Biometric systems are widely used for authentication and identification. The False Match Rate (FMR) quantifies the probability of matching a biometric template to a non-corresponding template and serves as an indicato...
详细信息
ISBN:
(纸本)9798400714764
Biometric systems are widely used for authentication and identification. The False Match Rate (FMR) quantifies the probability of matching a biometric template to a non-corresponding template and serves as an indicator of the system robustness against security threats. We analyze biometric systems through two main contributions. First, we study untargeted attacks, where an adversary aims to impersonate any user in the database. We compute the number of trials needed for a successful impersonation and derive the critical population size ( i.e., the maximum database size) and critical (FMR) required to maintain security against untargeted attacks as the database grows. Second, we address the biometric birthday problem, which quantifies the probability that there exists two distinct users that collide ( i.e., can impersonate each other). We compute approximate and exact probabilities of collision and derive the associated critical population size and critical (FMR) to bound the risk of biometric collisions, particularly in large-scale databases. These thresholds provide actionable insights for designing biometric systems that mitigate the risks of impersonation and biometric collisions, particularly in large-scale databases. Nevertheless, our findings show that current systems fail to meet the required security level against untargeted attacks, even in small databases, and face significant challenges with the biometric birthday problem as databases grow.
security measurement helps identify deployment gaps and present extremely valuable research opportunities. However, such research is often deemed as not novelty by academia. I will first share my research journey desi...
详细信息
ISBN:
(纸本)9781450381437
security measurement helps identify deployment gaps and present extremely valuable research opportunities. However, such research is often deemed as not novelty by academia. I will first share my research journey designing and producing a high precision tool CryptoGuard for scanning cryptographic vulnerabilities in large Java projects. That work led us to publish two benchmarks used for systematically assessing state-of-the-art academic and commercial solutions, as well as help Oracle Labs integrate our detection in their routine scanning. Other specific measurement and deployment cases to discuss include the Payment Card Industry datasecurity Standard, which was involved in high-profile data breach incidents, and fine-grained Address Space Layout Randomization (ASLR). The talk will also point out the need for measurement in AI development in the context of code repair. Broadening research styles by accepting and encouraging deployment-related work will facilitate our field to progress towards maturity.
An information bank is a reliable data ecosystem for the distribution and utilization of personal data (PD). In order to maintain the trust of individuals, sharing of personal data between businesses and the informati...
详细信息
ISBN:
(纸本)9781450371070
An information bank is a reliable data ecosystem for the distribution and utilization of personal data (PD). In order to maintain the trust of individuals, sharing of personal data between businesses and the information bank is required to be secure. Therefore, the information bank must prevent abuse and leaking of personal data. There are several measures that can be taken to limit the damage imposed upon the individual in the case of data abuse or leakage. However, it is difficult to prevent abuse and leakage once the data has been shared with businesses. Thiswork focuses on the security of an offering service on the information bank. The information bank offers useful information or services to individuals from businesses' based on shared personal *** devise a remote offering service enabling businesses to target individuals without sharing personal data. Moreover, we consider a malicious threat on the remote offering service and propose a mechanism for detecting this threat. The experimental results suggest that the proposed mechanism is useful in some real security use cases.
In cybersecurity there is a continuous arms race between the attackers and the defenders. In this panel, we investigate three key questions regarding this arms race. First question is whether this arms race is winnabl...
详细信息
ISBN:
(纸本)9781450371070
In cybersecurity there is a continuous arms race between the attackers and the defenders. In this panel, we investigate three key questions regarding this arms race. First question is whether this arms race is winnable. Second, if the answer to the first question is in the affirmative, what steps we need to take to win this race. Third, if the answer to the first question is negative, what is the justification for this and what steps can we take to improve the state of affairs and increase the bar for the attackers significantly.
暂无评论