Biometric Systems and Security Design Principles

From Computing and Software Wiki

Revision as of 05:04, 3 December 2007

Analysis of Biometric Systems using Security Design Principles

Biometrics

Biometrics is the identification of a person through automated measurements using biological or behavioural features.

Biometric security systems are authentication mechanisms that bind an entity to a subject based on what the entity is, as opposed to what they know, what they have, or where they are. Within the past several years, biometric security systems have gained a lot of ground in terms of advancements in technology and widespread use. However, there is still a lot of reluctance to adopt the technology worldwide. A look at biometric security systems through security design principles should provide more answers.

Security Design Principles

The following eight design principles were created by Saltzer and Shroeder for the design and implementation of security mechanisms. These design principles encompass technical details and human interaction. They are also simple and easy to understand, which is why they will be used as a guide to analyze biometric security systems. The list of design principles are as follows: 1. Principle of Least Privilege: A subject should be given only those privileges that it needs in order to complete its task. 2. Principle of Fails-Safe Defaults: A subject should be denied access to an object unless the subject was given access. 3. Principle of Economy of Mechanism: Security mechanisms should be as simple as possible. 4. Principle of Complete Mediation: All accesses to objects are checked to ensure that they are allowed. 5. Principle of Open Design: Security of a mechanism should not depend on the secrecy of its design or implementation. 6. Principle of Separation of Privilege: A system should not grant permission based on a single condition. 7. Principle of Least Common Mechanism: Mechanisms used to access resources should not be shared. 8. Principle of Psychological Acceptability: Security mechanisms should not make the resource more difficult to access than if the security mechanisms were not present.

Breaking a Biometrics Security System

In addition to looking at biometric security systems from a design and implementation perspective, understanding a biometrics security system from an attacker’s perspective is also important. In general, there are seven different types of attacks, they are the following: - Type 1: Fake biometric sensor - Type 2: Replay attacks - Type 3: Trojan horse program at feature extractor - Type 4: Real features replaced by synthetic features. - Type 5: Trojan horse program at matcher. - Type 6: Attacks modifying database of templates. - Type 7: Results overridden.

Analysis

Principle of Least Privilege The design of the biometric security system itself is very linear hence, only the channels themselves need to be protected. This means that overall, processes cannot be accessed past the sensor if the sensor themselves have not been used. From this perspective, the design is secure. However, the system is still vulnerable from all attacks that attack each process directly (type 3, 5, and 6 attacks).

Principle of Fail-Safe Default The principle of fail-safe default is an excellent principle to follow for security mechanisms, but it falls short due to an implicit assumption within the principle itself. The principle assumes that security mechanisms will always work perfectly if all the requirements are passed. However, with biometric security systems, that is not the case. Biometric security systems are not perfect so they don’t always pass legitimate users and at the same time, they also pass the invalid users as well. Show chart of failure rate.

Principle of Economy of Mechanism In the design of the biometric security systems, each channel must be protected and

Conclusion