Evaluation of biometric system performance in the context of Common Criteria

Fernandez-Saavedra, Belen; Sánchez-Reillo, Raúl; Liu-Jimenez, Judith; Miguel-Hurtado, Oscar

doi:10.1016/j.ins.2013.05.022

Cited by 5 publications

(7 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The research efforts of Hou and Yu [28] and Fernandez-Saavedra et al [29] are also close to the work carried out here since they used Common Criteria to evaluate information systems security. Hou and You [28] evaluated the use of Radio Frequency Identification (RFID) technology in a medicalhospital environment.…”

Section: B Information Security and The Common Criteria Standardsupporting

confidence: 62%

“…Hou and You [28] evaluated the use of Radio Frequency Identification (RFID) technology in a medicalhospital environment. Simultaneously, [29] assessed a biometric system, and both used literature review and best market practices for gathering the assessment criteria.…”

Section: B Information Security and The Common Criteria Standardmentioning

confidence: 99%

“…That is, it can be used in several IT products; -It enables comparison of independent security assessment results as it presents standard requirements related to the security aspect of IT products (hardware, software, or firmware). As presented in our literature analysis, CC has also been widely used for information security in companies and academia [27,28,29,49,51,53,35,56,57,58]. Institutions in the United States and Europe [36] already consider this critical assessment of security requirements in their products, especially in systems regarded as essential infrastructure (e. g. data communication links in aviation systems, satellite communication).…”

Section: Summary and Decision About Information Security Standardsmentioning

confidence: 99%

See 2 more Smart Citations

Proposal and Validation of a Standard Protection Profile for Homologation of Commercial Videoconferencing Equipment

2021

View full text Add to dashboard Cite

In the present work, we propose and validate a Common Criteria Standard Protection Profile (sPP) for videoconferencing equipment. The research presents the definition and analysis of the homologation system used to validate the standard protection profile, focusing on its application focused in a large Brazilian financial company. We address the main points to consider in the acquisition and current use of this product: reasonable information security assumptions, technical standards, recommendations, and international best cybersecurity practices. As a result, we have developed a Standard Protection Profile identifying the information security risks involved and the minimum parameters required in those systems acquired and used for Government environments. This paper also presents all tests performed to validate the proposed sPP. As the application is critical, involving sensitive data, our results can also foster less risky conditions in the myriad situations caused by the COVID pandemic.

show abstract

Section: B Information Security and The Common Criteria Standardsupporting

confidence: 62%

Section: B Information Security and The Common Criteria Standardmentioning

confidence: 99%

Section: Summary and Decision About Information Security Standardsmentioning

confidence: 99%

See 1 more Smart Citation

Proposal and Validation of a Standard Protection Profile for Homologation of Commercial Videoconferencing Equipment

2021

View full text Add to dashboard Cite

show abstract

“…• Receiver Operating Characteristic (ROC) which plots F N MR, F RR or T AR on Y-axis and F MR or FAR in X-axis • Detection Error Trade-off (DET ) curve which uses nonlinearly scaled axes to show the regions of error rates of interest • Expected Performance Curve (EPC) which uses a performance criterion like F MR to measure performance in terms of F N MR or vice-versa The first two curves are a posteriori as the evaluation is dependent on previous knowledge, and the last is a priori since it is independent of prior knowledge. A more comprehensive study was incorporated in [78], where TBS performance evaluation was restructured considering the international Common Criteria (CC) for Information Technology (IT) Security Evaluation and its Common Evaluation Methodology (CEM) guidelines, viewing TBS as IT systems.…”

Section: Performance Evaluation Metrics For Tbsmentioning

confidence: 99%

A Survey on Modality Characteristics, Performance Evaluation Metrics, and Security for Traditional and Wearable Biometric Systems

2019

View full text Add to dashboard Cite

Biometric research is directed increasingly towards Wearable Biometric Systems (WBS) for user authentication and identification. However, prior to engaging in WBS research, how their operational dynamics and design considerations differ from those of Traditional Biometric Systems (TBS) must be understood. While the current literature is cognizant of those differences, there is no effective work that summarizes the factors where TBS and WBS differ, namely, their modality characteristics, performance, security and privacy. To bridge the gap, this paper accordingly reviews and compares the key characteristics of modalities, contrasts the metrics used to evaluate system performance, and highlights the divergence in critical vulnerabilities, attacks and defenses for TBS and WBS. It further discusses how these factors affect the design considerations for WBS, the open challenges and future directions of research in these areas. In doing so, the paper provides a big-picture overview of the important avenues of challenges and potential solutions that researchers entering the field should be aware of. Hence, this survey aims to be a starting point for researchers in comprehending the fundamental differences between TBS and WBS before understanding the core challenges associated with WBS and its design. A. Sundararajan et al. • TBS consider each modality of the user as a separate entity while WBS consider the entire user (along with all of their individual modalities) as one [152] • TBS can be optionally connected to the Internet, while WBS are inherently online, exploiting the principles of Internet of Everything (IoE) [178] • The authentication and identification processes for TBS are static and user-initiated while for WBS are dynamic and autonomous

show abstract

“…To initially test the scanners reliability, one selected participant's results from the enrolment stage of scanning was recorded. This enrolment process involved the participant producing a reference for each subsequent identification (Fernandez-Saavedra et al, 2013). Each cast was then tested 30 times per participant; in total 180 attempts were made.…”

Section: Vahine Gelatine Powdermentioning

confidence: 99%

Challenging USB fingerprint scanner security protocol: a methodology using casting agents to capture digit and latent ridge detail to enable access

McKenna

Butler

2016

IJBM

View full text Add to dashboard Cite

Fingerprint scanners are used as a form of control with access limited to the beholder of the ridge detail. However, to what extent these devices are capable of providing that control has not been fully explored. This study tested the reliability of a fingerprint scanner in accessing enrolled fingerprint data, when faced with the challenge of fake fingerprints. Ridge detail casts were crafted from moulds, with gelatine and silicone being applied as casting agents. The second stage required participants to place fingerprints on a bottle or tile; these latent impressions were subsequently powdered using Magneta Flake. Provil, a forensic casting material was applied directly onto the powder, creating simulated fingerprints from a latent print. Each of the produced fingerprints then went through a scanning process. All materials tested were able to gain access through the participants' enrolled data. This suggests potential unreliability of the fingerprint scanner in storing pertinent data.

show abstract

Evaluation of biometric system performance in the context of Common Criteria

Cited by 5 publications

References 10 publications

Proposal and Validation of a Standard Protection Profile for Homologation of Commercial Videoconferencing Equipment

Proposal and Validation of a Standard Protection Profile for Homologation of Commercial Videoconferencing Equipment

A Survey on Modality Characteristics, Performance Evaluation Metrics, and Security for Traditional and Wearable Biometric Systems

Challenging USB fingerprint scanner security protocol: a methodology using casting agents to capture digit and latent ridge detail to enable access

Contact Info

Product

Resources

About