Evaluating Biometric Security (Invited keynote paper)
Fabian Monrose, and
Growing interest in biometric security has resulted in much work on
systems that attempt to exploit the individuality of human behavior.
In this paper, we survey our recent research examining
issues arising when such biometrics are to be used for authentication or
cryptographic key generation.
We propose steps towards the development of more rigorous
evaluation methodologies for behavioral biometrics that take into
account threat models previously ignored in the literature.
pervasive assumption that adversaries are minimally motivated (or, even
worse, naive), or that attacks can only be mounted through manual
effort, is too optimistic and even dangerous.
The discussion is illustrated by summarizing our analysis
of a handwriting-based key generation system showing that
the standard evaluation methodology significantly overestimates its security.
We also present an overview of our work on fully automated (generative) attack models
that can be nearly as effective as
skilled human forgers and thus present both a serious threat as well as a potential
tool for improving the testing of biometric systems.