Provoking security: Spoofing attacks against crypto-biometric systems

Abstract

Over the past decade, the trustworthiness of biometrics during authentication, and mostly, verification processes has been compromised by spoofing attackers sprang up to exploit the security gaps. In terms of spoofing, a non-colluding honest entity tries to fake somebody else's identity by presenting samples of that person's traits, or tries to gain benefit from the “leakage” of stored biometric information in a database or an electronic chip. Literature efforts are devoted to studying model threats and problems raised by targeted malicious actions for biometric systems. However, prevention mechanisms for supporting complicated schemes and the cryptography's role in the area have not received much attention. This paper presents crypto-biometric techniques, analyzing comparatively the different categories according to the main goal of the design and the methodology used in. Intrusions and countermeasures for single and multiple modalities based cryptographic approaches are covered. Finally, a novel bimodal system is suggested, able to reject such kind of attacks, presenting an anti-spoofing behavior under the cooperation between user and the function. The aim of this multidisciplinary work is to organize the current performances on how to develop security, pinpoint the potentiality for improvements and contribute to research in addressing fraud for real-world cases.