latent fingerprints; and the imitation of behavioural identities, e.g., reproduction of
handwritten signature or producing similar voices. Further, a replay of stored information
or false data can also be injected in the processing chain whereas the biometric features
extracted from the raw data can be copied as input to the biometric process and spoof the
system. The biometric system vulnerabilities that are resulted from spoof attacks are
shown in Figure 1.
A taxonomy of biometric system vulnerabilities and defences 139
Figure 1 A vulnerable biometric system resulting from spoof attacks (see online version
for colours)
Most often a practical biometric system suffers some degree of security threats, therefore
the likelihood of success to make the system vulnerability resistance depends on
analysing what kind of attacks it may be faced and what are their nature. Maltoni et al.
(2009) have presented a typical threat framework of a fingerprint recognition system. It
includes the following threat vectors: denial-of-service (DoS) that restricts the access
right of the privileged users. Circumvention refers the misleading of access rights and
gaining access by the unauthorised users. Repudiation includes the threats where a
malicious user deliberately denies having accessed the system. Collusion and coercion
threats refer the situation where an attacker is being helped by the privileged user like an
administrator and the legitimate user are forced to help the attackers, respectively.
Roberts (2007) has reported the attack vectors of a biometric system in the context of a
risk-based approach. Most of the studies including the cited ones have presented the
attacks concerning to spoof approaches and a limited work has been found to biometric
system faults and failures. We present a comprehensive look on the biometric system
vulnerabilities including the faults, failures and security attacks.
In this paper we present a high-level categorisation of security threats of a biometric
system and discuss the provable defences of these security threats. We present a
taxonomy of the biometric system vulnerabilities in a holistic and systematic manner. We
discuss the threat vectors of a biometric system in the context of faults, failures and
security attacks. We present a multidimensional threat environment of a biometric system
and representing their effects using Ishikawa’s diagram. As a countermeasure of
biometric system vulnerabilities, different techniques have been proposed in the literature
that is for the need of a reliable vitality testing and secrecy of the biometric data. We
critically evaluate each of these defence techniques and discuss their effectiveness in
protecting the biometric system from threats and preserving individual’s privacy. In
particular, a classification of the current state-of-the-art of the vitality detection
techniques of commonly used biometrics such as, fingerprint, face and iris is given. We
examine biometric template protection techniques such as template transformation and
biometric-cryptosystem used by different biometrics and estimate their performances on
the datasets and the test conditions that have used for the experiment.
140 Y.N. Singh and S.K. Singh
Figure 2 A tree representation of security threats of a typical biometric system (see online
version for colours)
Notes: The attacks type (1) are user level attacks, attacks type (2) to (6) and (8) to (9)
are on components and their interfaces while attacks on biometric templates are
depicted by type (7). Attacks of type (10) are on supervisory bench.
Martinez-Diaz et al. (2011) have classified the biometric system attacks into direct and
indirect attacks. Former refers the attacks of fake biometric samples with an aim to spoof
the sensor and trying to impersonate a real user. It is worth noting that the attackers
classified under direct attacks require any specific knowledge of the targeted biometric
system such as its development phase, e.g., data representation or matching. Indirect
attacks include the rest of types reported by Ratha et al. (2001) such as the attacks on
communication channel and the attacks on template database. In order to perform the
indirect attacks, attacker must know the specific information about the system such as the
communication protocol, template format or matching algorithm. Moreover, the attackers
need physical or logical access to internal parts of the system that is not available to the
user.
We can classify the attacks on machine that are concerning to development phase and
use phase of a biometric system as:
1 user level attacks
2 attacks on components and their interfaces
3 attacks on biometric templates.
