Published: 2023-10-31

Sunset: Active

Impacted Documents

Fingerprint Toolbox Overview v4

Attack Fingerprint 03-xx v4

Attack Fingerprint 04-xx v4

GitHub Mark 64px

References

Fingerprint Toolbox Overview, Section 2.2, Curved Attacks

Attack Fingerprint 03-xx, Attack Potential Rating Suggestion

Attack Fingerprint 04-xx, Attack Potential Rating Suggestion

Issue Description

The PP-Module Supporting Document currently specifies that presentation attacks, when added as requirements for an evaluation, are to cover attacks rated as meeting Basic attack potential (section 7.3.1.1). All attacks have an Attack Potential Rating Suggestion section which defines how the attack is rated to meet (or not) this rating.

The curved fingerprint attacks specified in the Fingerprint Toolbox Overview were listed as non-cooperative for the Window of Opportunity, and based on that given an attack potential calculation of 8 (meeting Basic). The instructions for the attack though, require a cooperative capture of the fingerprint in the molding material. As defined in Supporting Document, this increases the attack potential for the Window of Opportunity from 2 to 4. This increases the attack potential calculation to 10, which places these attacks out of scope for Basic.

Based on consultation with other organizations performing similar presentation attack testing, cooperative testing attacks are considered out of scope for Basic attacks. In those systems, cooperative attacks are rated with higher values than 4, placing them well outside the scope of equivalent testing systems for Basic attack potential.

Note on keeping these attacks listed

The BIO-iTC regularly reviews the landscape for biometrics, including threats. As such, these attacks will be left as part of the possible set of attacks (and can be used as a basis for ATE_IND input) that may become relevant.

Resolution

Fingerprint Toolbox Overview v5

The following rows were changed (changes shown in italics):

Sub-section name Description

Original Text

2.2 Curved Attacks

-none-

BIO0004 Text

2.2.1 Attack Potential Update (all 2.2.x sections were increased by 1)

As of October 17, 2023 it was determined that curved attacks have an attack potential higher than Basic, and so are out of scope of the current set of requirements. See Technical Decision BIO0004 for more details.

Attack Fingerprint 03-xx v5

The following rows were changed (changes shown in italics):

Sub-section name Description

Original Text

Attack Potential Rating Suggestion

Window of Opportunity

(Access to Biometric Characteristics)

N/A

Non-cooperative

2

2

Calculated Total Attack Potential = 8 < Basic Attack Potential

BIO0004 Text

Attack Potential Rating Suggestion

Window of Opportunity

(Access to Biometric Characteristics)

N/A

Cooperative

4

4

Calculated Total Attack Potential = 10 > Basic Attack Potential

Attack Fingerprint 04-xx v5

The following rows were changed (changes shown in italics):

Sub-section name Description

Original Text

Attack Potential Rating Suggestion

Window of Opportunity

(Access to Biometric Characteristics)

N/A

Non-cooperative

2

2

Calculated Total Attack Potential = 8 < Basic Attack Potential

BIO0004 Text

Attack Potential Rating Suggestion

Window of Opportunity

(Access to Biometric Characteristics)

N/A

Cooperative

4

4

Calculated Total Attack Potential = 10 > Basic Attack Potential

Tracking