a risk analysis approach for biometric authentication ... · 8/10/2009 · a risk analysis approach...

12
International Journal of Network Security, Vol.2, No.1, PP.52–63, Jan. 2006 (http://isrc.nchu.edu.tw/ijns/) 52 A Risk Analysis Approach for Biometric Authentication Technology ArslanBr¨omme AGN Science & Research Group, Department of Informatics University of Hamburg (Email: [email protected]) (Received July 10, 2005; revised and accepted Aug. 12, 2005) Abstract Current approaches for risk analysis of biometric au- thentication technology are limited to enrollment and identification/verification processes with biometric algo- rithms mainly considered as black-boxes, only. This paper presents a systematic approach for a holistic security risk analysis of biometric authentication technology based on the high-level component & process model for integrated security risk analysis of biometric authentication technol- ogy, also proposed here. The processes and components used within this model are introduced together with a comprehensive terminology for biometric authentication technology especially developed for the research area of IT security biometrics. Biometric authentication risk matri- ces are used to show that single possible risk effect classes can be identified. A discussion on the enabled possibil- ities for risk analysis shows the significant advantage of this integrated approach for holistic security risk analysis of biometric authentication technology in comparison to other approaches. Keywords: Authentication, biometric authentication tech- nology, holistic security risk analysis, IT security biomet- rics, risk analysis 1 Introduction After having established the legal basis for the broad us- age of biometric technology the adequate evaluation of resulting technical and societal risks in a holistic manner is of high importance. With the already started interna- tional governmentally supported standardization projects and working groups (for instance ISO/IEC SC 37) for biometric person identification and authentication tech- nology, it can be stated that biometric technology should be available for example with standardized data formats for biometric data interchange, communication protocols, and unified programming interfaces for enabling the in- teroperability of different biometric systems and compo- nents in existing (national) information and communica- tion technology (ICT) infrastructures. Biometric technol- ogy for person authentication, identification, surveillance, and other applications itself contains core processes and components, which are the main subject of the risk anal- ysis and evaluation approach in this paper. The paper starts with selected terminology from IT security biomet- rics, privacy, safety, performance, and security risk anal- ysis for biometric authentication technology and a com- prehensive approach for biometric authentication systems in Section 2. In Section 3 a high-level component & pro- cess model for integrated security risk analysis of biomet- ric authentication technology is presented. A holistic se- curity risk analysis approach for biometric authentication technology based on the predefined model and on biomet- ric authentication risk matrices is discussed in Section 4. This paper closes with conclusions in Section 5. 2 Fundamentals Fundamentals are given in two subsections dedicated to terminology (2.1) and biometric authentication systems for ICT infrastructures (2.2). 2.1 Terminology on IT Security Biomet- rics, Privacy, and Risks IT Security Biometrics. For authentication, identifi- cation, and surveillance purposes IT security biometrics uses the mathematical definitions of metrics and metric spaces as explained in [2], which are defined by Weis- stein in [35]. Jain and Dubes are defining in [13, 19] dis- tance measures based on the Minkowski metric d(i, k)= ( d j=1 |x ij - x kj | r ) 1 r , where r 1 and x (i|k)j is the j th feature of the (i |k )th pattern in a pattern matrix. The Minkowski metric defines for r = 2 the Euclidean dis- tance, for r = 1 the Manhattan distance, and for r →∞ the sup distance. If all features are binary the Manhat- tan distance is called Hamming distance, which is known from the comparison of iris codes (=biometric signatures)

Upload: dinhdieu

Post on 17-Apr-2018

227 views

Category:

Documents


4 download

TRANSCRIPT

Page 1: A Risk Analysis Approach for Biometric Authentication ... · 8/10/2009 · A Risk Analysis Approach for Biometric Authentication Technology Arslan Br¨omme ... curity risk analysis

International Journal of Network Security, Vol.2, No.1, PP.52–63, Jan. 2006 (http://isrc.nchu.edu.tw/ijns/) 52

A Risk Analysis Approach for Biometric

Authentication Technology

Arslan Bromme

AGN Science & Research Group, Department of Informatics University of Hamburg

(Email: [email protected])

(Received July 10, 2005; revised and accepted Aug. 12, 2005)

Abstract

Current approaches for risk analysis of biometric au-thentication technology are limited to enrollment andidentification/verification processes with biometric algo-rithms mainly considered as black-boxes, only. This paperpresents a systematic approach for a holistic security riskanalysis of biometric authentication technology based onthe high-level component & process model for integratedsecurity risk analysis of biometric authentication technol-ogy, also proposed here. The processes and componentsused within this model are introduced together with acomprehensive terminology for biometric authenticationtechnology especially developed for the research area of ITsecurity biometrics. Biometric authentication risk matri-ces are used to show that single possible risk effect classescan be identified. A discussion on the enabled possibil-ities for risk analysis shows the significant advantage ofthis integrated approach for holistic security risk analysisof biometric authentication technology in comparison toother approaches.

Keywords: Authentication, biometric authentication tech-nology, holistic security risk analysis, IT security biomet-rics, risk analysis

1 Introduction

After having established the legal basis for the broad us-age of biometric technology the adequate evaluation ofresulting technical and societal risks in a holistic manneris of high importance. With the already started interna-tional governmentally supported standardization projectsand working groups (for instance ISO/IEC SC 37) forbiometric person identification and authentication tech-nology, it can be stated that biometric technology shouldbe available for example with standardized data formatsfor biometric data interchange, communication protocols,and unified programming interfaces for enabling the in-teroperability of different biometric systems and compo-nents in existing (national) information and communica-

tion technology (ICT) infrastructures. Biometric technol-ogy for person authentication, identification, surveillance,and other applications itself contains core processes andcomponents, which are the main subject of the risk anal-ysis and evaluation approach in this paper. The paperstarts with selected terminology from IT security biomet-rics, privacy, safety, performance, and security risk anal-ysis for biometric authentication technology and a com-prehensive approach for biometric authentication systemsin Section 2. In Section 3 a high-level component & pro-cess model for integrated security risk analysis of biomet-ric authentication technology is presented. A holistic se-curity risk analysis approach for biometric authenticationtechnology based on the predefined model and on biomet-ric authentication risk matrices is discussed in Section 4.This paper closes with conclusions in Section 5.

2 Fundamentals

Fundamentals are given in two subsections dedicated toterminology (2.1) and biometric authentication systemsfor ICT infrastructures (2.2).

