Security evaluation of behavioral biometric systems

For establishing trust in the security of IT products, security evaluations by i ndependent third-party testing laboratories are the first choice. In some fields of application of biometric methods (e.g., for protecting private keys for qual ified electronic signatures), a security evaluation is even required by legislat ion. The common criteria for IT security evaluation form the basis for security evaluations for which wide international recognition is desired. Within the comm on criteria, predefined security assurance requirements describe actions to be c arried out by the developers of the product and by the evaluators. The assurance components that require clarification in the context of biometric systems are r elated to vulnerability assessment. This chapter reviews the state of the art an d gives a gentle introduction to the methodology for evaluating the security of biometric systems, in particular of behavioral biometric verification systems.