Assessing Vulnerability of Biometric Technologies for Identity Management Applications


  1. Smeaton, D.
  2. Nanavati, R.
Corporate Authors
Defence R&D Canada - Centre for Security Science, Ottawa ONT (CAN)
To address the Community of Practice (CoP) objective of evaluating the utility of potential biometrics techniques that could be used to enhance the security of Information Technology (IT) systems, including Supervisory Control And Data Acquisition (SCADA) systems and e-Government services, the Study Team for PSTP-02-336BIOM developed a framework for addressing biometric vulnerabilities, researched case study examples of existing deployed biometric systems, and conducted a small-scale evaluation to compare the utility of biometrics vs. passwords. In developing the framework, the Study Team researched existing biometric evaluation frameworks to identify gaps, and synthesized a practical framework aimed at an audience of IT security practitioners, with the intent of addressing the growing use of biometrics in government applications and the implications that it has on IT systems security. The Study Team also conducted a preliminary comparative evaluation of the utility of biometrics vs. passwords as a single-factor authentication method using experimental test trials and a user survey. Comparison criteria included: whether or not user access is granted, number of attempts, and usability. The evaluation confirmed experimentally that single-factor biometric technology is a viable and user-accepted means of authentication for IT system access that is at least as fast and reliable as username-password methods.

Il y a un résumé en français ici.

Vulnerabilities;IT Security;Privacy;Biometric data;Access control;Access management;Authentication;Information security;Passwords
Report Number
DRDC-CSS-CR-2011-19 — Contractor Report (Final Report)
Date of publication
01 Oct 2011
Number of Pages
Electronic Document(PDF)

Permanent link

Document 1 of 1

Date modified: