Biometrics Evaluation and Testing

Biometric systems have special characteristics that need to be considered during formal security evaluations (specifically in evaluations according to Common Criteria).

On the one hand, biometric system do not work as deterministically as other mechanisms for authentication. The authentication performance of biometric has certain error rates that determine, how often a non-enrolled user is recognized. Such error rates have to be considered during a Common Criteria evaluation.

On the other hand, many biometric systems are vulnerable against very simple kind of attacks, so called spoofing or presentation attacks. In these attacks, the biometric characteristics of a legitimate user is forged (e.g. using a gummy finger) and presented to the system. Nowadays there are biometric systems existing that claim to be resistant against these kind of attacks. An independent evaluation of this technology can contribute to the trust of users in this new technology.

For this reason, the deliverable D6.5 has been developed in the course of the project B.E.A.T. (the acronym stands for „Biometric Evaluation and Testing“). This document summarizes the consensus of the leading experts in this area. After the project has been finished in 2015, the participants started to contribute the results into the relevant standardization bodies, specifically ISO/IEC SC27 and ISO/IEC SC37.