2.1 Terminology on IT Security Biomet-

rics, Privacy, and Risks

IT Security Biometrics. For authentication, identifi-cation, and surveillance purposes IT security biometricsuses the mathematical definitions of metrics and metricspaces as explained in [2], which are defined by Weis-stein in [35]. Jain and Dubes are defining in [13, 19] dis-tance measures based on the Minkowski metric d(i, k) =

(∑d

j=1 |xij − xkj |r)

1r , where r ≥ 1 and x(i|k)j is the j th

feature of the (i |k)th pattern in a pattern matrix. TheMinkowski metric defines for r = 2 the Euclidean dis-tance, for r = 1 the Manhattan distance, and for r → ∞the sup distance. If all features are binary the Manhat-tan distance is called Hamming distance, which is knownfrom the comparison of iris codes (=biometric signatures)

Page 2: A Risk Analysis Approach for Biometric Authentication ... · 8/10/2009 · A Risk Analysis Approach for Biometric Authentication Technology Arslan Br¨omme ... curity risk analysis

International Journal of Network Security, Vol.2, No.1, PP.52–63, Jan. 2006 (http://isrc.nchu.edu.tw/ijns/) 53

of Daugman’s method in [12]. IT security biometrics isdefined in [2]:

Definition: IT security biometrics is thestudy on person recognition methods based onthe sensing of a person’s biological characteris-tics, measuring of the captured or scanned bio-metric characteristics (raw data and sensor sys-tem calibration data), computing of biometricsignatures and biometric templates, and verify-ing and identifying against biometric templatesand (hashed) biometric signatures with regard tothe mathematical definitions of metrics and met-ric spaces. The (hashed) biometric signaturesare used for authentication purposes against andidentification and surveillance purposes by ITsystems within ICT infrastructures.

Privacy. Privacy is everyone’s fundamental human right,which is documented in the Universal Declaration of Hu-man Rights by the General Assembly of the United Na-tions [16]. In this paper a definition of privacy by Westinfrom [34] is used: “Privacy is the claim of individu-als, groups and institutions to determine for themselves,when, how and to what extent information about them iscommunicated to others”. Fischer-Hubner formulates in[14] basic privacy principles, which summarize the mostessential privacy requirements. Concerning the analysisof risks for privacy in biometric IT systems, the discus-sion focusses on the privacy principles of purpose bindingand necessity of data collection. The principle of purposebinding limits the subsequent use of personal data to thespecified purposes. The principle of necessity of data col-lection means to avoid or at least to minimize personaldata within an ICT system.

Safety and Performance Risks of Biometric Au-thentication Technology. Leveson delivers in [24] theterminology used in IT safety for defining risks. Based ona definition of hazard (level) she defines the notion of risk:“Risk is the hazard level combined with (1) the likelihoodof the hazard leading to an accident ([...] danger) and(2) hazard exposure or duration ([...] latency)”. Levesonadditionally proposes that “The likelihood of hazard oc-currence can be specified quantitatively or qualitatively.”.With regard to wider safety issues she defines the termsfailure and fault : “Failure is the nonperformance or in-ability of the system or component to perform its intendedfunction for a specified time under specified environmen-tal conditions. Fault is a higher-order event. [...] Ingeneral all failures are faults, but not all faults are fail-ures.”. Leveson further presents a distinction of faults insubcategories cited from McCormick in [27] for clarifyingthe term higher-order event. A detailed classification offaults is given by Laprie in [23]. Focussing on the aspectsof safety (e.g. reliability, availability) and performance(e.g. throughput, latency) a specific definition is usedhere:

Definition: A safety risk of biometric au-thentication technology is the risk of degra-dation of the biometric authentication system’ssafety and performance caused by failures andfaults.

Security Risk of Biometric Authentication Tech-nology. Kossakowski describes in [21] a risk manage-ment process based on the three main parts risk analysis,crisis management, and insurances, where he extends arisk analysis phase for evaluation of threats and risks byBhaskar in [1] to a control cycle subsuming: 1. initia-tion and determination of goals, 2. evaluation of threatsand risks, 2a. identification of assets, 2b. identificationand evaluation of threats, 2c. identification and evalua-tion of vulnerabilities, 2d. identification and evaluationof risks, 2e. identification and evaluation of security mea-surements, 3. selection of measurements, 4. execution ofmeasurements, and 5. control and improvement of mea-surements and personnel; goto 4. With regard to 2b.-2d. it can be concluded for a risk analysis approach forbiometric technology that threats need to be identifiedand evaluated revealing vulnerabilities from which specificrisks for biometric technology are derived. By taking thegeneral aspects of the definitions of the terms threat andvulnerability by Pfleeger and Pfleeger in [29], Bishop in[3], and Shirey in [33] into account specific definitions areused here:

Definitions: A threat to biometric authen-tication technology is the potential of a cir-cumstance or an action that causes loss of se-curity, degradation of the technology’s reliabil-ity or performance, or the harm to a person’sprivacy. The vulnerability of biometric au-thentication technology is a flaw or weaknessthat makes it possible for a threat to biometricauthentication technology to occur.

Shirey defines in [33]: “risk [...] expectation of lossexpressed as the probability that a particular threat willexploit a particular vulnerability with a particular harm-ful result.”. Kossakowski defines in [21]: “risk [...] theextent of a threat. For this the probability of the vulner-ability’s exploitation is combined with the expected degreeof damage.” (translated from German). The above IT se-curity definitions of risk are focussing on probabilities ofthreats exploiting vulnerabilities with expected harmfulresults or damages. A specific security risk is used here:

Definition: A security risk of biometric au-thentication technology is an expectation ofloss expressed as the probability that a spe-cific threat to biometric authentication technol-ogy will be exploited against a specific vul-nerability of biometric authentication technologywith potentially hazardous consequences and ef-fects.

Page 3: A Risk Analysis Approach for Biometric Authentication ... · 8/10/2009 · A Risk Analysis Approach for Biometric Authentication Technology Arslan Br¨omme ... curity risk analysis

International Journal of Network Security, Vol.2, No.1, PP.52–63, Jan. 2006 (http://isrc.nchu.edu.tw/ijns/) 54

Brunnstein defines in [8] a Security & Application RiskTraffic Light Model to cope with quantitative probabili-ties, which are difficult and sometimes impossible to de-termine for IT security (biometrics) issues. Within thismodel colors are used to indicate the probability of anexploited vulnerability, representing the risk, in a quali-tative way. Green represents a low probability, yellow amedium, and red a (very) high probability for a risk tomanifest. This approach modified for the field of appli-cation risk management has been presented in [9], wherethe colors are indicating the states of application pro-cesses ranging from green for no risk (OK), over yellowfor low risk, and orange for medium risk to red for highrisk (ALERT). Brunnstein’s model is used here as follows:

Definition: A security* risk of biometricauthentication technology is a security riskof biometric authentication technology expressedalong Brunnstein’s Security & Application RiskTraffic Light Model.

