Biometrics Institute offers biometric attack detection and liveness guidance
The Biometrics Institute has released a best practices document outlining presentation attack detection (PAD) and liveness in spoofing attacks. The independent organization looked into potential questions and guidelines for users to bear in mind when choosing a biometric product, but also came up with risk mitigation recommendations to contain an incident.
“Spoofing attacks pose a high security risk for those involved with biometric technology operations, so mitigating the risk and understanding presentation attack detection better is a priority for our members and stakeholders,” explains Isabelle Moeller, the Biometrics Institute’s chief executive.
The guidance document explains that cybercriminals can steal biometric data to create spoofs or fakes. Hackers can then use a printed photo, an image or video of someone on a tablet, or even a 3D mask or fake silicone fingerprint for large-scale attacks on biometric systems. This type of attack is known as a presentation attack.
Liveness detection, on the other hand, is a subset of PAD, determining whether the sensor is capturing a live biometric.
PAD testing is increasingly popular for biometric companies to demonstrate the security of their offerings, with several recently undergoing testing by iBeta.The report is the result of a joint partnership between the Biometrics Institute Security and Integrity Expert Group (BSIEG), and is based on feedback from a wide-ranging group of security and authentication experts.
Ted Dunstone, head of the BSIEG says, “When it comes to good practice in biometrics, testing for vulnerabilities and accuracy, alongside privacy and IT security, are key areas for review. Seriously considering the risk of a presentation attack and devising appropriate countermeasures is highly recommended.”
Biometrics Institute is an international promoter of the responsible and ethical use of biometrics and has repeatedly warned law enforcement about biometrics misuse if good practices are not followed. Earlier this year, the organization launched updated Privacy Guidelines to include GDPR and AI developments and received endorsement from Yoti for its seven ethical principles for biometrics.