Risk Analysis of Biometric Systems
Christos K. Dimitriadis, Despina Polemi
2004
Abstract
This paper, presents a risk analysis knowledgebase, which aims to enhance existing risk analysis methodologies and tools, by adding the capability of analyzing the risk of the biometric component of an information system. The knowledgebase was created by applying the Multi-Criteria Analysis methodology to the results of research in the security aspect of biometric technologies. The result is a set of vulnerabilities, risk factors and countermeasures for biometric systems.
References
- Wayman, J.L., Mansfield, A.J.: Best practices of testing and reporting performance of biometric devices. http://www.cesg.gov.uk/site/ast/biometrics/media/BestPractice.pdf. (2002)
- Certified Information Systems Auditor Manual. Information Systems Audit and Control Association (2003)
- Peltier, T.R.: Information Security Risk Analysis. CRC press LLC USA (2001)
- King, M., Dalton, C., Osmanoglu, T.: Security Architecture. RSA press USA (2001)
- Operationally Critical Threat, Asset, and Vulnerability Evaluation method (OCTAVE). http://www.cert.org/octave
- CCTA Risk Analysis and Management Method (CRAMM). http://www.cramm.com.
- Consultative, Objective and Bi-functional Risk Analysis (COBRA). http://www.securityrisk-analysis.com/introcob.htm
- Multi-Criteria Analysis manual. http://www.odpm.gov.uk
- Matsumoto, T., Matsumoto, H., Yamada, K., Hoshino, S.: Impact of artificial fingers on fingerprint systems. Proceedings of SPIE, Vol. 4677. Yokohama (2002)
- Van der Putte, T., Keuning, J.: Biometrical fingerprint recognition - don't get your fingers burned. IFIP TC8/WG8.8 Fourth Working Conference on Smart Card Research and Advanced Applications. Kluwer Academic Publishers. (2000) 289-303
- Sudan, M., Jules, A.:A fuzzy Vault Scheme. IEEE Internation Symposium on Information Theory. IEEE Press Lausanne Switzerland (2002) 408
- Gandolfi, K., Mourtel, C., Olivier, F.: Electromagnetic Analysis: Concrete Results. Lecture Notes in Computer Science, Vol. 2162. Springer-Verlag (2001) 251-261
- Kocher, P., Jaffe, J., Jun, B.: Introduction to Differential Power Analysis and Related Attacks. http://www.cryptography.com/technology/dpa/DPATechnicalInfo.PDF. (1998)
- IST-1999-20078 Business environment of biometrics involved in e-commerce. http://expertnet.net.gr/bee (2002)
- Prabhakar, S., Pankanti, S., Jain, A.: Biometric Recognition Security and Privacy Concerns. IEEE Security and Privacy, March /April (2003) 33-42
- Bolle, R.M., Connell, J.H., Ratha, N.K.: Biometric perils and patches. Pattern Recognition, Vol. 35, no. 12 (2002) 2727-2738
- Smith, R.: The biometric Dilemma. Secure Computing (2002)
- Pardalos, P., Siskos, Y., Zopounidis, C.: Advances in Multicriteria Analysis. Kluwer Academic Publishers Dordrecht Hardbound (1995)
- Know your enemy series. The Honeynet project. http://www.honeynet.org
- IST-2002-001766 Biometrics and Security - BIOSEC. http://biosec.tid.es
Paper Citation
in Harvard Style
K. Dimitriadis C. and Polemi D. (2004). Risk Analysis of Biometric Systems . In Proceedings of the 2nd International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2004) ISBN 972-8865-07-4, pages 23-32. DOI: 10.5220/0002650100230032
in Bibtex Style
@conference{wosis04,
author={Christos K. Dimitriadis and Despina Polemi},
title={Risk Analysis of Biometric Systems},
booktitle={Proceedings of the 2nd International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2004)},
year={2004},
pages={23-32},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002650100230032},
isbn={972-8865-07-4},
}
in EndNote Style
TY - CONF
JO - Proceedings of the 2nd International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2004)
TI - Risk Analysis of Biometric Systems
SN - 972-8865-07-4
AU - K. Dimitriadis C.
AU - Polemi D.
PY - 2004
SP - 23
EP - 32
DO - 10.5220/0002650100230032