FB pixel

CLR Labs compares biometric spoof evaluations, urges attention to injection attacks

CLR Labs compares biometric spoof evaluations, urges attention to injection attacks
 

Biometric data injection attacks are increasingly associated with deepfakes, as attackers use camera emulators to spoof remote identity proofing systems with fake selfies. The problem goes beyond deepfakes, however, CLR Labs argues in a new white paper.

Independent laboratory CLR Labs, which has locations in France and Belgium, points out that injection attacks can also be used to mount attacks based on digital falsified ID documents, and urges the industry to seriously consider the full scope of the attack type.

“Digital Identities, Digital Wallets, Remote Identity Proofing. A not yet well understood vulnerability: Biometric Data Injection Attack” is a seven-page white paper by CLR Labs. It begins by reviewing the increased use of biometric for remote KYC checks for a range of important and sensitive services. Regulators have responded with new anti-money laundering and other rules. Governments have accelerated their work on digital wallets in part to make remote services easier to access, but this also gives attackers another way to carry out identity fraud.

Fraud attacks have already been carried out with Louisiana’s mobile driver’s license.

While presentation attacks are the most well-known type of attack against a biometric system, IBM identified nine different attack paths that could be used against biometric systems all the way back in 2001, CLR Labs point out. This is why, despite the wide recognition of the importance of presentation attack detection, ANSSI has noted PAD alone is not enough to ensure the required level of security.

The paper continues with an explanation of injection attacks, and the ways they use attack instruments other than deepfakes.

A chart is provided that compares the testing regimes of the FIDO Alliance, international payment schemes, ANSSI’s PVID certification and other biometrics evaluation labs, as well as CLRs own services. The PVID referential evaluation includes testing for falsified ID document detection, unlike the others, and only that and CLR Labs testing includes injection attack detection testing, according to the chart.

CLR Labs touts its testing to the ETSI TS 119 461 technical specification. ETSI TS 119 461 was established in 2021 to set the rules for identity proofing to trust services and qualified electronic signatures.

“The next challenge,” the white paper says, “will be to find a legal framework to authorize independent laboratories to test the security of the ID document authenticity check components of remote identity verification solutions.”

Article Topics

 |   |   |   |   |   |   |   |   | 

Latest Biometrics News

 

Biometrics providers and systems evolve or get left behind

Biometrics are allowing people to prove who they are, speeding journeys through airports, and enabling anonymous online proof of age,…

 

Findynet funding development of six digital wallet solutions

Finnish public-private cooperative Findynet has announced it will award 60,000 euros (US$69,200) to six digital wallet vendors to help translate…

 

Patchwork of age check, online safety legislation grows across US

As the U.S. waits for the Supreme Court’s opinion on the Texas case of Paxton v. Free Speech Coalition, which…

 

AVPA laud findings from age assurance tech trial

The Age Verification Providers Association (AVPA), and several of its members, have welcomed the publication of preliminary findings from the…

 

Sri Lanka to launch govt API policies and guidelines

Sri Lanka’s government, in the wake of its digital economy drive, is gearing up to release application programming interface (API)…

 

Netherlands’ asylum seeker ID cards from Idemia use vertical ICAO format

The Netherlands will introduce new identity documents for asylum seekers Idemia Smart Identity, compliant with the ICAO specification for vertical…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Biometric Market Analysis

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events