2.2 Biometric Authentication Systems

for ICT Infrastructures

A biometric authentication system can be considered asa part of a biometric authentication infrastructure wherea person is subjected to a general authentication process,which is given by [2]:

1) Enrollment:During the phase of enrollment appropriate biomet-ric raw data of a person is captured, the biometricsignature (template|class) for the biometric authen-tication is computed, and the relevant biometric andpersonal data is stored in a biometric database.

2) (Biometric) Authentication (1:c, 1:1): A per-son’s authenticity is checked by an identification(1:c) or verification (1:1) comparison of the presentcomputed biometric signature with the previouslycomputed biometric signature (template|class) in thephase of biometric authentication with(out) beingcombined with authentication methods based on aperson’s knowledge, possession, location, and time((single|multi)factor biometric authentication).

3) Authorization:Implicit and explicit authorizations are given to theperson in the authorization phase with respect tostrong and weak authorizations.

4) Access Control:In the access control phase the access to e.g. ITsystem resources or activity control within electronicbusiness processes is granted by an access manage-ment system (AMS), which can be based on the con-cepts of mandatory, discretionary, or role-based ac-cess control (M/D/RBAC).

5) Derollment and Authorization Withdrawal:In the phase of derollment and authorization with-drawal a person is derolled and the access rights, rel-evant biometric and personal data are removed froma biometric database.

A set of basic elements can be identified from whichbiometric authentication systems along the general (bio-metric) authentication process can be constructed. Theseelements are wetware entities (persons) and hardwarecomponents, biometric communication channels, biomet-ric processes for (en|de)rollment and authentication, bio-metric algorithms, biometric signatures, and biometricdatabases.

Definition: A biometric authentication sys-tem is defined as a set of hardware compo-nents, processes, algorithms, data structures,and databases fulfilling internal and/or exter-nal communication between the elements for thepurpose of biometric authentication.

Biometric Processes. Based on the general (biomet-ric) authentication process four core processes can beidentified: sensing and biometric (en|de)rollment andauthentication processes. Figure 1 shows the biometric(en|de)rollment processes from [2] and the extension ofthe biometric authentication process from [2, 7].

Definitions: Biometric enrollment is theprocess of training a person’s biometric(characteristics|patterns) into a biometricperson recognition system and storing ofthe biometric data in a biometric database.Biometric authentication is the process ofverifying a person’s claimed identity by com-parison of a computed biometric signature fromthe person’s biometric (characteristics|patterns)against a stored biometric template. Biomet-ric derollment is the process of detraininga person’s biometric (characteristics|patterns)from a biometric person recognition system andremoval of the biometric data from a biometricdatabase.

A sensing process within an (active) sensor system isused, which delivers a human-sensor-system-interface forcapturing/scanning a person’s biological characteristics.The capturing/scanning process results in biometric rawdata and sensor system calibration data, called biomet-ric characteristics. The captured data is handed overto the biometric (en|de)rollment or authentication algo-rithm. For authentication the authorized users are as-sumed to be already enrolled and their biometric tem-plates to be stored in a secure biometric database.

Biometric Algorithms. Within the sequential bio-metric processes for (en|de)rollment and authentica-tion several algorithms – also called modules with re-gard to their implementations – are used for differ-ent computations (Figure 1): P : preprocessing, Q:

Page 4: A Risk Analysis Approach for Biometric Authentication ... · 8/10/2009 · A Risk Analysis Approach for Biometric Authentication Technology Arslan Br¨omme ... curity risk analysis

International Journal of Network Security, Vol.2, No.1, PP.52–63, Jan. 2006 (http://isrc.nchu.edu.tw/ijns/) 55

Figure 1: Biometric sensing, enrollment, authentication, and derollment processes for (Single|Multi)factor and(Mono|Multi)modal biometric authentication systems

Page 5: A Risk Analysis Approach for Biometric Authentication ... · 8/10/2009 · A Risk Analysis Approach for Biometric Authentication Technology Arslan Br¨omme ... curity risk analysis

International Journal of Network Security, Vol.2, No.1, PP.52–63, Jan. 2006 (http://isrc.nchu.edu.tw/ijns/) 56

quality check/enhancement & decision, N : normaliza-tion, S: biometric signal processing, B: computa-tion/hashing of biometric signature, C [en-/derollment]:[re](clustering/classifying), and D [authentication]: com-parison & decision algorithm. Homonymously, completebiometric processes are called biometric algorithms due totheir application-specific dedication as parts of biometricauthentication systems. Here a biometric algorithm is de-fined as follows:

Definition: In the broader sense a biomet-ric (enrollment | authentication | deroll-ment) algorithm is an algorithm for the en-rollment, authentication, or derollment of a per-son’s biometric characteristics against a biomet-ric (authenti|identifi)cation system or abortionof an attempt. In the narrower sense a biomet-ric algorithm is a biometric signal processingalgorithm used within (en|de)rollment and au-thentication.

Definitions: A biometric signature is a (bin|n-)ary coded representation of biometric charac-teristics for (distributed) computing systems. Abiometric template is a biometric signature(class|cluster) representing a set of biometric sig-natures. Biometric signatures/templates can behashed which results in hashed biometric sig-natures/templates.

Biometric Databases. According to [5] a biometricdatabase is defined as:

Definitions: A biometric database is adatabase which holds data about biometric char-acteristics, biometric signatures, and personaldata. A biometric database which subsumes bio-metric characteristics (raw data and calibrationdata), biometric signatures, personal data, anda rule-based access control mechanism is definedto be a complete biometric database. A par-tial biometric database represents a subset of acomplete biometric database.

Biometric Communication Channels. A threat forbiometric authentication via insecure networks is given byreplay attacks. A concept of a technical solution for thisproblem is presented in Figure 2 by using an active sensorsystem with an emitter for security information, which iscontrolled over a control channel by a biometric authen-tication server. The biometric raw data with the addedsecurity information is captured and transferred to theserver over the data channel. The server accepts receivedbiometric raw data, if the expected and valid security in-formation is included. The cryptographic secured controland data channels, the active sensor system and securityinformation enhanced biometric raw data are defined to-gether as secure biometric communication channels.

