digest
Trusted Biometrics under Spoofing Attacks BY SÉBASTIEN MARCEL
This article will help you to understand the potential vulnerabilities of biometric systems to spoofing and the need for the development of countermeasures.
I
dentity management for persons using biometrics has become a reality mainly because of the biometric passport (e-passport) but also because of the presence of more and more biometric-enabled applications for personal computers such as fingerprint (ThinkPad T42, Toshiba E105_S1602, HP dv6500t) or face (Lenovo VeriFace, Asus SmartLogon, Toshiba Face Recognition) login application. Although, the market of
identity management using biometrics is dominated by some key players (Safran Moprho, L-1 Identity Solutions or Cognitec) focusing mainly on high security applications (Business-to-Business market), new exploitation routes (Businessto-Consumer market) are currently explored by Small and Medium-sized enterprises (KeyLemon, Visidon, Mobbeel, BioID, Biometry) focusing on computer login, universal login for social net-
Figure 1. Vulnerabilities of biometric systems
4
Extra 11/2012
Trusted Biometrics under Spoofing Attacks
works or cloud computing solutions. However, these routes are also explored by innovative companies, as demonstrated by the recent acquisition of face recognition companies: the acquisition of Face.com by Facebook in 2012, the acquisition of PolarRose by Apple in 2010 and the acquisition of NevenVision, PittPatt, and Viewdle by Google respectively in 2006, 2011 and 2012. This market of identity management using biometrics is thus growing rapidly. Unfortunately, it has been shown recently that conventional biometric techniques, such as fingerprint or face recognition, are vulnerable to attacks. These attacks have been already identified in the scientific literature and are depicted in Figure 1.
Vulnerabilities of Biometric Systems
Two types of attacks are broadly considered: direct attacks and indirect attacks. Direct attacks are performed at the sensor level (referred as 1 in Figure 1) outside the digital limits of the system. Therefore, no digital protection mechanisms can be used. In a direct attack, also called spoofing, a person tries to masquerade as another one by falsifying data and gaining an illegitimate advantage. Indirect attacks are performed inside the system and are due to intruders, such as cyber-criminal hackers, by bypassing the feature extractor or the matcher (referred to as 3 and 5 in Figure 1), by manipulating the templates in the database (referred to as 6 in Figure 1), or by exploiting the possible weak points in the communication channels (referred to as 2, 4, 7 and 8 in Figure 1).
Spoofing
These attacks are a major problem for companies willing to market identity management solutions based on biometric technologies. This is particularly true for direct attacks. Indeed, indirect attacks require advanced programming skills but direct attacks don't require any of those skills. Consequently, the potential number of attackers increases dramatically. As a matter of fact, it has been shown that biometric systems based on fingerprint and face are vulnerable to direct attacks. In their famous paper entitled Impact of Artificial Gummy Fingers on Fingerprint Systems, Matsumoto et al provided recipes for making an artificial finger from a live finger and a residual fingerprint. He demonstrated the vulnerabilities of several fingerprint devices. This spoofing attack has been studied extensively and has also been pointed out by the European project FIDIS (Future of Identity in the Information Society) in its deliverable D6.1 Forensic Implications of Identity Management Sys-
www.hakin9.org/en
tems and, more precisely, section 5.5 page 45. In the same deliverable, the FIDIS project have shown methods for iris spoofing, hand geometry spoofing and hand vascular spoofing. However, no countermeasures to these spoofing attacks have been proposed. The Security and Vulnerability Research Team of the University of Hanoi (Vietnam) presented a study [4] at the Black Hat 2009, the world's premier technical security conference. This paper explained that a simple photo attack (Figure 2) can fool the face authentication system provided in Lenovo, Asus and Toshiba laptops. This vulnerability is now listed in the National Vulnerability Database of the National Institute of Standards and Technology (NIST) in the US.