144 Y.N. Singh and S.K. Singh
Figure 4 Ishikawa’s diagram for representing biometric system vulnerabilities (see online version
for colours)
Integrated System Failure
Security
Failures
Individuality
of biometric
Overestimation
of attributes
Mailfunctioning
Service
Failures Enrollment
Fraud
System
Development
Failures
faults Attacks on
Development Failures Supervisory Bench
External Faults
Attacks on Components
Operational faults Incorrect
and their Interfaces
interaction
Physical Faults of the user Trojan horse
DoS Malicious
Human-made faults Replay
Synthesized
faults
Template
Non-malicious Inherent noise Steal
faults and artifact
Inefficient Inefficient sensing
Modify Fake biometric
System feature extraction Attacks on
Faults Incorrect Sample Machine
Inefficient matching
decision making
Attacks on User Level
Development Faults Biometric Templates Attacks
Biometrics are unique among individuals but they are not secrets. Biometric information
is irrevocable and hard to regain identity (Watson, 2007). Therefore, the challenge is to
design a secure and robust authentication system from the system components that are
neither secrets nor revocable. A typical biometric system works by first storing the
features extracted from an enrolled biometric identity as templates in the system database
and then matching the template features with those extracted from the biometric
information presented during subsequent authentication attempts. A biometric security
system works perfectly if the system guaranteed that the biometric features are extracted
from a person to be authenticated and then it matches the template features in the
database (Schneier, 1999).
Ideally, no electronic authentication (eID) system is completely secured and no single
protection mechanism is sufficient to protect the system comprehensively. But the
sensible and practical measures can effectively reduce the risk of security threats to an
acceptable level. There are a number of proved defensive techniques in practice that are
effectively guard or reduce the risk of security threats and vulnerabilities of the biometric
systems. The security techniques of a generic biometric system that are effective against
system attacks can be grouped in two classes:
1 vitality detection
2 biometric template protection,
whereas each class has its own appropriate security mechanisms. Designing of salient
feature detectors and robust matchers are other effective countermeasures that can reduce
the faults and failures of a biometric system. In addition, practical approaches like use of
multiple biometrics, good governance practices and physical security can also effective in
reducing the security threats of the biometric systems.
A taxonomy of biometric system vulnerabilities and defences 147
In order to assure the vitality signs from biometric samples, different techniques have
been proposed in literature. Singh and Singh (2011) have proposed a classification of
current state-of-the-art vitality detection techniques of commonly used biometrics (e.g.,
fingerprint, face and iris) which is shown in Figure 5. The existing techniques can
broadly be divided into two classes:
1 hardware-based techniques
2 software-based techniques.
Hardware-based techniques detect the vitality signs from the available biometric sample
during the acquisition stage. These methods use an extra hardware to acquire the life
signs from presented biometric data. For example, the techniques used to measure the
vitality signs from fingertip placed on sensor include temperature (Kallo et al., 2001),
148 Y.N. Singh and S.K. Singh
odour (Baldissera et al., 2006), pulse oxiometry (Reddy et al., 2008), blood flow (Lapsley
et al., 1998) and spectral information (Coli et al., 2007). An integration of specific device
at the sensor increases the cost of the system while the additional circuitry could make it
invasive to the users.
Figure 6 (a) Fingerprints: real, silicon and gummy (Matsumoto et al., 2002) (b) Faces: fake and
live (Jee et al., 2006) (c) Irises: real and fake (Daugman, 1999) (see online version
for colours)
⎧accept, if M ( Fk (T ), Fk (Q) ) ≥ λ
Decision = ⎨
⎩reject, otherwise.
The schematic diagram of template transformation process is shown in Figure 7(b). The
choice of function F should be non-invertible. Because, the non-invertible transform is
strictly a one-way function. It means that for a given transformed information Fk(T) with
an user’s key k, the original template T should not be revoked in a reasonable amount of
time. Consequently, it is computationally harder for an adversary to invert a transformed
template to its original form even if the user’s key is compromised. The key issues of a
template transformation techniques are the selection of a transformation function that
A taxonomy of biometric system vulnerabilities and defences 151
conserved the discriminability of template or query data and maintained the secrecy of
user specific key utilised in the transformation process. Practically, it is harder to design
a transformation function that meets both the requirements of discriminability and
non-invertibility, simultaneously.
Figure 7 (a) The PlusID is a portable device with a built in fingerprint sensor (b) Schematic
diagram of template transformation technique used for template protection in biometric
security system (see online version for colours)
(a) (b)
Note: Upon scanning a finger and matching it with the stored template, the device
wirelessly transmits a secure key that can be used for authentication
(http://www.privaris.com).