3 A High-Level Component &

Process Model for Integrated

Security Risk Analysis of Bio-

metric Authentication Technol-

ogy

In this section a high-level component & process model forintegrated security risk analysis of biometric authentica-tion technology (ComProMiSe·Risk·of·BiT) (Figure 3) isintroduced, which is at least applicable for security anal-ysis methods of attack trees by Schneier in [32], safetyanalysis methods of fault trees like e.g. by Leveson in [24],performance testing methods like e.g. by Bolle et al. in[4], and privacy related analysis like taught by Fischer-Hubner and Brunnstein. According to the BSI in [10]security attacks on biometric technology can be classifiedusing three basic categories: 1. sensor attacks (copy,falsification, similarity attacks), 2. data communica-tion attacks (replay attacks), and 3. database attacks(integrity attacks). The model introduced here extendsthis set of categories by a fourth category 4. compu-tation attacks and, therefore, delivers a detailed under-standing of the biometric processes used in biometric au-thentication technology as defined here (2.2). This newcategory with strong relation to security attacks is thestarting point for the notion of the model to extend allfour categories to risks integrating (classical|holistic) se-curity, safety, performance, and privacy aspects: 1. cap-ture risks, 2. transmission risks, 3. storage risks,and 4. computation risks. In Figure 3 the main com-ponents of biometric authentication technology are listedon the top level high-level methods with the methods cap-ture, transmission, storage, and computation. On the levelbelow, titled high-level processes/functions, the differentprocesses for the components of the upper level can befound. The capture method includes a sensing process.The transmission method is associated with processes ofsending, receiving, and (en|de)cryption. The method stor-age is related with processes of query, update, and write.Finally, the computation method is combined with pro-cesses for (en|de)rollment and authentication. Biometricauthentication technology investigated in the granularityof high-level processes enables black box tests, which arelimited in behalf of more detailed evaluation and testingwithin risk analysis procedures integrating aspects of se-curity, privacy, safety, and performance. The scope of themodel presented here includes another level titled high-level process components/function modules which enablesthe study on risks based on process components/functionmodules preprocessing P, quality check/enhancement &decision Q, normalization N, biometric signal process-ing S, computation/hashing of biometric signature/s B,[re](clustering|classifying) C [en-/derollment], and com-parison & decision D [authentication] within the bio-metric processes (2.2) in addition to the componentsof the other high-level methods. A subdivision of the

Page 6: A Risk Analysis Approach for Biometric Authentication ... · 8/10/2009 · A Risk Analysis Approach for Biometric Authentication Technology Arslan Br¨omme ... curity risk analysis

International Journal of Network Security, Vol.2, No.1, PP.52–63, Jan. 2006 (http://isrc.nchu.edu.tw/ijns/) 57

Figure 2: Secure biometric communication channel (biochannel)

high-level process components/function modules revealssub-level processes/functions and sub-level process com-ponents/function modules, which are out of the model’sscope due to their algorithm-specific content.

What types of risks can be discussed with themodel? The model enables different types of singleand integrated risks to be discussed specifically forbiometric authentication technology: classical security,privacy, safety, performance, and holistic security risks.The classical security risks are based on the criteria ofconfidentiality (e.g. secrecy, authenticity), integrity, andavailability. The availability aspect obviously reveals thateven in first approaches security risks are considered as anintegrated aspect. Within the determination of classicalsecurity risks both qualitative and quantitative analysishas been done. One main research aspect are attacksthreatening the resources and systemic assets by exploit-ing vulnerabilities. The understanding of faults has beeninherited from IT safety for discussing availability. Pri-vacy risks are mainly a qualitative analysis criterion andcan be explained by considering misuses which can be(non-)intentional. Research aspects in privacy analysisare e.g. anonymity, pseudonymity, purpose binding ofdata processing, and necessity of data collection like pre-sented by Fischer-Hubner in [14]. Research has also beendone with regard to safety risks defined on hazards andwhich are based on an understanding of faults for dis-cussing e.g. aspects of reliability and availability. Astrong relation is given to performance analysis methodsfor explaining faults based on failures. The quantitativeaspect of performance risks (e.g. throughput, latency)can be discussed using the criterion failures, which isjointly used within safety and performance risk analysis.Current IT security discussions are integrating aspects ofclassical security risks, privacy risks, safety, performance,and other relevant risks into a joint holistic understandingof risks for IT systems. For this model a holistic securityrisk is understood with regard to a technical system’sfunctionalities in order to integrate different risk crite-rions into a joint view. Furthermore it is assumed thatsecurity, privacy, safety, and performance requirements in

all life cycle phases of biometric authentication technologycan be explained as functionalities. Brunnstein defines in[11]: “A program’s or module’s or object‘s functional-

ity is characterized by the set of all specifications, formalor informal, from which information about ’proper work’of a program can be concluded, and from which certainundesired functions can be excluded.”. The holistic riskcriterion shall be defined on the core notion of dysfunc-tionality by Brunnstein in [11]: “A software or module iscalled dysfunctional when at least one function deviatesfrom the specification.”:

Definition: A holistic security(*) risk of bio-metric authentication technology is a secu-rity(*) risk of biometric authentication technol-ogy which is based on dysfunctional biometricauthentication technology with regard to secu-rity, privacy, safety, and performance describedalong the high-level component & process modelfor integrated security risk analysis of biometricauthentication technology.

4 A Discussion on a Holistic Secu-

rity Risk Analysis Approach for

Biometric Authentication Tech-

nology

This section evaluates related security risk analysis ap-proaches (4.1) and performance evaluation approaches(4.2). Finally, a holistic risk analysis approach enabledby the ComProMiSe·Risk·of·BiT model from Section 3 isproposed (4.3).

4.1 Evaluation of Related Security Risk

Analysis Approaches

Only few partial risk analysis studies with relation tobiometric authentication systems exist. Selected relatedwork, initiated and supervised mainly by Brunnstein andBromme, is evaluated against the understanding of holis-

Page 7: A Risk Analysis Approach for Biometric Authentication ... · 8/10/2009 · A Risk Analysis Approach for Biometric Authentication Technology Arslan Br¨omme ... curity risk analysis

International Journal of Network Security, Vol.2, No.1, PP.52–63, Jan. 2006 (http://isrc.nchu.edu.tw/ijns/) 58

