Risk Analysis of Biometric Systems

Christos K. Dimitriadis, Despina Polemi


This paper, presents a risk analysis knowledgebase, which aims to enhance existing risk analysis methodologies and tools, by adding the capability of analyzing the risk of the biometric component of an information system. The knowledgebase was created by applying the Multi-Criteria Analysis methodology to the results of research in the security aspect of biometric technologies. The result is a set of vulnerabilities, risk factors and countermeasures for biometric systems.


  1. Wayman, J.L., Mansfield, A.J.: Best practices of testing and reporting performance of biometric devices. http://www.cesg.gov.uk/site/ast/biometrics/media/BestPractice.pdf. (2002)
  2. Certified Information Systems Auditor Manual. Information Systems Audit and Control Association (2003)
  3. Peltier, T.R.: Information Security Risk Analysis. CRC press LLC USA (2001)
  4. King, M., Dalton, C., Osmanoglu, T.: Security Architecture. RSA press USA (2001)
  5. Operationally Critical Threat, Asset, and Vulnerability Evaluation method (OCTAVE). http://www.cert.org/octave
  6. CCTA Risk Analysis and Management Method (CRAMM). http://www.cramm.com.
  7. Consultative, Objective and Bi-functional Risk Analysis (COBRA). http://www.securityrisk-analysis.com/introcob.htm
  8. Multi-Criteria Analysis manual. http://www.odpm.gov.uk
  9. Matsumoto, T., Matsumoto, H., Yamada, K., Hoshino, S.: Impact of artificial fingers on fingerprint systems. Proceedings of SPIE, Vol. 4677. Yokohama (2002)
  10. Van der Putte, T., Keuning, J.: Biometrical fingerprint recognition - don't get your fingers burned. IFIP TC8/WG8.8 Fourth Working Conference on Smart Card Research and Advanced Applications. Kluwer Academic Publishers. (2000) 289-303
  11. Sudan, M., Jules, A.:A fuzzy Vault Scheme. IEEE Internation Symposium on Information Theory. IEEE Press Lausanne Switzerland (2002) 408
  12. Gandolfi, K., Mourtel, C., Olivier, F.: Electromagnetic Analysis: Concrete Results. Lecture Notes in Computer Science, Vol. 2162. Springer-Verlag (2001) 251-261
  13. Kocher, P., Jaffe, J., Jun, B.: Introduction to Differential Power Analysis and Related Attacks. http://www.cryptography.com/technology/dpa/DPATechnicalInfo.PDF. (1998)
  14. IST-1999-20078 Business environment of biometrics involved in e-commerce. http://expertnet.net.gr/bee (2002)
  15. Prabhakar, S., Pankanti, S., Jain, A.: Biometric Recognition Security and Privacy Concerns. IEEE Security and Privacy, March /April (2003) 33-42
  16. Bolle, R.M., Connell, J.H., Ratha, N.K.: Biometric perils and patches. Pattern Recognition, Vol. 35, no. 12 (2002) 2727-2738
  17. Smith, R.: The biometric Dilemma. Secure Computing (2002)
  18. Pardalos, P., Siskos, Y., Zopounidis, C.: Advances in Multicriteria Analysis. Kluwer Academic Publishers Dordrecht Hardbound (1995)
  19. Know your enemy series. The Honeynet project. http://www.honeynet.org
  20. IST-2002-001766 Biometrics and Security - BIOSEC. http://biosec.tid.es

Paper Citation

in Harvard Style

K. Dimitriadis C. and Polemi D. (2004). Risk Analysis of Biometric Systems . In Proceedings of the 2nd International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2004) ISBN 972-8865-07-4, pages 23-32. DOI: 10.5220/0002650100230032

in Bibtex Style

author={Christos K. Dimitriadis and Despina Polemi},
title={Risk Analysis of Biometric Systems},
booktitle={Proceedings of the 2nd International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2004)},

in EndNote Style

JO - Proceedings of the 2nd International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2004)
TI - Risk Analysis of Biometric Systems
SN - 972-8865-07-4
AU - K. Dimitriadis C.
AU - Polemi D.
PY - 2004
SP - 23
EP - 32
DO - 10.5220/0002650100230032