Spoofing threatens biometrics security

Spoofing is something that biometric security providers dread. While we enjoy spoofs on television, this is no laughing matter when biometric security is concerned.

There is a constant war between companies that provides biometric security systems and spoofers or those who want to break them. While computers have hackers, biometric systems have spoofers. And spoofing attacks are becoming more common and sophisticated as biometric systems are becoming sophisticated.

Biometrics is the means to uniquely identify humans, base on their biological characteristics such as fingerprints, facial recognition, and voice recognition. These are traditional biometrics. Emerging biometrics takes on other sources such as heartbeat and gait. Among these types of biometrics, traditional biometrics is more susceptible to spoofing.

Fingerprint recognition system can be spoofed with artificial “gummy” fingers simply made from gelatin. Using a photograph can fool facial recognition system. Voice recognition can be spoofed using high-pitched noises that computer recognized as human voice.

Recently, the European Commission funded a project called “Tabula Rasa.” It was $US 7.7 million project, involving 12 industry and academic partners. The project title “Tabula Rasa” was chosen by Sebastian Marcel, the project coordinator, and it literally means “clean slate.”

Marcel said, Tabula Rasa had two goals: “To be able to check if biometrics are vulnerable to spoofing attacks, and then to decide what countermeasures can be put in place.”

He pointed out that one measure to decrease vulnerability of traditional biometrics like facial recognition systems is by not relying simply on one source but include information coming from other sources such “eye movement to help differentiate between a picture and the real person, and then reflection and texture to block any vulnerability to video played on an iPhone or iPad.”

Giles Florey, co-founder and CEO of KeyLemon, and a project participant commented: “While we didn’t wait for the project to find a way to pick up movement like eye blinking in our software, it is nonetheless helping us to optimize existing technologies we have and make them more robust. It is also helping us look at vulnerabilities of technologies that are coming out in the future.”

However, as in many cases, the project does face challenges, such as determine what data is secret and how to handle privacy laws that vary from country to country, which has implications for data sharing.

Do you think the “Tabula Rasa” project can help enhance biometric technology to reduce spoofing?

Article Topics

biometrics  |  data protection  |  privacy  |  spoofing