Applied Biometrics for the security of Critical Infrastructure

Applied Biometrics for the security of Critical Infrastructure



The reliability of biometric technologies is unknown. In particular the following criteria are often unknown or impossible to compare against competitors:

  • The performance of the underlying biometric system
  • The robustness to vulnerabilities such as direct (spoofing) or indirect attacks, and
  • The strength of privacy preservation techniques. The lack of standard operational evaluations is the reason that we cannot measure the reliability of these biometric technologies. Some initiatives exist in Europe, the USA, and Asia. However, these initiatives are: isolated, disorganised, or limited in time. This leads to discontinuous and non-integrated efforts which have a limited life span.

Focus of work

During the first meeting, the TG defined its focus more towards standardisation of testing methods, and decided to address the following areas where biometrics has a particular application:

  • Automated Border Controls
  • Physical access control
  • Logical access control
  • Mobile identity checks (‘on-the-spot challenge’/virtual zones in restricted areas of operation of critical infrastructures);

The work programme - Main deliverables

While the TG has not yet finalised its work programme it has decided that it will produce the following main deliverables:

  • Awareness document
  • Analysis of priorities for use of biometrics by operators of CIs, using the awareness document/DVD to help the CI operators understand the opportunities
  • New work item proposals to appropriate standardisation bodies for application profiles and testing / certification methodologies specific to the identified applications areas 
  • Organisation of a conference/conference stream related to the above work packages.  

Deliverables List


The Application of Biometrics in Critical Infrastructures Operations: Guidance for Security Managers

Sunday, July 5, 2015


Biometric technologies have advanced considerably over the past decade, and have paved the way for more widespread use by governments, commercial enterprises and, more recently, by the consumer through the introduction of sensors and apps on mobile phones. This report provides introductory information about the application of these technologies to achieve secure recognition of individuals by organisations which form part of critical infrastructures in the EU. As a specific example, it offers guidance about the implementation of physical access control systems using biometric technologies. It is principally addressed at managers and security officers within these organisations. With the information in this report, managers and officers should be in a better position to discuss their specific requirements with technology suppliers, specialist systems integrators and consultants – and therefore lead to applications which are more secure without compromising on their usability. The report emphasises the importance of considering the effectiveness of the entire application – and not just focussing on the performance of the biometric subsystem. Note that the representation of specific devices does not imply any recommendation by the authors or the European Commission.


Experiences from Large Scale Testing of Systems using Biometric Technologies

Thursday, May 7, 2015


The intended readership of this paper is organizations looking to implement very large scale identification systems (e.g. national scale systems which may run to many millions of individuals). Many of the lessons and issues identified will also be useful for organizations looking to develop more general systems based on biometric technology. This paper describes a systematic approach to testing based on lessons learnt from a case study of large scale testing of biometric systems. This approach will enable the performance of the proposed biometric matching system to be characterized to ensure that it is ‘fit for purpose’ and that the benefits outlined in justifying the system can be met.