ABSTRACT

Biometric security is a topic of rapidly growing importance, especially as it applies to user authentication and key generation. In this talk, we describe our initial steps toward developing evaluation methodologies for behavioral biometrics that take into account threat models which have largely been ignored. We argue the pervasive assumption that forgers are minimally motivated (or, even worse, naive), or that attacks can only be mounted through manual effort, is too optimistic and even dangerous. To illustrate our point, we analyze a handwriting-based system used for key generation and show that the standard approach of evaluation over-estimates the security of the system by almost 400%.

We also describe a "generative attack" model based on concatenative synthesis that can provide a rapid indication of the security afforded by a biometric system. For the case of handwriting we show that accurate generative models for a targeted user's handwriting can be developed based only on captured static (offline) samples combined with pen-stroke dynamics learned from general population statistics. In fact, these generative attacks match or exceed the effectiveness of forgeries rendered by skilled humans in our study.

This is joint work with Lucas Ballard (JHU) and Daniel Lopresti (Lehigh).

BIOGRAPHY

Fabian Monrose is an assistant professor of Computer Science at Johns Hopkins University. Previously, he was a member of the Secure Systems Group at Bell Labs, Lucent Technologies. His interests include computer and network security, applied crypto, biometrics and (more recently) modeling Internet malware.