In the literature, different non-invertible transformation functions have been proposed for
different biometrics, i.e., fingerprint (Ratha et al., 2007), face (Wang and Hatzinakos,
2009), iris (Chin et al., 2006) speech (Teoh and Chong, 2010), etc. In general, the
suitability of a transformation function depends on the selected biometric, characteristics
of the feature set and the application area. The concept of cancellable biometric
perpetrated by Bolle et al. (2002) as a security enhancing technique to produce
anonymous biometric data is of great interest among biometric researchers. It protects the
biometric system from unauthorised tracking of the individuals and restricting the
possibility of cross-matching among different biometric databases, thus preserving an
individual’s privacy.
Ratha et al. (2007) have generated cancellable fingerprint templates using
non-invertible transforms. They have proposed Cartesian, polar and surface folding
transforms for minutiae data. Wang and Hatzinakos (2009) have addressed the problem
of changeable face and privacy preserving face recognition. They have proposed a
technique for generating cancellable faces using random projection in conjunction with a
sorted index numbers. A cancellable iris biometrics, coined as S-iris encoding has been
proposed by Chin et al. (2006). S-iris encoding combines iris feature and tokenised
152 Y.N. Singh and S.K. Singh
pseudo-random number via iterated inner product and render a set of cancellable bit
string. Teoh and Chong (2010) have presented a two factor cancellable formulation for
speech biometric using probabilistic random projection. The method offered the
protection of speech signal by hiding the actual speech feature through the random
subspace projection process.
The practical utilisation of biometric template security are reported in TURBINE
(http://www.turbine-project.eu) and UIDAI (http://www.uidai.gov.in) projects. The aim
of Trusted Revocable Biometric Identities (TURBINE) project is to commercialise eID
through fingerprint biometrics and enhanced privacy protection. The research interest of
the project is to do the identity verification in the transformed domain so that the data for
authentication cannot be used to restore the original biometric information. In addition,
anonymous data is to be created for different applications from an individual’s fingerprint
whilst ensuring that these identities cannot be linked to each other. In UIDAI project the
templates are secured using encryption-decryption criterion. The original biometric
images of fingerprints, irises and face are archived and stored offline while only the
encrypted information is stored on the server for verification purpose. Therefore, data
used by automatic biometric identification system is anonymised as claimed by the
authority.
Figure 8 Schematic diagram of biometric cryptosystem technique used for template protection in
biometric security system (see online version for colours)
Soutar et al. (1998) have among the first who developed an earliest biometric encryption
system that linked and retrieved a digital key using the interaction of fingerprint images.
Juels and Sudan (2002) have proposed a cryptographic construction called a fuzzy vault
that is capable to handle the intraclass variations present in the biometric data. It is
operated in a key binding mode where users place a secret value in a fuzzy vault and lock
it using an unordered set (e.g., minutiae in fingerprints). The ability of fuzzy vault is to
work with the unordered sets and handles the intraclass variations making it a favourable
solution for biometric cryptosystems. Hao and Chan (2002) have proposed a
cryptosystem that generates the secret keys from online signatures. On the database of
25 subjects, they have collected ten signatures for each subject. For each signature they
have defined 43 features like pressure, stroke, direction and speed etc. Feature coding is
used to quantise each feature into bits that are concatenated to generate a strings of 0’s
and 1’s. On an average 40-bits key entropy the system achieved the false non-match rate
of 28%, false match rate of 1.2% and an equal error rate of 8%.
Clancy et al. (2003) have proposed a fuzzy vault scheme for fingerprint and given the
name fingerprint vault. The scheme is based on the location of minutia points which are
recorded as real points form a locking set. A secret key is derived from these minutia
points using polynomial reconstruction. Hao et al. (2006) have proposed a method to
integrate the iris code into cryptographic application. They have shown that the keys are
generated from iris biometric using error-correction that can be changed to produce
different keys. The advantage of producing different keys for different applications is to
make infeasible for an adversary to circumvent all systems simultaneously. The technique
has evaluated on iris images of 70 subjects, with ten images from each eye. On a key
length of 140-bits, an error free key can be reproduced reliably from genuine iris codes
with a 99.5% success rate.
