In recent years, there has been a significant surge in the use of biometrics for user authentication applications because biometrics-based authentication offers several advantages over knowledge and possession-based methods such as password/PIN-based systems. However; it is important that such biometrics-based authentication systems are designed to withstand different sources of attacks on the system when employed in security-critical applications, and more so in unattended remote applications such as e-commerce applications. In this paper we outline the inherent strengths of a biometrics-based authentication scheme and then discuss the security holes in these systems. Finally, we present new solutions for overcoming some of the remaining weak links in such systems.
By: N. K. Ratha, J. H. Connell, R. M. Bolle
Published in: RC21977 in 2001
LIMITED DISTRIBUTION NOTICE:
This Research Report is available. This report has been submitted for publication outside of IBM and will probably be copyrighted if accepted for publication. It has been issued as a Research Report for early dissemination of its contents. In view of the transfer of copyright to the outside publisher, its distribution outside of IBM prior to publication should be limited to peer communications and specific requests. After outside publication, requests should be filled only by reprints or legally obtained copies of the article (e.g., payment of royalties). I have read and understand this notice and am a member of the scientific community outside or inside of IBM seeking a single copy only.
Questions about this service can be mailed to reports@us.ibm.com .