Better policy, not just innovation, will protect against biometric morph attacks

Researchers in academia and the biometrics industry are producing innovations which can help address the threat that facial morphing attacks pose to border control systems. But attendees of the iMARS workshop last week heard that better policies and greater awareness of those tools and the problem itself are just as important.

Renee Ong of the Dutch National Office for Identity Data moderated a panel discussion during the workshop featuring Vision-Box Head of Research Joao Ferreira, Johannes Merkle of secunet and Ricardo Neisse of Frontex. The panel discussion on “What’s next? Challenges, changes & opportunities ahead” capped the workshop on “Combatting ID Fraud: New Tools for Image Manipulation Detection,” which also included in-depth examinations of the latest developments in morphing attack detection (MAD) and a preview of the EES pre-enrollment app, which was presented by Neisse.

Vision-Box participated in iMARS work packages 5 (analysis on vulnerability), 7 (morphing tools), 8 and 9 (solutions to detect morphs) and 12 (evaluating the impact of the morphing attack detection solutions), Ferreira says.

Secunet worked on morphing attack defense with Germany’s BSI prior to its involvement in iMARS, and Merkle was involved with the supervisory board performing a review of work package 5.

Neisse noted that despite his role with Frontex, he learned about innovations during the iMARS event that he was previously unaware of, highlighting the importance of connecting system operators and regulators with the businesses and researchers introducing new biometrics and border control tools.

The panelists agreed that the security against forgeries and morphing that is applied to passports should also be applied to other identity documents, which would help make sure false information does not make its way onto passports via weaknesses in other ID issuance systems.

Merkle suggests that moving away from printed photos to include biometric identity verification at the time of enrollment would help. It will also enable differential morphing attack detection (DMAD) downstream.

Neisse argues that error rates for morph detection which appear too high may be sufficiently helpful to border guards when applied in combination with other risk assessment signals. Merkle also reiterated Christophe Busch’s point from earlier in the event about the importance of ensuring image quality, and the clear policy improvement that some countries could make in this regard.

Ong pointed out the new passport standard set by ICAO includes a field for image quality which could help make decisions by border guards better informed. This might not be trusted, however, Neisse pointed out, as Frontex discovered while building the EES app that even EU member states are hesitant to trust its assessment.

The HIEC image file format was raised by an audience member as a possible way to provide higher-quality images for facial photos used in biometric checks. As long as the enrollment is still secured, Ferreira believes this could help, and be adopted as soon as enough national authorities are convinced to make the switch.

Training and awareness can also help, and Frontex has been building up resources on morph detection, in addition to the intensive training sessions it holds.

In the closing moments of the panel discussion Merkle noted that most of the methods for biometric morphing attack detection described in iMARS work packages 8 and 9 are novel. The way forward, he argues, is a combination of the truly novel with improvements and combinations of techniques which have been proven effective.

Article Topics

biometrics  |  biometrics research  |  border security  |  face biometrics  |  face morphing  |  Frontex  |  iMARS  |  morphing attack  |  secunet  |  Vision-Box