Figure 3: High-Level Component & Process Model for integrated Security Risk Analysis of Biometric AuthenticationTechnology (ComProMiSe·Risk·of·BiT)

tic security(*) risk of biometric authentication technol-ogy as defined here. Capture Risks. A risk analy-sis approach of biometric systems is presented in [28] byPaulsen. Within this work a qualitative risk analysis ap-proach, which is based on a model and terminology byBromme, focussing on sensor attacks is discussed for fin-gerprint, face, hand geometry, iris, and speaker recogni-tion. Aspects of attacks against operating systems andorganizational risks are described. With regard to theholistic security(*) risk of biometric authentication tech-nology Paulsen’s work supports no qualitative risk analy-sis on the training algorithms of biometric authenticationsystems and delivers neither a risk analysis discussion onthe methods of transmission, storage, nor computation.Transmission Risks. Froehling describes in [15] an en-crypted transmission channel for biometric data based onthe idea and concept of secure biometric channels (2.2)by Bromme. This work finally avoids to deliver the in-tended qualitative risk analysis approach with focus onthe transmission of biometric data and presents the proto-typical development of the communication channel, only.With regard to the holistic security(*) risk of biometricauthentication technology Froehling’s work is neither dis-cussing a single transmission risk analysis approach noran integrated risk analysis approach. Storage Risks.Kronberg presents in [22] a.o. an approach integratingan iris recognition method into Windows NT/2k’s logon.In behalf of integrating the algorithm and storing and ac-cessing computed biometric signatures/templates and theusers’ verification information, he studies different loca-tions for biometric databases. Kronberg discusses partialresulting risks for biometric databases from different at-

tack types within Windows. A discussion on holistic se-curity(*) risks of biometric authentication technology likeproposed here is not delivered. Computation Risks.Johns studies in [20] the applicability of wavelet transfor-mations for biometric authentication with strong focus onthe mathematics of wavelets. For the link to IT securityJohns uses the terminology and parts of the model fromBromme’s previous work and demonstrates the applica-bility of the biometric authentication process from [7] fortesting and evaluation of an iris recognition algorithm’sreliability and performance. With regard to the holis-tic security(*) risk of biometric authentication technologyJohns’ work supports a single partial risk analysis of bio-metric algorithms only and enables neither an integratednor a holistic risk analysis approach.

4.2 Evaluation of Selected Performance

Testing Approaches of Biometric Al-

gorithms and Systems

Assuming that biometric systems and algorithms are un-derstood as pure pattern recognition systems and algo-rithms test and evaluation approaches regarding theirperformance exist. An introduction to evaluating bio-metric systems with strong regard to their performance isgiven by Phillips et al. in [31]. Here some characteristicsfor ideal biometric systems are assumed: all members of apopulation possess the needed biometric characteristic forrecognition, every biometric signature differs from all oth-ers within the controlled population, biometric signaturesdon’t vary under the conditions in which they are col-lected, and the biometric system resists countermeasures.

Page 8: A Risk Analysis Approach for Biometric Authentication ... · 8/10/2009 · A Risk Analysis Approach for Biometric Authentication Technology Arslan Br¨omme ... curity risk analysis

International Journal of Network Security, Vol.2, No.1, PP.52–63, Jan. 2006 (http://isrc.nchu.edu.tw/ijns/) 59

The evaluation is understood as the quantification of howwell biometric systems meet these properties. Phillips etal. present performance evaluations (focussing their re-sults on the false alarm/reject rate - different terms forfalse acceptance/rejection rate) done within laboratoryand/or scenario tests at the NIST with regard to face(face recognition technology - FERET 1993-98), voice,and fingerprint recognition. The FERET tests have beenfollowed by face recognition vendor tests (FRVT) in 2000-02. Phillips et al. are presenting within the FRVT 2002report [30] an evaluation methodology for face recogni-tion systems which is claimed to be adequate for generaltesting of biometric systems. The FRVT tests are alsofocussing on performance aspects. The herein used spe-cific performance measures medium computational inten-sity (MCInt) and high computational intensity (HCInt)were generated for the evaluation of large-scale real worldapplications. For fingerprint verification several interna-tional fingerprint verification competitions (FVC) wereexecuted in 2000-02 and initiated for 2004. Like reportedby Maio et al. in [25] these tests of pattern recognitionapplications focus on measuring the performance of thesubmitted fingerprint recognition algorithms along a pre-defined protocol. The genuine and imposter score dis-tributions, false (non-)match rates (F(N)MR), receiveroperating curves (ROC), and enrollment and matchingtimes were determined, recorded and compared. A gen-eral approach for testing and reporting the performanceof biometric devices has been presented by Mansfield andWayman in [26]. They acknowledge that technical per-formance testing is only a single form of biometric test-ing. Other types of testing, like e.g. reliability, availabil-ity, maintainability, vulnerability, security, and more, arelisted within this report but are explicitly not addressed.So far it can be concluded that none of the performancetesting approaches presented above enables a discussionon holistic security(*) risks of biometric authenticationtechnology like proposed here.

4.3 Towards a Holistic Security Risk

Analysis Approach for Biometric Au-

thentication Technology

By studying security risks of biometric authenticationmethods, researchers come to more secure and reliableprototypical research solutions like presented for instancewith multimodal biometric methods (biometric fusiontechniques) by Hong and Jain in [17] and with multi-factor multimodal biometric authentication methods byBromme in [6]. Based on adapted fault trees for se-curity analyses, introduced by Schneier in [32] as at-tack trees, a general attack tree for different types ofbiometric methods can be constructed showing a se-curity risk analysis in a qualitative way (Figure 4).By increasing the complexity of the biometric authen-tication method from (single|multi)factor monomodal to(single|multi)factor multimodal biometric authenticationmethods, a higher security benefit is produced. From a

