1、BS ISO/IEC 19792:2009 ICS 35.040 NO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAW BRITISH STANDARD Information technology Security techniques Security evaluation of biometricsThis British Standard was published under the authority of the Standards Policy and Strategy Committee
2、on 31 August 2009 BSI 2009 ISBN 978 0 580 53797 4 Amendments/corrigenda issued since publication Date Comments BS ISO/IEC 19792:2009 National foreword This British Standard is the UK implementation of ISO/IEC 19792:2009. The UK participation in its preparation was entrusted to Technical Committee IS
3、T/33, IT - Security techniques. A list of organizations represented on this committee can be obtained on request to its secretary. This publication does not purport to include all the necessary provisions of a contract. Users are responsible for its correct application. Compliance with a British Sta
4、ndard cannot confer immunity from legal obligations.BS ISO/IEC 19792:2009Reference number ISO/IEC 19792:2009(E) ISO/IEC 2009INTERNATIONAL STANDARD ISO/IEC 19792 First edition 2009-08-01 Information technology Security techniques Security evaluation of biometrics Technologies de linformation Techniqu
5、es de scurit Cadre de la scurit pour lvaluation et le test de la technologie biometrique BS ISO/IEC 19792:2009 ISO/IEC 19792:2009(E) PDF disclaimer This PDF file may contain embedded typefaces. In accordance with Adobes licensing policy, this file may be printed or viewed but shall not be edited unl
6、ess the typefaces which are embedded are licensed to and installed on the computer performing the editing. In downloading this file, parties accept therein the responsibility of not infringing Adobes licensing policy. The ISO Central Secretariat accepts no liability in this area. Adobe is a trademar
7、k of Adobe Systems Incorporated. Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. I
8、n the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below. COPYRIGHT PROTECTED DOCUMENT ISO/IEC 2009 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any me
9、ans, electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copy
10、rightiso.org Web www.iso.org Published in Switzerland ii ISO/IEC 2009 All rights reservedBS ISO/IEC 19792:2009 ISO/IEC 19792:2009(E) ISO/IEC 2009 All rights reserved iiiContents Page Foreword iv 1 Scope1 2 Conformance .2 3 Normative references2 4 Terms and definitions .2 4.1 General .2 4.2 Biometric
11、 systems.4 4.3 Biometric processes .5 4.4 Error rates 7 4.5 Statistical8 5 Abbreviated terms .8 6 Security evaluation9 6.1 Overview.9 6.2 Methodology 9 7 Error rates of biometric systems .10 7.1 Introduction10 7.2 Concept Testing security-relevant error rates 11 8 Vulnerability assessment .19 8.1 In
12、troduction19 8.2 Vulnerability assessment .19 8.3 Common vulnerabilities of biometric systems 21 9 Privacy29 9.1 Overview.29 Annex A (informative) Reference model of a biometric system.31 Bibliography37 BS ISO/IEC 19792:2009 ISO/IEC 19792:2009(E) iv ISO/IEC 2009 All rights reservedForeword ISO (the
13、International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee
14、 has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnic
15、al standardization. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of technical committees is to prepare International Standards. Draft International Standards adopted by the technical committees are circulated to the member bo
16、dies for voting. Publication as an International Standard requires approval by at least 75 % of the member bodies casting a vote. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying an
17、y or all such patent rights. ISO/IEC 19792 was prepared by Technical Committee ISO/TC JTC1, Information technology, Subcommittee SC 27, IT Security techniques. BS ISO/IEC 19792:2009 INTERNATIONAL STANDARD ISO/IEC 19792:2009(E) ISO/IEC 2009 All rights reserved 1Information technology Security techniq
18、ues Security evaluation of biometrics 1 Scope This International Standard specifies the subjects to be addressed during a security evaluation of a biometric system. It covers the biometric-specific aspects and principles to be considered during the security evaluation of a biometric system. It does
19、not address the non-biometric aspects which might form part of the overall security evaluation of a system using biometric technology (e.g. requirements on databases or communication channels). This International Standard does not aim to define any concrete methodology for the security evaluation of
