DS/CEN/TS 18099:2024

Biometric data injection attack detection

This document provides an overview on:*- Definitions on Biometric Data Injection Attack,*- Biometric Data Injection Attack use case on main biometric system hardware for enrolment and verification,*- Injection Attack Instruments on systems using one or several biometric modalities.*This document provides guidance on:*- System for the detection of Injection Attack Instruments (defined in 3.12),*- Appropriate mitigation risk of Injection Attack Instruments,*- Creation of test plan for the evaluation of Injection Attack Detection system (defined in 3.9).*If presentation attacks testing is out of scope of this document, note that these two characteristics are in the scope of this document:*- Presentation Attack Detection systems which can be used as injection attack instrument defence mechanism and/or injection attack method defence mechanism. Yet, no presentation attack testing will be performed by the laboratory to be compliant with this document (out of scope).*- Bona Fide Presentation testing in order to test the ability of the Target Of Evaluation to correctly classify legitimate users.*The following aspects are out of scope:*- Presentation Attack testing (as they are covered in ISO/IEC 30107 standards),*- Biometric attacks which are not classified as Type 2 attacks (see Figure 1),*- Evaluation of implementation of cryptographic mechanisms like secure elements,*- Injection Attack Instruments rejected due to quality issues.