Attack Potential Evaluation in Desktop and Smartphone Fingerprint Sensors: Can They Be Attacked by Anyone?
Table 8
Attack potential calculation for cooperative attacks on smartphone fingerprint sensors. Scores assigned according to the classification from Common Criteria [16, p. 429].
ā
Preparation phase
PAI construction + exercising phase
Attack execution phase
Total factor rating
Score
Elapsed time
<1 day (capture subject is cooperative)
<1 day or <1 week (different material difficulty)
Few seconds (perform attack)
<1 week or <2 weeks
1.5
Expertise
Layman (materials can be obtained at normal stores)
Layman (easy to create)
Layman (not much expertise needed)
Layman
0
Knowledge of TOE
Public (well known on the internet that it works)
Public (manuals can be found on the internet)
Public (no knowledge needed)
Public
0
Window of opportunity
Unnecessary (no access to TOE needed)
Easy (access to TOE for practicing)
Easy (high chance the PAI will work)
Easy
1
Equipment
Standard (no equipment needed)
Standard (but it is necessary to buy the TOE, which can be expensive)