Countermeasures
Overall, there is a need for efficient and reliable solutions for detecting and circumventing spoofing attacks. The typical countermeasure to a spoofing attack is liveness detection that aims at detecting physiological signs of life. This can be done in four different ways: (1) with available sensors to detect in the signal a pattern characteristic of liveness/ spoofing, (2) with dedicated sensors to detect an evidence of liveness, which is not always possible to deploy, (3) with a challenge-response method where a spoofing attack can be detected by asking the user to interact with the system, or (4) with recognition methods intrinsically robust against attacks if any. Another possible countermeasure is multi-modal biometrics. Indeed, voice recognition for instance could be performed jointly to face recognition and would be more robust to an attack on the video stream. Similarly, gait, face and iris recognition could be performed jointly. Additionally, it has been
Figure 2. A example of photo attack
5
digest
shown recently in pioneering work that emerging biometrics such as gait, vein or electro-physiological signals (Electroencephalography – EEG or Electrocardiography – ECG) are potentially very difficult or impossible to spoof. Recently, the Idiap research institute (www. idiap.ch) organized an International competition on countermeasures to spoofing attacks in face recognition organized in conjunction to the International Joint Conference on Biometrics in 2011. The research institute released, REPLAYATTACK (www.idiap.ch/dataset/replayattack), a public face spoofing database targeting to challenge the most advanced spoofing counter-measures. This database contains diverse spoofing attacks (printed photos, displayed photos on a mobile phone or a tablet, replayed videos on a mobile phone or a tablet), but it also provides a unique evaluation protocol to measure the vulnerability of a face recognition system in addition to the accuracy of countermeasures. Using this database, it has been shown that simple photo attacks can be easily detected but that replayed videos are more challenging. Despite the progress of research in the development of countermeasures, new ways to forge spoofing attacks can emerge anytime. For in-
stance, 3D printing technologies allow to replicate realistic mask from pictures or 3D scans. As a matter of fact, it is currently possible to order from the website That’s My Face (www.thatsmyface.com), custom life or wearable masks (Figure 3) by uploading a frontal and a profile picture of someones face. However, studies would need to be performed to evaluate the vulnerability of 2D or 3D face recognition systems to these masks.
A Case Study on Spoofing 2D Face Recognition
Spoofing a face recognition system is particularly easy to perform: all that is needed is a simple photograph of the user. In [4] it was shown how to successfully spoof a laptop authentication system using only a printed photograph. Later, one
Figure 4. Examples of attacks publicly available at https:// www.idiap.ch/dataset/replayattack
Figure 3. A custom life mask ordered on the Internet
6
Figure 5. Distribution of the matching scores of a 2D face recognition system. In blue: the matching scores of genuine persons (real accesses). In pink: the matching scores of zeroeffort impostors (not spoofing). In grey: the matching scores of spoofing attacks from the REPLAY database
Extra 11/2012
Trusted Biometrics under Spoofing Attacks
References
[1] A. Anjos and S. Marcel, Counter-measures to photo attacks in face recognition: a public database and a baseline, IEEE IAPR International Joint Conference on Biometrics (IJCB), 2011. [2] I. Chingovska, A. Anjos, and S. Marcel, On the effectiveness of local binary patterns in face anti-spoofing, IEEE International Conference of the Biometrics Special Interest Group (BIOSIG), 2012. [3] A. Anjos, L. El Shafey, R. Wallace, M. Günther, C. McCool, and S. Marcel, Bob: a free signal processing and machine learning toolbox for researchers, In ACM Multimedia 2012 International Conference, 2012. [4] N. M. Duc and B. Q. Minh, Your face is not your password, Black Hat Conference, 2009.
of the first experimental study [1] using a rigorous methodology was carried out. It measured the vulnerability of a 2D face recognition algorithm to printed photograph. This work has been recently extended [2] to replayed photos and videos on an electronic screen (both a mobile phone and a famous tablet) and the captured attacks have been made available publicly (Figure 4) for research purposes. This study measured the vulnerability of these more elaborated attacks and proposed a set of countermeasures. From a detailed analysis of the matching scores (Figure 5) it was measured that more than 82% of the attacks pass the considered face recognition system [2]. It validates the attacks in REPLAY-ATTACK database as valuable for further investigation of countermeasures. The study then investigated the potential of texture analysis as a countermeasure to detect a spoofing attack. It has been shown that texture analysis could be used to detect approximately 83% of the spoofing attacks but in this case would reject approximately 17% of real accesses. Obviously, these results are valid only on the REPLAY-ATTACK face spoofing database, and it is unknown yet how these results could generalize on different face recognition algorithms or different face spoofing attacks. Hence, future The research project TABULA RASA funded by the European Commission under the Framework Program Seven (FP7) is focused on spoofing. The goal of this project is to research, develop, evaluate and transfer antispoofing solutions. TABULA RASA started by analyzing the vulnerabilities of existing systems, and then developed appropriate countermeasures. This is solely possible by designing and collecting databases for the analysis of spoofing attacks as well as a basis for establishing the success of countermeasures to these attacks. As a direct outcome of the project, the level of security of existing biometric systems will be increased, and any findings from TABULA RASA will provide an input to standards so essential in widespread adoption. http://www.tabularasa-euproject.org
www.hakin9.org/en
work is much needed in spoofing to understand better vulnerabilities, and in anti-spoofing to develop better and more generic countermeasures. This will be achieved by sharing knowledge and data to allow replicable research. As a matter of fact the above mentioned studies [1,2] allow replicable research by using publicly available data and open source code based on the free signal processing and machine learning library BOB [3] (https://www.idiap.ch/software/bob).
