This research investigates a new form of attack which poses a potential threat to biometrically-enhanced security mechanisms. Such attacks are "generative" in nature: the attacker works from a model for mimicking an aspect of human behavior and, through direct or indirect knowledge of the targeted user's biometrics, adapts the model to generate attempted reproductions of the user's input. In this context, two types of security mechanisms are studied: biometric authentication, where the user's biometric features are measured by a nonbypassable reference monitor and compared to a stored template; and password hardening, where the user's password and biometric features measured during the entry of the password are combined into a secret key (the "hardened" password) that should be irreproducible even to an attacker with full access to the device and software which create the key. Generative models for handwriting serve as an enabling input to evaluate schemes for performing handwritten password verification and for creating hardened passwords from handwriting. The size of the attacker's search space is quantified assuming that various categories of information have been gleaned (or captured) from the targeted user, as well as employing demographic statistics. Speech synthesis for targeting a specific user's voice is also studied in these same contexts. To the extent possible, techniques are identified for improving password hardening to withstand such attacks.
