Not for General Distribution: to Be Published

Introduction Biometric devices have been suggested for use in applications from access to personal computers, automated teller machines, credit card transactions, electronic transactions to access control for airports, nuclear facilities, and border control. Given this diverse array of potential applications, biometric devices have the potential to provide additional security over traditional security means such as passwords, keys, signatures, picture identification, etc. While biometrics may improve security, biometric systems also have vulnerabilities. System vulnerabilities include attacks at the biometric sensor level, replay attacks on the data communication stream, and attacks on the database, among others [1]. This chapter will focus on the vulnerability of attacks at the sensor level, including the spoof attack or use of an artificial biometric sample to gain unauthorized access. Several recent highly publicized articles which reported on the spoofing vulnerabilities will be described, in addition to spoofing research performed in my laboratory at West Virginia University. Finally, anti-spoofing measures which can be implemented to minimize the risk of an attack will be summarized. Spoofing Background Attacks at a biometric sensor level can be divided into several scenarios [2]. Attacks can include forcibly compelling a registered user to verify/identify, presenting a registered deceased person or dismembered body part, using a genetic clone, and introduction of fake biometric samples or spoofing. Several of these scenarios are described below and potential solutions apply to most. Attacks using force and genetic clones are the exception. For attacks using force, this risk exists with currently used security measures. Things used to minimize risk include cameras, " panic " buttons, alarms, etc. In the case of genetic clones, in most cases, biometric samples still differ between individuals, even identical twins. However, the algorithm may not be robust enough to distinguish these differences. DNA is an exception, where clones would be identical; however, DNA has not been developed at this point for use in a verification/identification scenario. Before spoofing is described in more detail, it may be helpful to discuss how the false accept ratio, a typical assessment measure of biometric devices, is related to spoofing. A false accept is when a submitted sample is incorrectly matched to an template enrolled by another user [3]. This only refers to a zero effort attempt, i.e., an unauthorized user making an attempt with their own biometric to gain access to a system. If the false accept ratio is kept low, then the probability of specific …