How do we know when the system is becoming less secure?
Biometric systems may be initially adequately secure, but become less so with
passing time. This could be because critical security parameters such as threshold
settings become maladjusted, or sloppy enrolment procedures lead to poor enrolment
quality. Some biometric systems are self-adaptive which means that the templates are
updated each time a user accesses the system. This feature is intended to maintain
the system performance (essentially to stop the false rejection rate increasing) if the
users’ biometric characteristics change over time. Such updating may result in the
reference templates becoming weaker (easier for an impostor to attack) without
supervisors being aware of anything untoward. The problem may be exacerbated if
coupled with sloppy user behaviour which results in poor quality images that translate
into weaker templates.
An impostor, working in collusion with an enrolee, could gradually “train†the system
away from the enrolee’s template onto the impostor’s template.
Solutions
The risks can be countered through system audit and testing. If security relevant events
are logged, then changes in security parameters can be audited. Suspicious events
such as persistent authentication failures can also be checked. If the system is
capable of checking its own performance, then it could monitor the template
separation of enrolled users and flag conditions where the separation becomes
inadequate. Clearly, these measures are likely to be more difficult to apply in large
distributed systems where logs and templates may also be distributed.