The match-in-database fingerprint biometric system has emerged as the most widely used human identification and authentication method in public and private sectors due to its high efficiency, low-cost, and ease of use. This paper provides an exhaustive insight into the security aspect of such systems. We propose a comprehensive threat model depicting sixteen vulnerable attack points, which can act as a reference model while designing a new biometric application. We provide a comparison between the existing and proposed threat model. This article pinpoints all probable attacks at each vulnerable location and suggests possible mitigation techniques to thwart such attack attempts. We investigate the attacks on such systems, present a threat model, and categorize them into eight classes while specifying the risk factor associated with each class. This facilitates any new attack on such a system to be classified into one of these eight classes.

数据库匹配指纹生物特征识别系统由于其高效，低成本和易用性，已经成为公共和私营部门中使用最广泛的人类识别和认证方法。本文全面介绍了此类系统的安全性。我们提出了一个综合威胁模型，该模型描述了16个易受攻击的点，可以在设计新的生物识别应用程序时用作参考模型。我们提供了现有威胁模型和提议威胁模型之间的比较。本文指出了每个易受攻击位置的所有可能的攻击，并提出了可能的缓解方法来阻止此类攻击尝试。我们调查了对此类系统的攻击，提出了威胁模型，并将其分为八类，同时指定了与每一类相关的风险因素。