‘Red Teaming’ approach to biometric spoof attack detection testing discussed by BixeLab
A workshop held by BixeLab presents an alternative to ISO standards-based biometric system testing focussed on defeating spoof attacks, but also taking into account various aspects of performance.
Dr. Ted Dunstone and Stewart Pope spoke about ‘Red Teaming’ in biometrics and how to test various forms biometrics takes in an effective, useful and standardized way.
Dunstone noted near the beginning of the workshop that the ‘Bixe’ part of the lab’s name stands for ‘biometrics identity experience evaluation.’ The lab is now NIST accredited for biometrics, after receiving the first approval for any testing lab in the Southern hemisphere in April.
Dunstone went on to explain red teaming, which is an attack or series of attacks by an independent challenge group, analogous to penetration testing in cybersecurity. There are many factors in biometric risk, he notes, such as human factors, management and IT elements. Dunstone described a biometric risk management process, and the interplay of accuracy, vulnerability (such as to presentation attacks), and quality (such as of the comparison image) that composes it.
Pope then discussed the ISO/IEC 30107 PAD standard and its limitations. In some cases, he says, modification of the test methodology is necessary for effective testing of biometric spoof detection systems.
He then explained BixeLab’s Level R testing methodology, which goes beyond ISO-based tests to include ‘Level C species’ artefacts, workflow exploitation, matching accuracy, quality variables and external security factors. Red teaming is an adversarial approach with critical thinking, Pope says, which often goes beyond the core biometric elements. “It may be exploiting different steps of the workflow through a presentation attack or quality variation,” he explains.
Red teaming can still produce standard metrics (like APCER), but also “unique and customized outcome metrics.”
The security assessment can include combinations of attack strategies, or different strategies including partial artificial presentation and non-conformant human presentation (which results in poor image quality). Subtle differences in attacks methodologies, such as in the creation of artefacts (different papers in paper masks) or preparation effort (how a mask is held) can make a major difference in PAD system effectiveness, according to Pope.
One example of this is that passing a hand in front of photograph can defeat some systems using blinking for liveness; knowing that information impacts the results of PAD testing.
The ISO/IEC 30107 PAD standard does not include environmental variables, but BixeLab has found they have a substantial impact on spoof success. System bias can also impact presentation attack performance, and Red Teaming often delves into non-biometric areas, such as document forgery.
The Red Teaming approach can allow clients to carry out an analysis of the trade-off between risk and cost, and can inform ongoing product maintenance, Pope states.
A demonstration followed by Somya Singh, but is not included in the recording for security purposes.
The key takeaway is that by combining different attack strategies, such as presenting an overexposed image with a concave curve, may spoof the system even though neither approach is effective on its own.
The workshop also touched on data privacy protections used by BixeLab, and its other testing services.
During the third quarter of 2021, BixeLab is planning to launch what Dunstone says will be the first formal PAD evaluation of a speaker verification system, and publish a white paper on governance in biometric systems.