29-08-2014, 03:47 PM
Security and Performance Evaluation Platform
of Biometric Match On Card
[attachment=67363]
Abstract—
In order to verify the identity of a cardholder user,
the typing of a PIN code is usually required, but this method
does not guarantee the verification result. Only biometrics is able
to authenticate an user as this information is strongly related
to the user. To ensure security and privacy issues (such as
the protection of the biometric data), Match On Card (MOC)
solutions have been proposed. This approach consists in storing
the biometric user’s reference and computing the verification
decision in a Secure Element (SE). The purpose of this paper is
to propose an evaluation platform on biometric MOC for testing
its performance and security. This platform allows to perform
tests given scenarios and benchmarks for comparing MOCs. We
illustrate the usefulness of this platform on a commercial MOC.
INTRODUCTION
Biometric systems are increasingly used to check or
determine the identity of an individual. Their main uses are
related to the areas of border control, physical access control
or electronic commerce. These applications may require the
use of large online biometric databases but it can cause
many security and privacy problems. In order to avoid these
problems, storage and Match On Card (MOC) for biometric
verification are increasingly made on a Secure Element (SE)
as the French passport chip. The main benefit of this solution
is to avoid the transmission of the biometric reference of the
user. The user has also the control of its own biometric data
stored in the SE. A secure element guarantees many security
issues of the biometric reference (confidentiality, integrity).
Given the issues related to the use of SE for several
applications such as border control or face to face bank
payment, it becomes very important to define a general
methodology for evaluating these embedded systems. The
objective of this paper is to propose an evaluation platform of
biometric MOC for analyzing its performance and security
Benchmark
To evaluate biometric systems, it is necessary to have
a database containing biometric data. This database ensures
that the systems are tested under the same conditions and
allows for reproducible results to compare biometric MOC.
Examples of biometric databases from research competitions
are FVC2002 or FVC2004 [22], [23]. Moreover, it is also
interesting to perform tests of the same MOC when we
use multiple databases acquired under different conditions
(biometric sensor, population, environment, etc.). It is also
necessary to define test scenarios (number of biometric data
for enrollment, number of data for testing . . . ).
D. Platforms
With regard to platforms, there are quite a few in the
literature. We can already cite the NIST platform [2], which
is used in their annual research competitions. It allows
manufacturers to test their MOC or minutiae extractors, in
terms of interoperability. In the NIST report, information on
FAR (False Acceptance Rate) and FRR (False Rejected Rate)
rates for every MOC and different extractors are disseminated.
CONCLUSION AND PERSPECTIVES
We proposed in this paper an evaluation platform of
biometric MOC. It allows to test some aspects of security
and performance. Its modular architecture allows simple
evolution by integrating new attacks or metrics. It is very
easy to adapt the analysis of a MOC through xml files. We
illustrate how it works on a few points on a commercial MOC.
of Biometric Match On Card
[attachment=67363]
Abstract—
In order to verify the identity of a cardholder user,
the typing of a PIN code is usually required, but this method
does not guarantee the verification result. Only biometrics is able
to authenticate an user as this information is strongly related
to the user. To ensure security and privacy issues (such as
the protection of the biometric data), Match On Card (MOC)
solutions have been proposed. This approach consists in storing
the biometric user’s reference and computing the verification
decision in a Secure Element (SE). The purpose of this paper is
to propose an evaluation platform on biometric MOC for testing
its performance and security. This platform allows to perform
tests given scenarios and benchmarks for comparing MOCs. We
illustrate the usefulness of this platform on a commercial MOC.
INTRODUCTION
Biometric systems are increasingly used to check or
determine the identity of an individual. Their main uses are
related to the areas of border control, physical access control
or electronic commerce. These applications may require the
use of large online biometric databases but it can cause
many security and privacy problems. In order to avoid these
problems, storage and Match On Card (MOC) for biometric
verification are increasingly made on a Secure Element (SE)
as the French passport chip. The main benefit of this solution
is to avoid the transmission of the biometric reference of the
user. The user has also the control of its own biometric data
stored in the SE. A secure element guarantees many security
issues of the biometric reference (confidentiality, integrity).
Given the issues related to the use of SE for several
applications such as border control or face to face bank
payment, it becomes very important to define a general
methodology for evaluating these embedded systems. The
objective of this paper is to propose an evaluation platform of
biometric MOC for analyzing its performance and security
Benchmark
To evaluate biometric systems, it is necessary to have
a database containing biometric data. This database ensures
that the systems are tested under the same conditions and
allows for reproducible results to compare biometric MOC.
Examples of biometric databases from research competitions
are FVC2002 or FVC2004 [22], [23]. Moreover, it is also
interesting to perform tests of the same MOC when we
use multiple databases acquired under different conditions
(biometric sensor, population, environment, etc.). It is also
necessary to define test scenarios (number of biometric data
for enrollment, number of data for testing . . . ).
D. Platforms
With regard to platforms, there are quite a few in the
literature. We can already cite the NIST platform [2], which
is used in their annual research competitions. It allows
manufacturers to test their MOC or minutiae extractors, in
terms of interoperability. In the NIST report, information on
FAR (False Acceptance Rate) and FRR (False Rejected Rate)
rates for every MOC and different extractors are disseminated.
CONCLUSION AND PERSPECTIVES
We proposed in this paper an evaluation platform of
biometric MOC. It allows to test some aspects of security
and performance. Its modular architecture allows simple
evolution by integrating new attacks or metrics. It is very
easy to adapt the analysis of a MOC through xml files. We
illustrate how it works on a few points on a commercial MOC.