October 22, 2013 -
The TABULA RASA consortium has just launched with EU funding, and aims to address issues of spoofing attacks on biometric systems.
According to the group, the EU has invested more than US$6 million (€4.4 million) in the project, which consists of 12 different organizations across seven countries. This capital was used alongside a US$2.2 million (€1.6 million) investment by the Consortium to carry out research and testing.
The consortium has been working for more than three years now to research spoofing vulnerabilities and to develop countermeasures for biometric systems.
In the course of its research, TABULA RASA hosted a “Spoofing Challenge,” which invited researchers from around the world to develop attack plans and to attempt to deceive various biometric systems. Participants showed that there are many different and creative ways to attack the systems. The most innovative attack proposed during this challenge used make-up to spoof a 2D face recognition system and succeeded in being recognised as the victim. Other contestants used well-known attacks such as photographs, masks or fake fingerprints (“gummy fingers”) to successfully spoof the systems.
“Many of us keep personal and confidential information on our smartphones and tablets, so we need to have confidence that we can fully rely on these biometric tools,” Neelie Kroes, European Commission Vice President said. “The European Commission is pleased with TABULA RASA’s success so far. No other research group has achieved such advanced results in biometrics to date.”
According to the group, The TABULA RASA research project has made an extensive list of possible spoofing attacks, evaluated the vulnerability of biometric systems to such attacks, and developed countermeasures that for instance detect signs of liveness and improve the security of typical biometric systems. TABULA RASA has already transferred five of these countermeasures to companies.
The consortium is led by the Idiap Research Institute and also involves the University of Southampton, University of Cagliari, University of Oulu, Universidad Autonoma de Madrid, EURECOM, Morpho, Starlab Barcelona, the Chinese Academy of Sciences, KeyLemon, BIOMETRY and the Centre for Science, Society and Citizenship.
The kryptonite of biometric systems, spoofing attacks are a major concern in the industry. Reported previously, mere days after Apple released its iPhone 5S, German hacker collective, Chaos Computer Club spoofed the phone’s Touch ID fingerprint sensor with a fake finger made from everyday items.
Shortly after the Chaos Computer Club hack, the Biometrics Institute also began a campaign for widespread adoption of spoof detection technology.
“It would have been impossible to conduct such large scale research and to collaborate with so many EU partners without the investment from the European Union. As well as more secure devices and information, the improved software will offer quicker log-ins to IT equipment and faster more accurate border control and passport verification,” Sébastien Marcel, Coordinator of the TABULA RASA project said. “We believe that many different organisations will be interested in our research including technology companies, post offices, banks, manufacturers of mobile devices or online service providers.”