For establishing trust in the security of IT products, security evaluations by independent third-party testing laboratories are the first choice. In some fields of application of biometric methods (e.g., for protecting private keys for qualified electronic signatures), a security evaluation is even required by legislation. The common criteria for IT security evaluation form the basis for security evaluations for which wide international recognition is desired. Within the common criteria, predefined security assurance requirements describe actions to be carried out by the developers of the product and by the evaluators. The assurance components that require clarification in the context of biometric systems are related to vulnerability assessment. This chapter reviews the state of the art and gives a gentle introduction to the methodology for evaluating the security of biometric systems, in particular of behavioral biometric verification systems.
TopIntroduction
Behavioral biometric characteristics, like the voice or handwritten signatures, are generally used for verification, i.e. for confirming a claimed identity through comparisons of biometric features, but rarely for identification, i.e. for finding identifiers attributable to a person through search among biometric features in a database, (see, e.g., ISO 19092, 2008). Therefore, we concentrate in this chapter on biometric verification systems.
Biometric verification systems are often embedded in larger systems as security mechanisms for user authentication purposes. Since the biometric characteristics of a person are bound to that person and cannot easily be presented by others, biometric methods can increase the binding of authentication processes to persons. It is, of course, a precondition that the biometric security mechanisms themselves are sufficiently secure (Prabhakar, Pankanti, & Jain, 2003).
There are long-established standards and best practices for ensuring IT security, including such for preventing and mitigating such threats as the unwarranted or unwanted dissemination, alteration, or loss of information. These apply also to biometric systems. The means to achieve security are largely cryptographic, but there are also other security mechanisms, like tamper-proof enclosures, log files, locked doors, guardians, or the separation of responsibilities. In addition to the general IT security issues, there are security issues specific to biometric systems: their recognition accuracy and fraud resistance. These are the subject of this chapter.
As most users lack the resources and expertise to evaluate the security of IT products on their own and are unwilling to rely solely on claims put forth by the developers, security evaluations by independent third-party testing laboratories are the first choice for building confidence in the security of IT products. In some fields of application of biometric technologies, a security evaluation based on officially recognized criteria like the Common Criteria for IT security evaluation (ISO/IEC 15408), also known simply as the Common Criteria, is even required by legislation (see section “Specific requirements” below).
This chapter is structured as follows: The next section provides a general introduction to the Common Criteria security assurance requirements. Section “Vulnerability analysis” clarifies the evaluation methodology that is specific to biometric systems. The final section briefly summarizes the main conclusions.