Inspection and Sanitization Guidance for the Wavelet Scalar Quantization (WSQ) Biometric Image Format

Abstract: The purpose of this document is to provide guidance for the development of a sanitization and analysis software tool for Wavelet Scalar Quantization (WSQ) biometric files. WSQ is a compression algorithm formally defined in the Criminal Justice Information Services (CJIS), WSQ GRAY-SCALE Fingerprint Image Compression Specification, IAFIS-IC-0110(V3). This document also refers to WSQ as a file type, since the data representing the entire image defined in is also commonly stored within a file. This document analyzes various elements and objects that are contained within the WSQ file structure and then discusses the data hiding, data attack, and data disclosure risks. It describes how those elements can be a cause for concern for either hiding sensitive data or possibly attempting to exploit a system.

Date Published:

Last Reviewed: 11 December 2017

Identifier: U/OO/234029-17

Dissemination Control: N/A

Length: 39 page(s)

Format: pdf

Type: Reference/Overview; Report

Tags: National Security Agency - NSA; Cyber; Guidance; Exploitation; Vulnerability; Data