Biometric PAD standards in competition against spoof attacks, not each other: Stephanie Schuckers
Presentation attack detection (PAD) technology is increasingly important in biometric systems, and increasingly implemented. The technology seems to remain the subject of more common misconceptions and confusion, however, than most others in the field.
In addition to the usual competing claims from vendors, there was imprecise terminology, and as testing to the standards has been developed, confusion about what exactly the tests confirm.
Stephanie Schuckers, Paynter-Krigman Endowed Professor in Engineering Science and Director of the Center for Identification Technology Research (CITeR) at Clarkson University, has played a key role in the development of PAD standards, and says that despite some unclear messaging, increasing industry efforts to bring attention to the issue of biometric spoof attacks is a positive development.
There are standards from ISO/IEC, as well as Android and the Common Criteria-based standard used by Germany’s Federal Office for Information Security (BSI). There are testing labs, including iBeta Quality Assurance, which is accredited for testing to the ISO standard by NIST, as well as around the world. The Idiap Research Institute, Fime and the Bank Card Testing Center (BCTC) are among others accredited for testing to various standards.
What different biometric spoof attack standards mean
The ISO/IEC 30107 PAD standard is an important step towards global recognition of the issue, Schuckers says, but confusion began to enter the market with some of the early marketing of testing for PAD standards compliance. A lack of clarity about exactly what the testing showed lead to some erroneous claims that solutions had been certified by NIST, or that certification to certain standards was even available.
The ISO standard does not say what passes or fails, and is intentionally written with enough vagueness to allow flexibility. The standard cannot possibly anticipate all possible applications and their needs, Schuckers points out. By establishing the principles of testing without specifying exactly what constitutes adequate effectiveness, the standard can be used to develop testing that takes into account new attacks, as well as the different needs of novel applications, and the evolving needs of existing ones.
The levels are not actually a part of ISO 30107. Schuckers actually pioneered the levels, along with Elaine Newton, as part of a NIST document (SOFA-B). The levels, conceived as a description of three degrees of sophistication, were then adopted by the FIDO Alliance for its standards, and a similar idea is used by iBeta, with separate testing for each.
The idea behind the table Schuckers contributed to the NIST document was to provide some structure for the emerging field to move beyond the vagueness and flexibility of the ISO standard and towards practical evaluation.
The ISO standard refers to “attack potential,” in terms of the effort and expertise they require to carry out.
“Maybe we don’t even test the highest level because it’s really expensive to do that testing and maybe only a nation-state would be implementing those kinds of attacks,” Schuckers says, as an example for testing a given PAD technology.
iBeta has issued letters for Level 1 and Level 2 spoof attacks, but though Biometric Update has seen claims of Level 3 testing by iBeta, the lab has not yet developed a Level 3 protocol. FaceTec‘s Liveness.com sets out five levels of spoof attacks, with the top two levels relating to editing decrypted 3D images and camera feed injection attacks.
The FIDO Alliance, as an international body with a specific mandate, is focused on establishing an open specification for authentication, so while drawing on the same basis, it differs from attestations like iBeta’s in that it involves a more holistic evaluation, according to Schuckers.
Creating a level playing field for biometrics vendors
“If you have standards and requirements around security and performance, then you can have certification on top of that to create a level playing field so you can trust what you’re using,” she explains.
Those specifications also include testing to ISO/IEC 19795, which means measuring biometric accuracy in the form of false acceptance rate (FAR) and false rejection rate (FRR).
“It’s an integrated test, and this is where the big difference comes in, is that it’s got all of those metrics; false accept, false reject, and PAD, and we test them all at the same time,” Schuckers says. “We bring in live subjects, and then we also do spoofs.”
This prevents vendors from simply tuning their algorithms to the test by rejecting a large number of authentication attempts.
“If you’re a customer, then it would be important for you to ask for the report, so you can see what that was and ensure they weren’t tuning to the test,” Schuckers advises.
In iBeta testing, false match and non-match rates (FMR and FNMR) are included in the test reports, but not in the letters it issues vendors, which contain attack presentation classification error rate (APCER) and bona-fide presentation classification error rate (BPCER) data.
Accreditation is about capability, but also commonality, Schuckers points out.
What Schuckers refers to as a “battle of certifications” does erupt in certain situations, but she emphasizes that the different standards and certifications are essentially working in different areas towards the same overall goal. Independent checking of spoof attack prevention claims is good.
“We want PAD out there and we want PAD independently tested,” Schuckers says of the whole biometrics industry.
Not only are the certifications and standards different from each other, but they must also evolve over time.
The future of PAD testing
Deepfakes were not even considered years ago, Schuckers notes, asking where it would fit into the levels? Once any given attack is located among the levels indicating the degree of risk or difficulty to mount an attack, the technology behind it continues to evolve and that too must be revisited.
“The attacks themselves will be swiftly changing in terms of how easy it is to mount attacks but the methodology, I think we’ve iterated through ISO standards to a pretty common thinking,” Schuckers assesses. “Because even though there are differences between FIDO and iBeta, they’re not, I would say, majorly different. They’re still following the same structure, which is based on ISO. Which is great; which is what we want.”
The work of getting vendors to agree to standards and submit to testing is only part of the mission, because of this constant evolution, and Schuckers sees both sides, adoption and evolution, continuing to advance in 2021.
“What makes testing hard is it is impossible to cover the scope of attacks that a system may have in front of it.”
This post was updated at 8:47am Eastern on January 14, 2021 to clarify that Liveness.com is associated with FaceTec.