IOT
“ On the smart device , people may set them up initially and forget they are essentially ‘ logged in ’ all the time ”
STEVEN FURNELL IEEE SENIOR MEMBER AND PROFESSOR OF CYBER SECURITY , UNIVERSITY OF NOTTINGHAM
Types of biometric attacks
Presentation attacks Presentation attacks involve an impostor using an artefact of some kind to mimic an individual who has been enrolled in the system .
Sensor output interception An attacker may seek to modify or intercept the data output from the sensor . A previously captured sample might be replayed , or a captured biometric sample could be substituted with biometric data of a different individual at enrolment .
Reference and database-related vulnerabilities An attacker may target data during transmission , or in storage by the biometric system . For example , a biometric reference in the enrolment database could be modified to include the biometric features of an impostor .
Integrity of enrolment The enrolment process could be subverted , allowing the acceptance of inappropriate enrolment data . Alternatively , if an enrolment record contains biometric data of two individuals , this may allow one to impersonate the other .
System attacks Attacks against the underlying IT on which the biometric system runs are certainly feasible and must be considered in cases where the assets being protected are of significant value and where the attackers are relatively sophisticated .
Denial of service attacks All systems are vulnerable to denial of service attacks . In the case of a biometric system , this will divert subjects to the exception handling system . It is therefore important that this fallback system is no less secure than the biometric system .
Insider threat All security systems are vulnerable to an attack by a trusted system administrator or operator . Due to the level of access and trust held by such people , insider attacks on a biometric system can take any of the forms outlined above . aimagazine . com 73