We use cookies to give you the best experience and to help improve our website
Find out what cookies we use and how to disable themThis document provides an overview on:
• Definitions on Biometric Data Injection Attack.
• Biometric Data Injection Attack use case on main biometric system hardware for enrolment and
verification
• Injection Attack Instruments on systems using one or several biometric modalities.
This document provides guidance on:
• System for the detection of Injection Attack Instruments (defined in 3.12).
• Appropriate mitigation risk of Injection Attack Instruments.
• Creation of test plan for the evaluation of Injection Attack Detection system (defined in 3.9)
If presentation attacks testing is out of scope of this document, note that these two characteristics are
in the scope of this document:
• Presentation Attack Detection systems which can be used as injection attack instrument defence
mechanism and/or injection attack method defence mechanism. Yet, no presentation attack testing will
be performed by the laboratory to be compliant with this TS (out of scope).
• Bona Fide Presentation testing in order to test the ability of the Target Of Evaluation to correctly
classify legitimate users.
The following aspects are out of scope:
• Presentation Attack testing (as they are covered into ISO/IEC 30107 standards)
• Biometric attacks which are not classified as type 2 attacks (see Figure 1).
• Evaluation of implementation of cryptographic mechanisms like secure elements.
• Injection Attack Instruments rejected due to quality issues.
The emergence of remote identity verification solutions based on biometric (such as facial) recognition and the use of mobile applications or web browser applications may provide new means of attacking the recognition process. One of these attacks is biometric data injection attack, which is based on the attacker modifying the data flow. There are already several examples in the news and in the literature that have shown the reality of this threat and the major impacts that injection attacks can have, mainly on identity fraud. With this standard, we will be able to provide a harmonised evaluation methodology for injection attack detection systems which will help the biometric community to improve the current state-of-the-art of these defence mechanisms. If there is such an international standard, there will be the following benefits: 1. Standardisation and Quality Control: Establishing international standards provides uniform guidelines for analysis and evaluation, ensuring the quality and reliability of evidences of the injection attack detection capacities. 2. Facilitation of International Collaboration: A unified international standard helps in cooperation between cross-national research teams, as it offers a common technical language and framework to tackle this threat which does not have any borders. 3. Enhancement of Technological Application: With the promotion of international standards, the community will be able to improve the current state-of-the-art of detection solutions. 4. Promotion of Industry Development: Clear standards enable benchmarks for the industry and government, thanks to certification schemes that would be based on this standard for instance. 5. Building Public Trust: The establishment and implementation of international standards can enhance public confidence and acceptance of identity wallets which are threatened by injection attacks.
You are now following this standard. Weekly digest emails will be sent to update you on the following activities:
You can manage your follow preferences from your Account. Please check your mailbox junk folder if you don't receive the weekly email.
You have successfully unsubscribed from weekly updates for this standard.
Comment on proposal
Required form fields are indicated by an asterisk (*) character.