non-holistic security engineering point of view multifac-tor multimodal biometric authentication methods shouldbe preferred with regard to (high) security requirements.This result enables a lot of research potential for promis-ing innovative biometric authentication approaches. In-stances from the application class of multifactor multi-modal biometric authentication technology can be devel-oped for fulfilling technical requirements for performance,safety (reliability), and classical security (confidentiality,integrity, availability). Therefore, the described type ofbiometric authentication technology from Section 2.2 canbe used to derive different design patterns for modulariza-tion and interfaces of processes and components. Singletechnical risk analysis approaches and methods can showrisks with regard to specific aspects like safety and perfor-mance issues. By also considering integrated risk analysisapproaches like in classical security, generic data formatsand interfaces between communicating modules and pro-cesses have to be defined for enabling an integrated viewand evaluation of the resulting combined or overall sys-tem risks. So far, pure technical development methods forminimizing risks can be used as long as the different tech-nical requirements from the different technical fields arefulfilled within an integrated system. For the technicalaspects of security, safety, and performance it can be con-cluded for a holistic security risk analysis approach forbiometric authentication technology that a well-definedunderstanding of the processes and components involvedin the used biometric technology is necessary (2.2). Fora holistic security risk analysis it can also be concludedthat it is of little help that processes and componentsof biometric technology are covered as so called companysecrets. Within a holistic security risk analysis approachalso non-technical but societal demands arise, for examplefrom the field of privacy. Here a simple technical solutionfor biometric systems with strong regard to the classi-cal security aspect of confidentiality (especially secrecy)is stated for instance by Jain in [18] with a slide showing“Protect the template!” (it has not been stated to pro-tect the biometric raw data). This statement implies thatthe uncontrolled collection and storage of biometric (raw)data can be done as long as a protection mechanism inform of cryptographic security or organizational and gov-ernmental policies exists. From a holistic security point ofview, this is a restricted view on privacy-enhancing bio-metric authentication technology for bypassing the tech-nical problems arising with privacy demands directly in-fluencing the system design of biometric authenticationtechnology down to very low technological levels. WithWestin’s understanding of privacy in mind it can be obvi-ously concluded that individuals, groups and institutionscannot determine for themselves, when, how and to whatextent information about them is communicated to othersdue to the fact that a different type of biometric technol-ogy with controlled collection, storage, and if demandedavoidance of biometric (raw) data depending on the pur-pose of usage is not offered, even if a development of sucha system is possible. Based on this knowledge there is

Page 9: A Risk Analysis Approach for Biometric Authentication ... · 8/10/2009 · A Risk Analysis Approach for Biometric Authentication Technology Arslan Br¨omme ... curity risk analysis

International Journal of Network Security, Vol.2, No.1, PP.52–63, Jan. 2006 (http://isrc.nchu.edu.tw/ijns/) 60

Figure 4: General attack trees for (single|multi)factor (mono|multi)modal biometric authentication methods

a need of a systematic approach for finding holistic se-curity risks in biometric authentication technology as abasis for risk analysis and evaluation. One such approachis presented here by using biometric authentication riskmatrices.

Enabling Holistic Security Risk Analysis byusing Biometric Authentication Risk Matri-ces. Within this section biometric authentica-tion risk matrices, which are based on the modelComProMiSe·Risk·of·BiT, are introduced to systemati-cally show and selectively discuss aspects of the area ofholistic security risks for biometric authentication tech-nology. A risk matrix for biometric authentication meth-ods is constructed from the elements (processes and com-ponents) used within the method with the intention toshow specific scopes of potential risk interrelations be-tween these elements. A potential for a risk interrelationis given if there is no assumption or no evidence for theabsence of a risk. The relation ⊥ between these elementsis called has potential risk effect on. If there exists at min-imum one case confirming this risk effect then ⊥ changesto ` representing has risk effect on. If there is an as-sumption or for sure no risk effect then the symbols ± forhas no potential risk effect and > for has no risk effectare used. Processes are abbreviated with small latin let-ters and components with capital latin letters. The place-holder ? remains empty or can be replaced by specific riskaspects of security, privacy, safety, and performance.The symbol � is a placeholder that remains empty or canbe replaced by attack, misuse, fault, and failure (Ta-ble 1).

The risk matrix in Table 2 visualizes the potential riskeffects between the three main biometric processes. Thematrix entry e�⊥?a represents in general risk influences ofbiometric enrollment processes on biometric authentica-tion processes. This can be instantiated for example withefaul⊥safea describing a less reliable enrollment processwhich has a potential safety risk effect on the authenti-cation process resulting in the false recognition and/or

acceptance of persons. Another example is given withmatrix entry d�⊥?a of Table 2 as representation of gen-eral risk influences of biometric derollment processes onbiometric authentication processes. Given the instanti-ation of an attack for a derollment process dattc⊥secuaa potential security risk effect on a subsequent authen-tication process can arise resulting for example in thenon-derollment of the selected person or derollment of athird not selected person with the intention to later onfalsely recognize and/or accept the person which shouldbe derolled. It can be concluded that the flexibility ofthe �⊥? relation in combination with the risk matrix en-ables the systematic discussion of holistic security risksbased on different security risks between the processes for(en|de)rollment and authentication. By taking the com-ponents of the three main processes into account a morecomplex matrix (Table 3), called full biometric authen-tication risk matrix, can be generated to show the riskinterrelations between the process components and theprocesses with regard to the single risk aspects describedby the �⊥? relation. From the overall more than seventhousand1 single possible risk effect classes (PREC) givenhere, three attack examples are introduced (emphasizedin Table 3) to demonstrate the strength of this approachin systematically exploring and discussing holistic secu-rity risks for biometric authentication technology.Example PREC#1 eBattc⊥secuaD. This class of possi-ble risk attacks describes the manipulation of enrollmentcomputations of biometric signatures (enrollment B mod-ule) for intended false acceptance of imposters and/orfalse rejection of genuines in subsequent authenticationattempts (authentication D module).Example PREC#2 dCattc⊥safeeC. Within this class thepossible manipulation of a derollment reclustering of thefeature space for biometric templates (derollment C mod-ule) of all enrolled persons during the derollment of a sin-

17056 = (4 × 4) × [(3 × 3) + (3 × 18) + (18 × 3) + (18 ×18)]=(risk aspect vs risk aspect)×[(processes vs processes)+(processesvs components)+(components vs processes)+(components vs compo-nents)]

Page 10: A Risk Analysis Approach for Biometric Authentication ... · 8/10/2009 · A Risk Analysis Approach for Biometric Authentication Technology Arslan Br¨omme ... curity risk analysis

International Journal of Network Security, Vol.2, No.1, PP.52–63, Jan. 2006 (http://isrc.nchu.edu.tw/ijns/) 61

Table 1: Notation for ⊥ and �⊥? relations of biometric authentication risk matrices

x⊥y

process x

x�⊥?y

� of process xhas potential risk effect on has potential ? risk effect on

process y process y

xA⊥yB

process x component A

xA�⊥?yB

� of process x component Ahas potential risk effect on has potential ? risk effect on

process y component B process y component B

xA⊥y

process x component A

xA�⊥?y

� of process x component Ahas potential risk effect on has potential ? risk effect on

process y process y

x⊥yB

process x

x�⊥?yB

� of process xhas potential risk effect on has potential ? risk effect on

process y component B process y component B

Table 2: Risk matrix for the �⊥? relation between biometric processes for (En|De)rollment and authentication withemphasized examples e�⊥?a and d�⊥?a

�⊥? enrollment authentication derollmentenrollment e�⊥?e a�⊥?e d�⊥?e

authentication e�⊥?a a�⊥?a d�⊥?aderollment e�⊥?d a�⊥?d d�⊥?d

gle person with the intended reliability risk effect on theenrollment reclustering of the feature space for persons tobe enrolled (enrollment C module) is described.Example PREC#3 aDattc⊥secudC. This class outlinesthe manipulation of the decision within an authenticationattempt (authentication D module) with the intention tofalsely remove a person’s biometric template within a sub-sequent derollment procedure (derollment C module). Anautomatic biometric authentication system with a limitednumber of entrance allowances per person for public trans-portation could be, for example, target of such an attack.