20、 biometric systems but instead focuses on the principal requirements. As such, the requirements in this International Standard are independent of any evaluation or certification scheme and will need to be incorporated into and adapted before being used in the context of a concrete scheme. This Inter
21、national Standard defines various areas that are important to be considered during a security evaluation of a biometric system. These areas are represented by the following clauses of this International Standard: Clauses 4 and 5 of this International Standard give an overview of all terms, definitio
22、ns and acronyms used, Clause 6 introduces the overall concept for a security evaluation of a biometric system, Clause 7 describes statistical aspects of security-relevant error rates, Clause 8 deals with the vulnerability assessment of biometric systems and Clause 9 describes the evaluation of priva
23、cy aspects. This International Standard is relevant to both evaluator and developer communities. It specifies requirements for evaluators and provides guidance on performing a security evaluation of a biometric system. It serves to inform developers of the requirements for biometric security evaluat
24、ions to help them prepare for security evaluations. Although this International Standard is independent of any specific evaluation scheme it could serve as a framework for the development of concrete evaluation and testing methodologies to integrate the requirements for biometric evaluations into ex
25、isting evaluation and certification schemes. This International Standard refers to and utilizes other biometric standards, notably those for biometric performance testing and reporting from ISO/JTC1 SC 37. These standards have been adapted as necessary for the specific requirements of biometric secu
26、rity evaluation. BS ISO/IEC 19792:2009 ISO/IEC 19792:2009(E) 2 ISO/IEC 2009 All rights reserved2 Conformance To conform to this International Standard, a security evaluation of a biometric system shall be planned, executed and reported in accordance with the normative requirements contained herein.
27、This International Standard describes the specific aspects of a security evaluation of a biometric system in terms of statistical error rates (see Clause 7), biometric-specific vulnerabilities (see Clause 8), and privacy (see Clause 9) As some evaluation schemes that adopt this International Standar
28、d may not address all of the aforementioned aspects it shall further be possible to claim conformance to parts of this International Standard. In this case a security evaluation of a biometric system shall be planned, executed and reported in accordance with a subset of the normative requirements of
29、 this International Standard. In this case the requirements that are addressed shall be clearly identified. Note that conformance to this International Standard is limited to the adoption of the biometric evaluation methodology described and adherence to the specified normative requirements. Conform
30、ance does not include scheme related issues such as action to be taken in the event that a system under evaluation fails to meet security relevant evaluation criteria or targets. The overarching scheme is responsible for specifying this action, which could include, for example: outright evaluation f
31、ailure, restatement of evaluation criteria or targets to match achieved results, or development of a system under evaluation to meet specified evaluation criteria or targets. 3 Normative references The following referenced documents are indispensable for the application of this document. For dated r
32、eferences, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. ISO/IEC 19795-1:2006, Biometric performance testing and reporting Part 1: Principles and framework 4 Terms and definitions 4.1 General 4.1.1 assurance
33、level amount of assurance obtained according to the specific scale used by the assurance method NOTE Definition from 1. 4.1.2 attacker person seeking to exploit potential vulnerabilities of a biometric system BS ISO/IEC 19792:2009 ISO/IEC 19792:2009(E) ISO/IEC 2009 All rights reserved 34.1.3 biometr
34、ic characteristic biological and behavioural characteristic of an individual that can be detected and from which distinguishing, repeatable biometric features can be extracted for the purpose of automated recognition of individuals NOTE 1 Definition from 2. NOTE 2 Biological and behavioural characte
35、ristics are physical properties of body parts, physiological and behavioural processes created by the body and combinations of any of these. NOTE 3 Distinguishing does not necessarily imply individualization. EXAMPLE Examples of biometric characteristics are: Galton ridge structure, face topography,
