7 September 2007 | 18:29

Comments: 0

Biometric systems comprise electronic devices, and as such can utilize common electronic transports for the transmission of biometric related data. With biometric access control and identification system, users will typically present their biometric to a sensing device, which in turn may transmit data pertaining to that biometric to a server or secondary processing unit to perform biometric comparisons and auditing functions. Following this matching process, further electronic signals will be generated, perhaps to open a door, or to issue a message to a terminal to inform whether or not a user has been identified/verified. In this paper we realize a proof-of-concept implementation of a biometric keylogger, or "Biologger". While conventional keyloggers are typically used to obtain passwords or encrypted keys to circumvent specific security measures, our Biologger will aim to capture biometric-related data between a biometric device and other processing units, to be used and exploited in a number of potential attack vectors against a biometric system, such as manipulation of biometric data and control signals, as per traditional man-in-the-middle attacks.

Complete text (pdf file, 714238 b)