154 Y.N. Singh and S.K. Singh
4 Discussion
Biometric systems are being widely used for reliable identity management, but the
systems themselves are vulnerable to a number of security threats. Biometric security
A taxonomy of biometric system vulnerabilities and defences 155
systems are recumbent to deliberate or inattentive security lapses that can lead to
illegitimate intrusion, DoS or theft of individual’s sensitive information enrolled in the
system. Among the described vulnerabilities that are related to the development and use
phase of a biometric system, attacks on the stored biometric templates is a major concern.
Because there is a strong linkage between an individual’s template and his/her identity, in
addition the biometric templates are irrevocable. We believe that the available template
protection techniques are not yet matured for handling large scale security applications.
However, the choice of a template protection technique depends on the application
scenario and its requirements.
The vulnerabilities of a biometric system are mainly related to the apparent nature of
the relevant information and limited vitality detection mechanisms incorporated in the
system. It is not hard for an adversary to create a spoof biometric from a biometric
sample of a genuine user or even a stored template is stolen and gain illegitimate access.
Many state-of-the-art vitality detection techniques are known for different biometrics
but it has been suggested that the simultaneously acquisition of multiple biometric
identities from people during enrolment can be a good solution for detecting the vitality
signs from biometric samples. On the other hand, bioelectrical signals such as the
ECG or electroencephalogram (EEG) are emerging as new biometrics for individual
authentication. Study suggests that the impulses of cardiac rhythm and the electrical
activity of brain recorded in the ECG and EEG, respectively show unique features among
individuals, therefore they can be suggested to use as biometric (Singh and Singh, 2012).
The favourable characteristic to use the ECG or EEG as biometric is their inherent feature
of vitality that signify the life signs which is a strong protection against spoof attacks.
To effectively guard against vulnerabilities, different techniques have been proposed
to protect the stored template. Moreover, the design of a template protection technique
depends entirely on the representation of the biometric features. For example, a
non-invertible transform is a good choice for minutia-based fingerprint features while
biometric cryptosystem can be a good choice for a fixed-length binary representation of
iris code. However, if the biometric samples have large intraclass variations then neither
non-invertible transform nor biometric cryptosystem techniques are possible to apply.
Despite the advantages of different template protection techniques, there is no
sustained efforts have been seen for the adoption of such security technologies by the
biometric industry. The reason may be due to lack of standards for designing and storing
modified templates, computationally expensive matching process and increase in
authentication error using modified templates. However, we believe that more secure
techniques will weaken the security threats and provide confidence about the integrity of
the system.
5 Conclusions
As the use of biometric-based authentication become more popular, the security issue
probably represents the most important concern that has to be addressed during the
design of a biometric authentication system. Biometric systems are vulnerable against a
number of threats. We have classified the threats of a biometric system as faults, failures
and security attacks. A high-level categorisation of the biometric systems vulnerabilities
is presented, in particular a multidimensional environment of vulnerabilities are
represented by Ishikawa’s diagram. To guard against vulnerabilities, the defence
156 Y.N. Singh and S.K. Singh
techniques such as vitality detection and biometric templates protection are critically
reviewed. In particular, a classification of current state-of-the-art of vitality detection
techniques of commonly used biometrics (e.g., face, fingerprint and iris) is given.
We have critically reviewed the vitality detection techniques and evaluated their
performances on the datasets and the test conditions used for the experiment.
A template protection technique with provable security and acceptable recognition
performance remains to be puzzled. The commonly used template protection techniques
proposed in the literature such as biometric template transformation and biometric
cryptosystem are discussed. The performance of template protection techniques are
estimated on the datasets and the test conditions used in the experiment. We believe that
the available template protection techniques are not yet sufficiently matured for large
scale applications.
References
Adler, A. (2003) ‘Sample images can be independently restored from the face recognition
templates’, Proc. Can. Conf. Elect. Comput. Eng. (CCECE), Montral, QC, Canada,
pp.1163–1166.