For the holistic security risk analysis approach for bio-metric authentication technology presented here it can beconcluded that the flexibility of the �⊥? relation in com-bination with a risk matrix enables the systematic explo-ration and discussion of holistic security risks by a secu-rity analyst with(out) help of an inference system guidingthrough the single implicit possible risk effects along therisk matrix of a biometric authentication system, whichis under study. The holistic security risks are based ondifferent security risks between the biometric processesand/or their components.

5 Conclusions

This paper presents a systematic approach for a holisticsecurity risk analysis of biometric authentication technol-ogy based on the high-level component & process modelfor integrated security risk analysis of biometric authen-tication technology also proposed here. The processesand components used within this model are developed

together with a terminology for biometric authenticationtechnology for the research field of IT security biometrics,which is comprehensively presented here for the first time.Current approaches for risk analysis of biometric authen-tication technology are limited to enrollment and identi-fication/verification processes with biometric algorithmsmainly considered as black-boxes, only. By using the bio-metric authentication risk matrices introduced here it isshown that more than seven thousand single possible riskeffect classes can be identified, which should be examinedfor an overall holistic security risk analysis of biometricauthentication technology. With the systematic discov-ery of such a large amount of possible risk effect classes inthis paper, it can be concluded that current biometric au-thentication technology contains inherent holistic securityrisks, which are not systematically explored. For this rea-son, the specific risk analysis approach presented here hasa strong advantage in comparison with other evaluationand risk analysis approaches in this area. More generallyspeaking, the presented approach is a significant contri-bution on the way to the possible development of more(holistic) secure biometric authentication technology.

References

[1] K. Bhaskar, Computer Security - Threats and Coun-termeasures, NCC Blackwell, 1993.

[2] A. Bromme, “A classification of biometric signa-tures,” in IEEE International Conference on Mul-timedia & Expo ICME 2003, vol. 3, pp. 17–20, Bal-timore, MD, USA, July 6-9, 2003.

Page 11: A Risk Analysis Approach for Biometric Authentication ... · 8/10/2009 · A Risk Analysis Approach for Biometric Authentication Technology Arslan Br¨omme ... curity risk analysis

International Journal of Network Security, Vol.2, No.1, PP.52–63, Jan. 2006 (http://isrc.nchu.edu.tw/ijns/) 62

Table 3: Full risk matrix for the �⊥? relation between biometric process components P, Q, N, S, B, C, D (seeSection 3) for (En|De)rollment and authentication with emphasized examples

�⊥?enrollment authentication derollment

P Q N S B C P Q N S B D P Q N S B C

enrollment

P eP�⊥?eP...eC�⊥?eP aP�⊥?eP...aD�⊥?eP

dCattc⊥safeeC

Q eP�⊥?eQ...eC�⊥?eQ aP�⊥?eQ...aD�⊥?eQ

N eP�⊥?eN...eC�⊥?eN aP�⊥?eN...aD�⊥?eN

S eP�⊥?eS...eC�⊥?eS aP�⊥?eS...aD�⊥?eS

B eP�⊥?eB...eC�⊥?eB aP�⊥?eB...aD�⊥?eB

C eP�⊥?eC...eC�⊥?eC aP�⊥?eC...aD�⊥?eC

authentication

P

eBattc⊥secuaD

aP�⊥?aP...aD�⊥?aP dP�⊥?aP...dC�⊥?aP

Q aP�⊥?aQ...aD�⊥?aQ dP�⊥?aQ...dC�⊥?aQ

N aP�⊥?aN...aD�⊥?aN dP�⊥?aN...dC�⊥?aN

S aP�⊥?aS...aD�⊥?aS dP�⊥?aS...dC�⊥?aS

B aP�⊥?aB...aD�⊥?aB dP�⊥?aB...dC�⊥?aB

D aP�⊥?aD...aD�⊥?aD dP�⊥?aD...dC�⊥?aD

derollment

P eP�⊥?dP...eC�⊥?dP

aDattc⊥secudC

dP�⊥?dP...dC�⊥?dP

Q eP�⊥?dQ...eC�⊥?dQ dP�⊥?dQ...dC�⊥?dQ

N eP�⊥?dN...eC�⊥?dN dP�⊥?dN...dC�⊥?dN

S eP�⊥?dS...eC�⊥?dS dP�⊥?dS...dC�⊥?dS

B eP�⊥?dB...eC�⊥?dB dP�⊥?dB...dC�⊥?dB

C eP�⊥?dC...eC�⊥?dC dP�⊥?dC...dC�⊥?dC

[3] M. Bishop, Computer Security - Art and Science,Addison-Wesley, 2003.

[4] R. M. Bolle, J. H.Connell, S. Pankanti, N. K. Rathaand A. W. Senior, Guide to Biometrics, Springer-Verlag, New York, USA, 2004.

[5] A. Bromme, “A discussion on privacy needs and(mis)use of biometric IT-Systems,” in IFIP WG9.6/11.7 Conference on SCITS-II, pp. 145–156,Bratislava, Slovakia, 2001.

[6] A. Bromme and C. Busch, “Biometrics and electronicsignatures,” in (BIOSIG 2003), Conference Proceed-ings of GI Working Group BIOSIG, Darmstadt, Ger-many, 2003.

[7] A. Bromme, M. Kronberg, O. Ellenbeck, andO. Kasch, “A conceptual framework for testing bio-metric algorithms within operating systems’ authen-tication,” in ACM Symposium on Applied ComputingSAC 2002, pp. 273–280, Madrid, Spain, Mar. 11-14,2002.

[8] K. Brunnstein, AGN Oberseminar - Discussion onRisk Analysis of Biometric Technology, 6th Nov.2003, AGN, Department of Informatics, Universityof Hamburg, 2003.

[9] K. Brunnstein, AGN Projektseminar - Talk on RiskManagement, 9th Dec. 2003, AGN, Department ofInformatics, University of Hamburg, 2003.

[10] Bundesamt fur Sicherheit in der Informationstechnik(BSI): Vergleichende Untersuchung biometrischerIdentifikationssysteme - BioIS, Bonn, Germany,2000.

