Evaluation of biometric system performance in the context of Common Criteria Articles uri icon


publication date

  • October 2013

start page

  • 240

end page

  • 254


  • 245

International Standard Serial Number (ISSN)

  • 0020-0255

Electronic International Standard Serial Number (EISSN)

  • 1872-6291


  • Nowadays, many Information Technology (IT) systems and applications are assessed by licensed laboratories in order to guarantee that these products fulfil a predefined set of security specifications. These evaluations are carried out in accordance with international Common Criteria (CC) for IT Security Evaluation and its Common Evaluation Methodology (CEM), with the objective of obtaining a certificate which will be recognised in several countries. Nevertheless, CC does not go into detail of each of the special characteristics for most of the IT technologies. Therefore specific guidelines must be developed to help testing organisations to understand how to apply CEM to each kind of product, especially when the security properties to be analysed are different from other previously-defined technologies. This is currently the case for biometrics.In this paper, the authors define how CEM is to be interpreted in the context of biometrics, and the correct way to apply it for testing biometric system performance. Biometric technical performance is one of the most important security parameters to be analysed in the case of biometrics, because it not only quantifies the capability to correctly identify individuals, but also measures the probability of countering impersonation and disguise threats. These guidelines have been developed by considering the most recent version of the CC standard and ISO/IEC 19795 multipart standard, which establish the principles for the evaluation of biometric performance.


  • biometrics; security evaluation; common criteria (cc); common evaluation methodology (cem); biometric performance testing; vulnerability