With the number of biometric identification initiatives growing in number – and now being implemented into our mobile devices – the European Union (EU) has ponied up funding for a biometrics research project that is examining, amongst other things, the spoofing phenomenon.
Supported by EU research and investment, the TABULA RASA consortium has been tasked with identifying how well the new generation of biometrics software works, especially as it relates to the growing number of spoofing attacks.
Spoofing is the process by which a fraudulent user can subvert or attack a biometric system by pretending to be another, registered user. The danger with spoofing techniques it that they can often be carried out using everyday materials such as make up, photographs or voice recordings.
Biometric systems have grown in popularity in recent years, and for good reason as its one of the most efficient security solutions available today. Vulnerabilities remain, however, as the number of attacks on biometrics systems remains constant.
The TABULA RASA consortium is comprised of 12 different organizations, spanning seven countries that have worked together over the past three years to uncover as many of these vulnerabilities as possible and develop countermeasures en route to a new era of safer biometric systems.
As part of TABULA RASA’s research, the consortium hosted a “Spoofing Challenge,” which invited researchers from around the globe to develop their best schemes to deceive various biometric systems. Participants of the challenge displayed that the number of spoofing techniques is not only vast, but creative as well.
One of the more innovative spoofing techniques displayed during this challenge used make up to spoof a 2D facial recognition system – where an impostor successfully tricked the system into thinking it was a legitimate user. Also on display were the more traditional techniques that leverage photographs, masks or fake fingerprints, or gummy fingers, that some may recognize the latter from the recent hack of the iPhone’s Touch ID.
While the number and variety of spoofing techniques may be troubling, the work being done by TABULA RASA is vital nonetheless, and is uncovering valuable information that will only help bolster biometrics in the future.
“As well as more secure devices and information, the improved software will offer quicker log-ins to IT equipment and faster more accurate border control and passport verification,” says Sebastien Marcel, coordinator of the TABULA RASA project. “We believe that many different organizations will be interested in our research including technology companies, post offices, banks, manufacturers of mobile devices or online service providers.”
The EU has invested some €4.4 million in the TABULA RASA project, which accompanies the €1.6 million investment made by the Consortium itself, to carry out the extensive biometrics research and testing. It may be money well spent as the TABULA RASA research project has logged an extensive list of possible spoofing attacks, evaluated the vulnerability of biometric systems to these attacks and developed countermeasures to improve security of biometric systems.