Sébastien Marcel
Sébastien Marcel (http://www.idiap.ch/~marcel) received the Ph.D. degree in signal processing from Université de Rennes I in France (2000) at CNET, the research center of France Telecom (now Orange Labs). He is currently interested in pattern recognition and machine learning with a focus on multimodal biometric person recognition. He is a senior research scientist at the Idiap Research Institute (CH), where he leads a research team and conducts research on face recognition, speaker recognition and spoofing attacks detection. In 2010, he was appointed Visiting Associate Professor at the University of Cagliari (IT) where he taught a series of lectures in face recognition. He serves on the Program Committee of several scientific journals and international conferences in pattern recognition and computer vision. Sébastien Marcel is the principal investigator of international research projects including MOBIO (EU FP7 Mobile Biometry), TABULA RASA (EU FP7 Trusted Biometrics under Spoofing Attacks) and BEAT (EU FP7 Biometrics Evaluation and Testing).
7
op on o c s e h t t e G 013! 2 t in o P e r a Sh
Register Early and SAVE!
The Best ! g n i n i a r T t n i o P e r a Sh Choose from over 90 Classes & Workshops! Check out these NEW ! classes, taught by the industry’s best experts!
How to Install SharePoint 2013 Without Screwing It Up Todd Klindt and Shane Young
Creating Simple Dashboards Using Out-of-the-Box Web Parts Jennifer Mason
What IS SharePoint Development? Mark Rackley
Integrating SharePoint 2010 and Visual Studio Lightswitch Rob Windsor
SharePoint Performance: Best Practices from the Field Jason Himmelstein Creating a Great User Experience in SharePoint Marc Anderson Ten Best SharePoint Features You’ve Never Used Christian Buckley Understanding and Implementing Governance for SharePoint 2010 Bill English Building Apps for SharePoint 2013 Andrew Connell SharePoint Solutions with SPServices Marc Anderson
Check out more than 55 exhibiting companies! A BZ Media Event
Follow us: twitter.com/SPTechCon SPTechCon™ is a trademark of BZ Media LLC. SharePoint® is a registered trademark of Microsoft.
Lists: Used, Abused and Underappreciated Wes Preston Planning and Configuring Extranets in SharePoint 2010 Geoff Varosky
Solving Enterprise Search Challenges with SharePoint 2010 Matthew McDermott Getting Stuff Done! Managing Tasks with SharePoint Designer Workflows Chris Beckett SharePoint 2013 Upgrade Planning for the End User: What You Need to Know Richard Harbridge Ten Non-SharePoint Technical Issues That Can Doom Your Implementation Robert Bogue SharePoint MoneyBall: The Art of Winning the SharePoint Metrics Game Susan Hanley Intro to Branding SharePoint 2010 in the Farm and Online Randy Drisgill and John Ross How to Best Develop Requirements for SharePoint Projects Dux Raymond Sy
Lots more online!
www.sptechcon.com
[ GEEKED AT BIRTH. ]
[ IT'S IN YOUR PULSE. ] LEARN: Advancing Computer Science Artificial Life Programming Digital Media Digital Video Enterprise Software Development Game Art and Animation Game Design Game Programming Human-Computer Interaction Network Engineering
Network Security Open Source Technologies Robotics and Embedded Systems Serious Game and Simulation Strategic Technology Development Technology Forensics Technology Product Design Technology Studies Virtual Modeling and Design Web and Social Media Technologies
You can talk the talk. Can you walk the walk?
www.uat.edu > 877.UAT.GEEK PLEASE SEE WWW.UAT.EDU/FASTFACTS FOR THE LATEST INFORMATION ABOUT DEGREE PROGRAM PERFORMANCE, PLACEMENT AND COSTS.