FB pixel

CLR Labs compares biometric spoof evaluations, urges attention to injection attacks

CLR Labs compares biometric spoof evaluations, urges attention to injection attacks

Biometric data injection attacks are increasingly associated with deepfakes, as attackers use camera emulators to spoof remote identity proofing systems with fake selfies. The problem goes beyond deepfakes, however, CLR Labs argues in a new white paper.

Independent laboratory CLR Labs, which has locations in France and Belgium, points out that injection attacks can also be used to mount attacks based on digital falsified ID documents, and urges the industry to seriously consider the full scope of the attack type.

“Digital Identities, Digital Wallets, Remote Identity Proofing. A not yet well understood vulnerability: Biometric Data Injection Attack” is a seven-page white paper by CLR Labs. It begins by reviewing the increased use of biometric for remote KYC checks for a range of important and sensitive services. Regulators have responded with new anti-money laundering and other rules. Governments have accelerated their work on digital wallets in part to make remote services easier to access, but this also gives attackers another way to carry out identity fraud.

Fraud attacks have already been carried out with Louisiana’s mobile driver’s license.

While presentation attacks are the most well-known type of attack against a biometric system, IBM identified nine different attack paths that could be used against biometric systems all the way back in 2001, CLR Labs point out. This is why, despite the wide recognition of the importance of presentation attack detection, ANSSI has noted PAD alone is not enough to ensure the required level of security.

The paper continues with an explanation of injection attacks, and the ways they use attack instruments other than deepfakes.

A chart is provided that compares the testing regimes of the FIDO Alliance, international payment schemes, ANSSI’s PVID certification and other biometrics evaluation labs, as well as CLRs own services. The PVID referential evaluation includes testing for falsified ID document detection, unlike the others, and only that and CLR Labs testing includes injection attack detection testing, according to the chart.

CLR Labs touts its testing to the ETSI TS 119 461 technical specification. ETSI TS 119 461 was established in 2021 to set the rules for identity proofing to trust services and qualified electronic signatures.

“The next challenge,” the white paper says, “will be to find a legal framework to authorize independent laboratories to test the security of the ID document authenticity check components of remote identity verification solutions.”

Article Topics

 |   |   |   |   |   |   |   |   | 

Latest Biometrics News


U.S. academic institutions get biometric upgrades with new partnerships

A press release says ROC (formerly Rank One Computing), which provides U.S.-made biometrics and computer vision for military, law enforcement…


Smart Bangladesh 2041: Balancing ambition with reality

Bangladesh aims to be a “Smart” nation by 2041 as the country goes through a drastic transformation founded on digital identity…


Nigeria’s NIMC introducing one multi-purpose digital ID card, not three

The National Identity Management Commission of Nigeria (NIMC) has clarified that only one new digital ID card with multiple functions…


Age assurance tech is ready now, and international standards are on their way

The Global Age Assurance Standards Summit has wrapped up, culminating in a set of assertions, a seven-point call-to-action and four…


NIST finds biometric age estimation effective in first benchmark, coming soon

The U.S. National Institute of Standards and Technology presented a preview of its assessment of facial age estimation with selfie…


Maryland bill on police use of facial recognition is ‘strongest law in the nation’

Maryland has passed one of the more stringent laws governing the use of facial recognition technology by law enforcement in…


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read From This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events