Antonelli, A., Capelli, R., Maio, D. and Maltoni, D. (2006) ‘Fake finger detection by skin distortion
analysis’, IEEE Transactions on Information Forensics Security, Vol. 1, No. 3, pp.360–373.
Bairavasundaram, L.N., Goodson, G.R., and Schroeder, B., Dusseau, A.C.A. and Dusseau, R.H.A.
(2008) ‘An analysis of data corruption in the storage space’, Proc. 6th USENIX Conference on
File and Storage Technologies, pp.223–238.
Baldissera, D., Franco, A., Maio, D. and Maltoni, D. (2006) ‘Fake fingerprint detection by
odor analysis’, Proc. International Conference on Biometric, ICB 2006, LNCS, Vol. 3832,
pp.265–272.
Bolle, R.M., Connell, J.H. and Ratha, N.K. (2002) ‘Biometric perils and patches’, Pattern
Recognition, Vol. 35, No. 12, pp.2727–2738.
Bredin, H. and Chollet, G. (2007) ‘Audiovisual speech synchrony measure: application to
biometrics’, EURASIP Journal on Advances in Signal Processing, Article ID 70186, pp.1–11.
Chang, S., Secker, J., Xiao, Q., Reid, B., Bergeron, A. and Almuhtadi, W. (2011) ‘Arficial finger
detection by spectrum analysis’, Int. J. Biometrics, Vol. 3, No. 4, pp.376–389.
Chetty, G. and Wagner, M. (2004) ‘Liveness verification in audio video speaker authentication’,
Proc. 10th Australian International Conference on Speech Science & Technology, Sydney,
pp.358–363.
Chin, C.S., Jin, A.T.B. and Ling, D.N.C. (2006) ‘High security iris verification system
based on random secret integration’, Computer Vision and Image Understanding, Vol. 102,
pp.169–177.
Clancy, T.C., Kiyavash, N. and Lin, D.J. (2003) ‘Secure smartcard-based fingerprint
authentication’, Proc. 2003 ACM SIGMM Workshop Biometrics Method and Application
(WBMA), pp.1–10.
Coli, P., Marcialis, G.L. and Roli, F. (2007) ‘Power spectrum-based fingerprint vitality detection’,
Proc. IEEE Workshop on Automatic Identification Advanced Technologies, AutoID,
pp.169–173.
Daugman, J. (1999) ‘Recognizing persons by their iris patterns: countermeasures
against subterfuge’, in Jain, A.K., Bolle, R. and Pankanti, S. (Eds.): Biometrics: Personal
Identification in Networked Society, Kluwer, Cambridge University, Cambridge.
Dunstone, T. and Poulton, G. (2011) ‘Vulnerability assessment’, Biometric Technology Today,
No. 5, pp.5–7.
A taxonomy of biometric system vulnerabilities and defences 157
Galbally, J., Alonso-Fernandez, F., Fierrez, J. and Ortega-Garcia, J. (2012) ‘A high performance
fingerprint liveness detection method based on quality related features’, Future Generation
Computer Systems, Vol. 28, No. 1, pp.311–321.
Gray, J. (2001) ‘Functionality, availability, agility, manageability, scalability – the new priorities of
application design’, available at http://www.research.microsoft.com/ (accessed on June 2011).
Grottke, M., Matias, R. and Trivedi, K.S. (2008) ‘The fundamentals of software aging’, Proc. IEEE
Int’l. Symposium on Software Reliability Engineering, pp.1–6.
Hao, F. and Chan, C.W. (2002) ‘Private key generation from online handwritten signatures’,
Information Management & Computer Security, Vol. 10, No. 2, pp.159–164.
Hao, F., Anderson, R. and Daugman, J. (2006) ‘Combining crypto with biometrics effectively’,
IEEE Trans. on Computers, Vol. 55, No. 9, pp.1081–1088.
Higgins, A., Bahler, L. and Porter, J. (1991) ‘Speaker verification using randomized phrase
prompting’, Digital Signal Process., Vol. 1, pp.89–106.
