Quantitative security evaluation of a multi-biometric authentication system

Authors:
Leonardo Montecchi;Paolo Lollini;Andrea Bondavalli;Ernesto La Mattina
Affiliations:
University of Florence, Firenze, Italy;University of Florence, Firenze, Italy;University of Florence, Firenze, Italy;Engineering Ingegneria Informatica S.p.A., Palermo, Italy
Venue:
SAFECOMP'12 Proceedings of the 2012 international conference on Computer Safety, Reliability, and Security
Year:
2012

Citing 11
Cited 0

An Introduction to Evaluating Biometric Systems

Computer
An Introduction to Evaluating Biometric Systems

Computer
Casper: A Compiler for the Analysis of Security Protocols

CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
Automated Generation and Analysis of Attack Graphs

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Model-Based Evaluation: From Dependability to Security

IEEE Transactions on Dependable and Secure Computing
Encyclopedia of Biometrics

Encyclopedia of Biometrics
Adversary-driven state-based system security evaluation

Proceedings of the 6th International Workshop on Security Measurements and Metrics
Lessons from Stuxnet

Computer
Model-based Security Metrics Using ADversary VIew Security Evaluation (ADVISE)

QEST '11 Proceedings of the 2011 Eighth International Conference on Quantitative Evaluation of SysTems
Characterizing Attackers and Attacks: An Empirical Study

PRDC '11 Proceedings of the 2011 IEEE 17th Pacific Rim International Symposium on Dependable Computing
On the security of public key protocols

IEEE Transactions on Information Theory

Quantified Score

Hi-index	0.00

Visualization

Abstract

Biometric authentication systems verify the identity of users by relying on their distinctive traits, like fingerprint, face, iris, signature, voice, etc. Biometrics is commonly perceived as a strong authentication method; in practice several well-known vulnerabilities exist, and security aspects should be carefully considered, especially when it is adopted to secure the access to applications controlling critical systems and infrastructures. In this paper we perform a quantitative security evaluation of the CASHMA multi-biometric authentication system, assessing the security provided by different system configurations against attackers with different capabilities. The analysis is performed using the ADVISE modeling formalism, a formalism for security evaluation that extends attack graphs; it allows to combine information on the system, the attacker, and the metrics of interest to produce quantitative results. The obtained results provide useful insight on the security offered by the different system configurations, and demonstrate the feasibility of the approach to model security threats and countermeasures in real scenarios.