Security-related issues are creeping in almost every authentication problem. Even the secured systems may be exposed to unknown attacks. While addressing one aspect of security, one tends to forget how vulnerable our system is to other attacks. Therefore, it is necessary to understand the impact of these attacks completely and also to get a vision of the hazard they may put when combined together. In this chapter, the authors focus on two such attacks on iris biometric: replay attack and template attack. They provide a detailed analysis of current research work on each of it individually. The comparative study of solutions to these individual attacks is done with the techniques that aim at combining these two attacks. The authors clearly bring out the advantages of the latter approach, which is the driving force in need for a shift to more innovative ideas.
TopIntroduction
The rising rate of population is one of the biggest concerns throughout the world. It is not only creating more and more human data, but also paving path to unemployment, poverty, frustration, drug addiction etc., leading to an increase in crime rate. With so many cases of sexual harassment, murders, rapes, scams being reported each day, another challenge that comes along with it, is the concern to correctly authenticate the person. To be able to clearly segregate criminals, intruders from the “good” citizens, the now outdated methods of issuing a unique identification cards like social security number (SSN) in America, social insurance number (SIN) in Canada to individuals are just not enough. The manual verification of these cards/numbers involves human involvement which is easily prone to errors. There can be fake generation of these cards and these are also prone to thefts.
Biometric came as a savior by eradicating the necessity of maintaining these cards, yet allowing unique individual identification. Biometric is derived from Greek word which literally means “to measure life”. It is not bounded by any sort of physical boundaries and allows inter-disciplinary verification at multiple platforms. Its widespread usage and popularity began surfacing in early 2000’s with the inception of generic systems to identify several different biometrics – finger, hand geometry, iris, face, vein etc.
In the past decade, iris biometric has emerged as a powerful and a stable biometric. It is an internal part to the eye, which is formed at the seventh month of gestation and remains stable throughout the life span of an individual. The non-intrusive ways of capturing this biometric over others like fingerprint, palm, makes it easily acceptable. It has been recently deployed in one of the biggest projects of Aadhaar Card in India. Some other applications include its successful deployment in Apple iPhone, for border security in UAE since 2001, Canada’s Restricted Area Identity Card (RAIC) for airport staff to get access to restricted area, by Google to control access to their data centers.
So, does it mean that the problem of uniquely identifying the user is solved? The answer is NO. Hackers and impostors always find a way around to crack and fool any system. So is the case with biometrics, hackers hired by Chinese government in 2014 were able to break through the Office of Personnel Management and carried off with fingerprints data of 5.6 million Americans. Researchers have been able to build a 3D model of person’s head using photographs. This was able to fool some of the facial recognition tools they tested. Researchers have been able to identify several possible attack points on a biometric system. These attack points can identify various attacks as spoofing attack, replay attack, overriding system, tampering with the feature representation, corrupting the matcher, database attack, channel attack and tampering with final decision. Out of these, most potential attacks on a system are – spoofing and template attack. Replay attack though less explored, has been found to pose a great challenge to the security.
The main objective of this chapter is to provide a detailed analysis of the security issues related to iris biometric. With the focus on addressing one attack, one tends to overlook the threat of other attack at that time. The pitfalls of handling each attack in isolation are explored. The chapter further provides the comparative analysis of existing solutions to handle each attach individually versus solutions to handle multiple attacks together. The chapter is organized as, first the security related issues in case of biometrics are discussed, and then replay attack and template attack is discussed in detail. This is followed by overview of modules of the techniques discussed here for the authentication process of iris biometric. Then the techniques combining solution to replay attack and template attack are reviewed in detail along with the importance they play in the authentication process. Lastly, the accuracy of each combined approach in comparison to other techniques has been presented.