Workshop Paper

Quantitative Security Evaluation of a Multi-biometric Authentication System

PDF Online

Authors Leonardo Montecchi Paolo Lollini Andrea Bondavalli Ernesto La Mattina
Abstract
Biometric authentication systems verify the identity of users by relying on their distinctive traits, like fingerprint, face, iris, signature, voice, etc. Biometrics is commonly perceived as a strong authentication method; in practice several well-known vulnerabilities exist, and security aspects should be carefully considered, especially when it is adopted to secure the access to applications controlling critical systems and infrastructures. In this paper we perform a quantitative security evaluation of the CASHMA multi-biometric authentication system, assessing the security provided by different system configurations against attackers with different capabilities. The analysis is performed using the ADVISE modeling formalism, a formalism for security evaluation that extends attack graphs; it allows to combine information on the system, the attacker, and the metrics of interest to produce quantitative results. The obtained results provide useful insight on the security offered by the different system configurations, and demonstrate the feasibility of the approach to model security threats and countermeasures in real scenarios.
DOI 10.1007/978-3-642-33675-1_19
Event Workshop on Dependable and Secure Computing for Large-scale Complex Critical Infrastructures (DESEC4LCCI 2012)
Main Event International Conference on Computer Safety, Reliability, and Security (SAFECOMP 2012)
Venue Magdeburg, Germany
Date September 24-28, 2012
Pages 209-221
Publisher Springer
Series LNCS
Volume 7613
ISBN PRINT: 978-3-642-33674-4
ELECTRONIC: 978-3-642-33675-1
Citation
Bibtex
@inproceedings{2012DESEC4LCCI,
  author = {Montecchi, Leonardo and Lollini, Paolo and Bondavalli, Andrea and La Mattina, Ernesto},
  title = {{Quantitative Security Evaluation of a Multi-biometric Authentication System}},
  booktitle = {Workshop on Dependable and Secure Computing for Large-scale Complex Critical Infrastructures (DESEC4LCCI 2012)},
  address = {Magdeburg, Germany},
  date = {2012-09-24/2012-09-28},
  pages = {209-221},
  year = {2012}
}

Plain Text
L. Montecchi, P. Lollini, A. Bondavalli, E. La Mattina. Quantitative Security Evaluation of a Multi-biometric Authentication System. In: Workshop on Dependable and Secure Computing for Large-scale Complex Critical Infrastructures (DESEC4LCCI 2012), pp. 209-221. Magdeburg, Germany, September 24-28, 2012.
 
 

© 2017-2022 Leonardo Montecchi