ABSTRACT
Biometric security is a topic of rapidly growing importance, especially as
it applies to user authentication and key generation. In this talk, we
describe our initial steps toward developing evaluation methodologies for
behavioral biometrics that take into account threat models which have largely
been ignored. We argue the pervasive assumption that forgers are minimally
motivated (or, even worse, naive), or that attacks can only be mounted through
manual effort, is too optimistic and even dangerous. To illustrate our point,
we analyze a handwriting-based system used for key generation and show that the
standard approach of evaluation over-estimates the security of the system by
almost 400%.
We also describe a "generative attack" model based on concatenative
synthesis that can provide a rapid indication of the security afforded by a
biometric system. For the case of handwriting we show that accurate generative
models for a targeted user's handwriting can be developed based only on
captured static (offline) samples combined with pen-stroke dynamics learned
from general population statistics. In fact, these generative attacks match or
exceed the effectiveness of forgeries rendered by skilled humans in our study.
This is joint work with Lucas Ballard (JHU) and Daniel Lopresti (Lehigh).
BIOGRAPHY
Fabian Monrose is an assistant professor of Computer Science at Johns
Hopkins University. Previously, he was a member of the Secure Systems Group at
Bell Labs, Lucent Technologies. His interests include computer and network
security, applied crypto, biometrics and (more recently) modeling Internet
malware.