Ishikawa, K. (1986) ‘Guide to quality control’, Asian Productivity Organization, 2nd ed., White
Plains, New York.
Jain, A.K., Nandkumar, K. and Nagar, A. (2008) ‘Biometric template security’, EURASIP Journal
of Advances in Signal Processing, Article ID 579416, pp.1–17.
Jee, H.K., Jung, S.U. and Yoo, J.H. (2006) ‘Liveness detection for embedded face recognition
system’, International Journal of Biomedical Sciences, Vol. 1, No. 4, pp.235–238.
Juels, A. and Sudan, M. (2002) ‘A fuzzy vault scheme’, ISIT 2002, Lausanne, Switzerland, 408p.
Kallo, P., Kiss, I., Podmaniczky, A. and Talosi, J. (2001) ‘Detector for recognizing the living
character of a finger in a fingerprint recognizing apparatus’, Dermo Corporation, U.S. Patent
No. 6,175,64.
Kollreider, K., Fronthaler, H. and Bigun, J. (2005) ‘Evaluating liveness by face images and
the structure tensor’, Proc. Fourth IEEE Workshop on Automatic Identification Advanced
Technologies, pp.17–18.
Laprie, A.J.C., Randell, B. and Landwehr, C. (2004) ‘Basic concepts and taxonomy of dependable
and secure computing’, IEEE Transactions on Dependable and Secure Computing, Vol. 1,
No. 1, pp.11–33.
Lapsley, P., Less, J., Pare, D. and Hoffman, N. (1998) ‘Anti-fraud biometric sensor that accurately
detects blood flow’, SmartTouch, LLC, US Patent #5,737,439.
Li, J., Wang, Y., Tan, T. and Jain, A.K. (2004) ‘Live face detection based on the analysis of Fourier
spectra’, Biometric Technology for Human Identification, Vol. 5404 of Proceedings of SPIE,
Orlando, Fla, USA, pp.296–303.
Maltoni, D., Maio, D., Jain, A.K. and Prabhakar, S. (2009) Handbook of Fingerprint Recognition,
2nd ed., Springer Professional Computing.
Martinez-Diaz, M., Fierrez, J., Galbally, J. and Ortega-Garcia, J. (2011) ‘An evaluation of indirect
attacks and countermeasures in fingerprint verification systems’, Pattern Recognition Letters,
Vol. 32, No. 12, pp.1643–1651.
Matsumoto, T. (2004) ‘Artificial fingers and irises: importance of vulnerability analysis’, Proc. 7th
Int’l.. Biometrics Conference, London.
Matsumoto, T. (2007) ‘Assessing the security of advanced biometric systems: finger, vein and iris’,
Proc. 10th Int’l. Biometrics Conference, London.
Matsumoto, T., Matsumoto, H., Yamada, K. and Hoshino, S. (2002) ‘Impact of artificial gummy
fingers on fingerprint systems’, Proc. SPIE, Optical Security and Counterfeit Deterrence
Techniques IV, San Jose, USA, Vol. 4677, pp.275–89.
Moon, Y.S., Chen, J.S., Chan, K.C., So, K. and Woo, K.C. (2005) ‘Wavelet based liveness
detection’, Electronics Letters, Vol. 41, No. 20, pp.1112–1113.
O’Gorman, L. (2003) ‘Comparing passwords, tokens, and biometrics for user authentication’,
Proceedings of the IEEE, Vol. 91 No. 12, pp.2021–2040.
158 Y.N. Singh and S.K. Singh
Parthasaradhi, S.T.V., Derakhshani, R., Hornak, L.A. and Schuckers, S.A.C. (2005) ‘Time-series
detection of perspiration as a liveness test in fingerprint devices’, IEEE Transactions on
Systems Man and Cybernetics C, Vol. 35, No. 3, pp.335–343.
Phillips, P.J., Wechsler, H., Huang, J. and Rauss, P.J. (1998) ‘The FERET database and evaluation
procedure for face recognition algorithms’, Image and Vision Computing Journal, Vol. 16,
No. 5, pp.295–306.
