ISO biometric injection attack detection standard on the way

An international standard for biometric injection attack detection is now in development by the International Organization for Standardization. As usual for ISO standards, FaceTec VP of Global Standards Andrew Hughes tells Biometric Update in an interview, it is expected to take three years to be completed. Hughes is also the secretary of the Kantara Initiative’s board of directors, and sits on the ISO committee established to tackle injection attacks, which represents its own novelty in biometrics standards development.

Injection attacks against biometric systems have taken the place of presentation attacks in the threat ecosystem as the headline-grabbing danger to online interactions, in large part due to their association with deepfakes. Injection attacks are the delivery mechanism for the sophisticated video deepfakes capable of fooling human observers, and in some cases, automated identity verification and proofing systems.

Presentation attacks, meanwhile, have graduated to the status of a popular everyday attack vector, with a well-established ISO standard and an evolving ecosystem of supplemental standards, test labs and commercial solutions for presentation attack detection (PAD).

Injection attacks are different, in that they involve both a biometrics aspect and a cybersecurity aspect. This led ISO to convene a joint working group (JWG), drawing on expertise from sub-committees 27 (information security) and 37 (biometrics), Hughes explains, and leading to “fascinating” discussions starting in the preliminary meeting about how to bridge the approaches each takes.

The project was officially taken up by ISO following voting by committee members, which closed on December 25. That kicked off the biometric data injection attack detection standard, ISO/IEC 25456, with the CEN/TS 18099 standard, published last year by the EU’s standards body, as its starter document.

The standard’s official working title is “NP 25456, Information technology — Biometrics — Biometric data injection attack detection.”

The JWG 7 was formed “because of the special nature of injection,” Hughes says, though the joint group will also look for other standards that require the same combination of expertise.

“The information security mindset and approach differs from the biometric security mindset and approach,” he explains. “On the biometrics side, it’s all about statistical analysis of large-scale evaluations. How likely is it that you can do a presentation attack on this system, or this algorithm, or whatever. On the IT side, it’s ‘did I get in or not?’ Yes/no.”

The project formally begins in March and will follow the regular structure required by ISO. It will hold three meetings over the remainder of the year, and four in 2026, taking advantage of the offset schedules of the two sub-committees it is drawn from. Additional online meetings will be held on an as-needed basis, “So the structure of the joint committee will allow accelerated progress.”

Despite the complexity, Hughes is optimistic about the project and says that by the end of the year the committee will have a solid direction on what the standard will cover.

It is expected that the standard will define injection attack instruments and include a test plan for evaluating injection attack detection systems.

While ISO aims for publication as the frame of reference, Hughes says the injection attack standard should reach the stable draft stage by January of next year, at which point “you can start prototyping off it.”

Article Topics

biometric liveness detection  |  biometrics  |  CEN/TS 18099  |  cybersecurity  |  deepfakes  |  FaceTec  |  injection attack detection  |  ISO NP 25456  |  ISO standards  |  standards