Biometric ID security insights in the wake of deepfakes: MOSIP Connect Day 2

Industry experts from iProov, Simprints and BixeLab have emphasized the importance of clean data collection during biometric enrollment and the deployment of liveness detection tools as some of the ways of tackling emerging security threats faced by digital ID systems these days.
The speakers shared their expertise and experiences in the second of a two-part discussion dubbed “Securing biometrics: liveness detection, fraud management, and uniqueness in diverse demographics.” This was one of the several presentations and panel discussions that marked the second day of the MOSIP Connect event in Addis Ababa.
The panelists included Toby Norman, CEO of Simprints and one of his collaborators, Chris Royce (Director of Engineering); Ted Dunstone, CEO of BixeLab; and Malcolm Sloan, head of Product Growth and Innovation at iProov.
Acknowledging the increasing rise of threats such as deepfakes brought about by generative AI, Sloan said technology providers must have a strategy that’s continuously evolving. “This means that solutions that were good a few years ago, are now probably out of date.” iProov highlighted the growing nature of digital attacks enabled by generative AI in its latest threat intelligence report.
Restating the point during the exchange, Sloan noted that different forms of threat to digital ID, including injection attacks, have dramatically increased in the last year, posing significant risks to vulnerable or insufficiently protected ID systems.
Agreeing with Sloan about the worrying increase in synthetic identities, Dunstone said it’s important to have the right kind of cybersecurity architecture in order to ensure that “the biometrics you are seeing is actually from the person who claims to have them.”
To plug possibilities of any vulnerability, Dunstone posits that since biometrics management involves risks, such risks need to be managed holistically, insisting on the importance of liveness detection technology deployment and compliance testing for biometric products, which BixeLab, a NIST-certified biometric testing company, provides.
While Norman suggests that one of the starting points on ensuring biometric security is getting enrollment right and getting the right deduplication system in place, Royce cites the need for multi-biometric system deployment, adding that it is “important to understand the demographics you are working with, the kind of biometric modality and the purpose for which it is used.”
Morman corroborates this point saying “it is equally important to test the solution to be deployed, and the data should be collected from different demographic profiles.”
For those planning to procure biometric systems for their ID systems, Sloan tells them: “When buying biometric systems, we have to ask if it’s the right system for purpose.” Industry players, he added, also need to stay at speed with the advancements in biometric attacks and also strengthen industry collaboration in order to squarely face the threats of generative AI which have increased attacks.
The first part to this discussion was a presentation by Santhosh Narayanan of the Alarn Turing Institute, a UK data science and AI institute.
Narayanan explained some of the emerging threats against biometric attacks, ways through which ID systems can be protected from such attacks, as well as methods that go beyond just biometrics, to detect identity fraud.
Another panel discussion on a related topic, drawing experts from liveness detection providers Tech5 and Identy, and voice biometrics firm Kaizen Voiz examined emerging modalities and advancements in biometric technologies. Vivek Kumar of Kaizen Voiz made the case for voice biometrics, arguing it’s one of the most secure and less costly biometric modalities.
Necessity for digital credential verification, wallet adoption
In the meantime, an earlier keynote presentation by Pramod Varma of the Centre for Digital Public Infrastructure in India was among a couple of related presentations and discussions which explored the importance of digital credential verification as one of the ways of fostering a trusted future for digital identity.
In his keynote, Varma shared with delegates the advantages of digital credential verification over paper-based ID verification. Digital credential verification cuts costs, enhances trusts and keeps the user in firm control of their data, he said, noting that “credentialling is decentralized by design.”
He also spoke about what can be done to empower users to digitally share their documents in order to have access to services and what to do in order to unlock the possibility of scaling verifiable credentials.
In the same vein, Brian Behlendofr of the Open Wallet Foundation, an open-source project, delivered a presentation in plenary in which he highlighted their efforts in pushing for the global adoption of open, secure and interoperable digital wallets. He also gave tips on building a successful open collaboration ecosystem that facilitates the free exchange of data, code and innovation. He mentioned their collaboration with MOSIP and other ecosystem partners.
In the course of the day, discussions in other sessions related to digital wallets had country experiences on use cases for credentials, perspectives on wallet adoption, and unlocking strategies for establishing and fostering the adoption of trusted wallets and ecosystems.
Like Day 1, the second day of MOSIP Connect unfolded with two “solution discovery” sessions where delegates had the time to visit exhibition booths to find out about the wide range of product and service offerings being showcased by MOSIP partners.
Article Topics
biometrics | BixeLab | digital identity | Identy | iProov | Kaizen Secure Voiz | MOSIP (Modular Open Source Identity Platform) | MOSIP Connect 2024 | SimPrints | TECH5
Comments