Attack Potential Evaluation in Desktop and Smartphone Fingerprint Sensors: Can They Be Attacked by Anyone?
Table 7
Attack potential calculation for noncooperative attacks on desktop fingerprint sensors. Scores assigned according to the classification from Common Criteria [16, p. 429].
ā
Preparation phase
PAI construction + exercising phase
Attack execution phase
Total factor rating
Score
Elapsed time
<1 week (capture subject is noncooperative)
1 week (creating PAIs)
Few seconds (perform attack)
<2 weeks
2
Expertise
Layman (materials can be obtained at normal stores)
Proficient (process needs many steps)
Layman (not much expertise needed)
Proficient
3
Knowledge of TOE
Public (well known on the internet that it works)
Public (manuals can be found on the internet)
Public (no knowledge needed)
Public
0
Window of opportunity
Unnecessary (no access to TOE needed)
Easy (access to TOE for practicing)
Easy (high chance the PAI will work)
Easy
1
Equipment
Standard (no equipment needed)
Specialized (some sensors might be hard to obtain)