Ratha, N.K., Chikkerur, S., Connell, J.H. and Bolle, R.M. (2007) ‘Generating cancelable
fingerprint templates’, IEEE Trans. Pattern Analysis and Machine Intell., Vol. 29, No. 4,
pp.561–572.
Ratha, N.K., Connell, J.H. and Bolle, R.M. (2001) ‘An analysis of minutiae matching strength’,
Paper presented at the International Conference of Audio and Video based Biometric
Authentication, 6–8 June, Halmstad, Sweden.
Reddy, P.V., Kumar, A., Rahman, S.M.K. and Mundra, T.S. (2008) ‘A new antispoofing approach
for biometric devices’, IEEE Transactions on Biomedical Circuits and Systems, Vol. 2, No. 4,
pp.328–337.
Roberts, C. (2007) ‘Biometric attack vectors and defenses’, Computers and Security, Vol. 26,
No. 1, pp.14–25.
Schneier, B. (1999) ‘The uses and abuses of biometrics’, Communication to ACM, Vol. 42, No. 8,
136p.
Schuckers, S.A.C. (2002) ‘Spoofing and anti-spoofing measures’, Information Security Technical
Report, Vol. 7, No. 4, pp.56–62.
Singh, Y.N. (2011) ‘The challenges of UID environment’, Proc. of National Conference UID-2011,
Impact of Aadhaar in Governance, Computer Society of India, Lucknow, pp.153–161.
Singh, Y.N. and Gupta, P. (2009) ‘Biometric method for human identification using
electrocardiogram’, Proceedings of ICB 2009, Lecture Notes of Computer Science, Vol. 5558,
pp.1270–1279.
Singh, Y.N. and Gupta, P. (2011) ‘Correlation-based classification of heartbeats for individual
identification’, Journal of Soft Computing, Vol. 15, No. 3, pp.449–460, Springer.
Singh, Y.N. and Singh, S.K. (2011) ‘Vitality detection from biometrics: state-of-the-art’,
Proc. World Congress on Information and Communication Technology (WICT), Mumbai,
pp.106–111.
Singh, Y.N. and Singh, S.K. (2012) ‘Bioelectrical signals as emerging biometrics: issues
and challenges’, ISRN Signal Processing, Article ID 712032, 13p, doi:10.5402/2012/712032.
Singh, Y.N., Singh, S.K. and Gupta, P. (2012) ‘Fusion of electrocardiogram with unobtrusive
biometrics: an efficient individual authentication system’, Pattern Recognition Letters,
Vol. 33, pp.1932–1941.
Soutar, C., Roberge, D., Stoianov, A., Gilroy, R. and Kumar, B.V. (1998) ‘Biometric encryption:
enrollment and verification procedures’, Proc. SPIE, Optical Pattern Recognition IX,
Vol. 3386, pp.24–35.
Teoh, A.B.J. and Chong, L.Y. (2010) ‘Secure speech template protection in speaker verification
system’, Speech Communication, Vol. 52, pp.150–163.
Toth, B. (2005) ‘Biometric liveness detection’, Information Security Bulletin, Vol. 10, pp.291–297.
Uludag, U. and Jain, A.K. (2004) ‘Attacks on biometric systems: a case study in fingerprints’,
Paper presented at the SPIE-EI Security, Steganography and Watermarking of Multimedia
Contents VI, 18–22 January, San Jose, CA.
US Department of Transportation (1998) ‘Audit report: advance automation system’, Report
AV-1998-113.
van der Putte, T. and Keuning, J. (2000) ‘Biometrical fingerprint recognition: don’t get your fingers
burned’, Proc. Fourth Working Conference on Smart Card Research and Advanced
Applications, Kluwer Academic Publishers, pp.289–303.
A taxonomy of biometric system vulnerabilities and defences 159
Wang, Y. and Hatzinakos, D. (2009) ‘Sorted index numbers for privacy preserving
face recognition’, EURASIP Journal on Advances in Signal Processing, Article ID 260148,
pp.1–16.
Watson, A. (2007) ‘Biometrics: easy to steal, hard to regain identity’, Nature, Vol. 449, 535p.