36、 facial skin texture, hand topography, finger topography, iris structure, vein structure of the hand, ridge structure of the palm or retinal pattern. 4.1.4 biometric product biometric component, system or application acting as the scope of an evaluation 4.1.5 biometrics automated recognition of indi
37、viduals based on their behavioural and biological characteristics NOTE Definition from 2. 4.1.6 evaluator person or party responsible for performing a security evaluation of a biometric product 4.1.7 evaluation assessment of a deliverable against defined criteria NOTE 1 Definition from 1. NOTE 2 In
38、this context, a deliverable is a biometric system. 4.1.8 lamb biometric reference that results in higher than normal similarity scores on a particular biometric system when compared to biometric samples or references from other subjects 4.1.9 vendor party that sells, produces or uses a biometric sys
39、tem and is responsible for providing the biometric system and all necessary evidence for evaluation NOTE In cases where a vendor decides to delegate certain tasks to another party (e.g. to a third party testing laboratory), this party shall be seen as a vendor as well. 4.1.10 user person interacting
40、 with a biometric system 4.1.11 wolf biometric sample that results in higher than normal similarity scores on a particular biometric system when compared to biometric references of enrolees BS ISO/IEC 19792:2009 ISO/IEC 19792:2009(E) 4 ISO/IEC 2009 All rights reserved4.2 Biometric systems 4.2.1 atte
41、mpt submission of one (or a sequence of) biometric samples to the system NOTE An attempt results in an enrolment template, a matching score (or scores), or possibly a failure-to-acquire. 4.2.2 biometric data biometric sample at any stage of processing, biometric reference, biometric feature or biome
42、tric property NOTE Definition from 2. 4.2.3 biometric feature numbers or labels extracted from biometric samples and used for comparison NOTE 1 Biometric features are the output of a completed biometric feature extraction. NOTE 2 The use of this term should be consistent with its use by the pattern
43、recognition and mathematics communities. NOTE 3 A biometric feature set can also be considered a processed biometric sample. 4.2.4 biometric model stored function (dependent on the biometric data subject) generated from a biometric feature(s) NOTE 1 Definition from 2. NOTE 2 Comparison applies the f
44、unction to the biometric features of a recognition biometric sample to give a comparison score. NOTE 3 The function may be determined through training. NOTE 4 A biometric model may involve intermediate processing similar to biometric feature extraction. EXAMPLE Examples for the stored function could
45、 be a Hidden Markov Model, Gaussian Mixture Model or an Artificial Neural Network. 4.2.5 biometric property descriptive attributes of the biometric data subject estimated or derived from the biometric sample by automated means NOTE Definition from 2. EXAMPLE Fingerprints can be classified by the bio
46、metric properties of ridge-flow, i.e. arch, whorl, and loop types; In the case of facial recognition, this could be estimates of age or gender. 4.2.6 biometric reference one or more stored biometric samples, biometric templates or biometric models attributed to a biometric data subject and used for
47、comparison NOTE 1 Definition from 2. NOTE 2 A biometric reference may be created with implicit or explicit use of auxiliary data, such as Universal Background Models. EXAMPLE Face image on a passport; Fingerprint minutiae template on a National ID card; Gaussian Mixture Model, for speaker recognitio
48、n, in a database. BS ISO/IEC 19792:2009 ISO/IEC 19792:2009(E) ISO/IEC 2009 All rights reserved 54.2.7 biometric sample analog or digital representation of biometric characteristics prior to biometric feature extraction and obtained from a biometric capture device or biometric capture subsystem NOTE
49、1 Definition from 2. NOTE 2 A biometric capture device is a biometric capture subsystem with a single component. 4.2.8 biometric template set of stored biometric features comparable directly to biometric features of a recognition biometric sample NOTE 1 Definition from 2. NOTE 2 A biometric reference consisting of an image, or other captured biometric sample, in its original, enhanced or compressed form, is not a biometric template. NOTE 3 The biometric features are not considere
