ABSTRACT
The problem of user authentication in identity management systems has a reliable solution provided by biometric recognition. Today, biometric systems have a widespread deployment in various applications-providing a powerful alternative to traditional authentication schemes. However, there are increasing concerns about the security and privacy of biometric technology. A biometric system is vulnerable to a variety of attacks aimed at undermining the integrity of the authentication process. These attacks are intended to either circumvent the security afforded by the system or to deter the normal functioning of the system. Vulnerability in a biometric system results in incorrect recognition or failure to correctly recognize individuals. Their existence in a biometric system is largely dependent on system design and structure, the type of biometrics used, and managerial policies. A high-level categorization of the different vulnerabilities of a biometric system is presented. Vulnerability analysis determines the imposter usage of the vulnerabilities with the aim of breaking the security policy. The chapter deals with vulnerability assessment and also presents a list of generalized vulnerabilities of a biometric system. Also, a framework for analyzing the vulnerabilities developed by the Biometrics Institute is presented. The proposed framework is capable of deriving useful metrics for the likelihood of a successful attack. As a solution for increasing the biometric system security, vitality detection and multimodal biometrics are also discussed. Given the right vulnerability analysis methodology and tools, it becomes easier for the system engineer to identify and analyze the potential points of attack and implement appropriate countermeasures for each.
