Published: 2023-10-31
Sunset: Active
Impacted Documents
Fingerprint Toolbox Overview v4
Attack Fingerprint 03-xx v4
Attack Fingerprint 04-xx v4
References
Fingerprint Toolbox Overview, Section 2.2, Curved Attacks
Attack Fingerprint 03-xx, Attack Potential Rating Suggestion
Attack Fingerprint 04-xx, Attack Potential Rating Suggestion
Issue Description
The PP-Module Supporting Document currently specifies that presentation attacks, when added as requirements for an evaluation, are to cover attacks rated as meeting Basic attack potential (section 7.3.1.1). All attacks have an Attack Potential Rating Suggestion section which defines how the attack is rated to meet (or not) this rating.
The curved fingerprint attacks specified in the Fingerprint Toolbox Overview were listed as non-cooperative for the Window of Opportunity, and based on that given an attack potential calculation of 8 (meeting Basic). The instructions for the attack though, require a cooperative capture of the fingerprint in the molding material. As defined in Supporting Document, this increases the attack potential for the Window of Opportunity from 2 to 4. This increases the attack potential calculation to 10, which places these attacks out of scope for Basic.
Based on consultation with other organizations performing similar presentation attack testing, cooperative testing attacks are considered out of scope for Basic attacks. In those systems, cooperative attacks are rated with higher values than 4, placing them well outside the scope of equivalent testing systems for Basic attack potential.
Note on keeping these attacks listed
The BIO-iTC regularly reviews the landscape for biometrics, including threats. As such, these attacks will be left as part of the possible set of attacks (and can be used as a basis for ATE_IND input) that may become relevant.
Resolution
Fingerprint Toolbox Overview v5
The following rows were changed (changes shown in italics):
| Sub-section name | Description | |
|---|---|---|
Original Text |
2.2 Curved Attacks |
-none- |
BIO0004 Text |
2.2.1 Attack Potential Update (all 2.2.x sections were increased by 1) |
As of October 17, 2023 it was determined that curved attacks have an attack potential higher than Basic, and so are out of scope of the current set of requirements. See Technical Decision BIO0004 for more details. |
Attack Fingerprint 03-xx v5
The following rows were changed (changes shown in italics):
| Sub-section name | Description | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Original Text |
Attack Potential Rating Suggestion |
|
||||||||||||
BIO0004 Text |
Attack Potential Rating Suggestion |
|
||||||||||||
Attack Fingerprint 04-xx v5
The following rows were changed (changes shown in italics):
| Sub-section name | Description | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Original Text |
Attack Potential Rating Suggestion |
|
||||||||||||
BIO0004 Text |
Attack Potential Rating Suggestion |
|
||||||||||||