[11] K. Brunnstein, “From antiVirus to antiMalware soft-ware and beyond: another approach to the protection

of customers from dysfunctional system behaviour,”in 22nd National Information Systems Security Con-ference (NISSC) Arlington/Washington, USA, Oct.18-21,1999.

[12] J. G. Daugman, Biometric Personal Identificationbased on Iris Analysis, U.S. Patent 5,291,560, in-ventor: J.G. Daugman, assignee: IriScan Inc., filed:15.07.1991, date of patent: 01.03.1994, 1994.

[13] R. C. Dubes, Cluster Analysis and Related Issues, in:C. H. Chen et al. (eds.), Handbook of Pattern Recog-nition & Computer Vision, 2nd ed., World Scientific,1999.

[14] S. Fischer-Hubner, Privacy-Enhancing Design andUse of IT-Security Mechanisms, habilitation, AGN,Department of Informatics, University of Hamburg,1999.

[15] W. Froehling, Konzept und exemplarische Imple-mentation eines gesicherten Kanals zur Ubertragungbiometrischer Daten, bachelor thesis, supervisors: K.Brunnstein, A. Bromme, AGN, Department of Infor-matics, University of Hamburg, 2003.

[16] General Assembly of the United Nations:Universal Declaration of Human Rights,http://www.un.org/Overview/rights.htm, Dec.10th, 1948.

[17] L. Hong and A. K. Jain, Multimodal Biometrics, in:Jain, Bolle, and Pankanti (eds.), Biometrics: Per-sonal Identification in Networked Society, KluwerAcademic Press, 1999.

[18] A. K. Jain, Invited Talk on Biometrics at DAGM2003, Magdeburg, Germany, 2003.

Page 12: A Risk Analysis Approach for Biometric Authentication ... · 8/10/2009 · A Risk Analysis Approach for Biometric Authentication Technology Arslan Br¨omme ... curity risk analysis

International Journal of Network Security, Vol.2, No.1, PP.52–63, Jan. 2006 (http://isrc.nchu.edu.tw/ijns/) 63

[19] A. K. Jain and R. C. Dubes, Algorithms for DataClustering, Prentice-Hall, 1988.

[20] M. Johns, Anwendungen von Wavelets fur diebiometrische Authentikation, diploma thesis, super-visors: K. Brunnstein, H.-S. Stiehl, A. Bromme,AGN, Dep. of Inf., Univ. of Hamburg, 2002.

[21] K. P. Kossakowski, Information Technology IncidentResponse Capabilities, doctoral thesis, supervisor: K.Brunnstein, Department of Informatics, Universityof Hamburg, 2000.

[22] M. Kronberg, Implementierung einer Iris-Biometrikin ein Client-Server-Authentisierungssystem,diploma thesis, supervisors: K. Brunnstein, A.Bromme, AGN, Department of Informatics, Univer-sity of Hamburg, 2002.

[23] J. C. Laprie, (ed.), Dependability: Basic Conceptsand Terminology in English, French, German, Ital-ian and Japanese, Springer-Verlag, Wien, Austria,1992.

[24] N. G. Leveson, Safeware - System Safety and Com-puters, Addison-Wesley, 1995.

[25] D. Maio, D. Maltoni, R. Cappelli, J. L. Wayman, andA. K. Jain, FVC2002: Second Fingerprint Verifica-tion Competition, Biometric System Lab, Universityof Bologna, Biometric Test Center, San Jose StateUniversity, Pattern Recog. and Image Proc. Lab.,Michigan State University, 2002.

[26] A. J. Mansfield and J. L. Wayman, Best Practices inTesting and Reporting Performance of Biometric De-vices, National Physics Laboratory, Middlesex, UK,2002.

[27] N. J. McCormick, Reliability and Risk Analysis, Aca-demic Press, N.Y., USA, 1981.

[28] C. Paulsen, Risikoanalyse von biometrischen Sys-temen, diploma thesis, supervisor: K. Brunnstein,AGN, Department of Informatics, University ofHamburg, 2003.

[29] C. P. Pfleeger and S. L. Pfleeger, Security Computing,3rd edition, Prentice Hall, 2003.

[30] P. J. Phillips, P. Grother, R. Micheals, D. M. Black-burn, E. Tabassi, and J. M. Bone, Face RecognitionVendor Test 2002, DARPA, NIST, DoD, NAVSEA,USA, 2003.

[31] P. J. Phillips, A. Martin, C. L. Wilson, and M. Przy-bocki, “An introduction to evaluating biometric sys-tems,” IEEE Computer, vol. 33, no. 2, pp. 56–62,Feb. 2000.

[32] B. Schneier, “Attack trees,” Dr. Dobb’s Journ. ofSoftw. Tools, vol. 24, no. 12, 1999.

[33] R. Shirey, Internet Security Glossary, NWG, RFC2828, The Internet Society, 2000.

[34] A. F. Westin, Privacy and Freedom, Atheneum, NewYork, 1967.

[35] E. W. Weisstein, CRC Concise Encyclopedia ofMathematics, Chapman & Hall, 1999.

Arslan Broemme Dipl.-Inform.B.Sc. Arslan Broemme studiedComputer Science with specializationin IT security and privacy at theUniversity of Hamburg. In 1999 hestarted as a research assistant at theHamburg University’s IT-SecurityResearch Group AGN and selected IT

security biometrics as a promissing research field. Hewas responsible for the lectures in biometrics, initiatedand supervised several diploma theses and published hisfirst results at international conferences.

As a founding member Arslan Broemme started in2001 to establish the Department for IT-Security andIT-Safety (Fachbereich Sicherheit - Schutz und Zuver-laessigkeit) at the German Computer Society (GI e.V.)and concentrated on constructing the GI Special In-terest Group on Biometrics and Electronic Signatures(BIOSIG). During his time as the chairman of BIOSIGfrom 2002-2005 he initiated and co-organized several an-nual national onferences and workshops (BIOSIG 2002-2005, QSIG 2005). Additionally he is a co-founder of theGerman national standardization committee DIN NI-37on biometrics.

Since 2003 Arslan Broemme works as a research as-sistant in the Computer Vision Group at the Univer-sity of Magdeburg and gathers deeper insights into pat-tern recognition and image processing. In the summersemester 2003 he was able to establish a university lectureon ”Biometrics - An Introduction to the Scientific Funda-mentals”. Further he is main supervisor of diploma andmaster theses and works in a biometrics project for rapidhuman iris feature tracking (RHIFT) dedicated to the de-velopment of fast and accurate human iris detection andtracking methods.