Evaluation of presentation attack detection under the context of common criteria

Mención Internacional en el título de doctorTHE USE OF Biometrics keeps growing. Every day, we use biometric recognition to unlock our phones or to have access to places such as the gym or the office, so we rely on what security manufacturers offer when protecting our privileges and private life. Moreover, an error in a biometric system can mean that a person can have access to an unintended property, critical infrastructure or cross a border. Thus, there is a growing interest on ensuring that biometric systems work correctly on two fronts: our personal information (smartphones, personal computers) and national security (borders, critical infrastructures). Given that nowadays we store increasing sensitive data on our mobile devices (documents, photos, bank accounts, etc.), it is crucial to know how secure the protection of the phone really is. Most new smartphones include an embedded fingerprint sensor due to its improved comfort, speed and, as manufacturers claim, security. In the last decades, many studies and tests have shown that it is possible to steal a person’s fingerprint and reproduce it, with the intention of impersonating them. This has become a bigger problem as the adoption of fingerprint sensor cell phones have become mainstream. For the case of border control and critical infrastructures, biometric recognition eases the task of person identification and black-list checking. Although the performance rates for verification and identification have dropped in the last decades, protection against vulnerabilities is still under heavy development. There have been cases in the past where fake fingers have been used to surpass the security of such entities. The first necessary step for overcoming these issues is to have a common ground for performing security evaluations. This way, different systems’ abilities to detect and reject fake fingerprints can be measured and compared against each other. This is achieved by standardization and the corresponding certification of biometric systems. The new software and hardware presentation attack detection techniques shall undergo tests that follow such standards. The aim of this Thesis is two-fold: evaluating commercial fingerprint biometric systems against presentation attacks (fake fingers) and developing a new presentation attack detection method for overcoming these attacks. Moreover, through this process, several contributions were proposed and accepted in international ISO standards. On the first matter, a few questions are meant to be answered: it is well known that it is possible to hack a smartphone using fake fingers made of Play-Doh and other easy-to-obtain materials but, to what extent? Is this true for all users or only for specialists with deep knowledge on Biometrics? Does it matter who the person doing the attack is, or are all attackers the same when they have the same base knowledge? Are smartphone fingerprint sensors as reliable as desktop sensors? What is the easiest way of stealing a fingerprint from someone? To answer these, five experiments were performed on several desktop and smartphone fingerprint readers, including many different attackers and fingerprint readers. As a general result, all smartphone capture devices could be successfully hacked by inexperienced people with no background in Biometrics. All of the evaluations followed the pertinent standards, ISO/IEC 30107 Parts 3 and 4 and Common Criteria and an analysis of the attack potential was carried out. Moreover, the knowledge gathered during this process served to make methodological contributions to the above-mentioned standards. Once some expertise had been gathered on attacking fingerprint sensors, it was decided to develop a new method to detect fake fingerprints. The aim was to find a low-cost and efficient system to solve this issue. As a result, a new optical system was used to capture fingerprints and classify them into real or fake samples. The system was tested by performing an evaluation using 5 different fake finger materials, obtaining much lower error rates than those reported in the state of the art at the moment this Thesis was written. The contributions of this Thesis include: • • Improvements on the presentation attack detection evaluation methodology. • • Contributions to ISO/IEC 30107 - Biometric presentation attack detection - Part 3: Testing and reporting and Part 4: Profile for evaluation of mobile devices. • • Presentation attack detection evaluations on commercial desktop and smartphone fingerprint sensors following ISO/IEC 30107-3 and 4. • • A new low-cost and efficient optical presentation attack detection mechanism and an evaluation on the said system.EL USO DE la Biometría está en constante crecimiento. Cada día, utilizamos reconocimiento biométrico para desbloquear nuestros teléfonos o para tener acceso a lugares como el gimnasio o la oficina, por lo que confiamos en lo que los fabricantes ofrecen para proteger nuestros privilegios y nuestra vida privada. Además, un error en un sistema biométrico puede significar que una persona pueda tener acceso a una propiedad no debida, a una infraestructura crítica o a cruzar una frontera. Por lo tanto, existe un interés creciente en asegurar que los sistemas biométricos funcionen correctamente en dos frentes: nuestra información personal (teléfonos inteligentes, ordenadores personales) y la seguridad nacional (fronteras, infraestructuras críticas). Dado que hoy en día almacenamos cada vez más datos sensibles en nuestros dispositivos móviles (documentos, fotos, cuentas bancarias, etc.), es crucial saber cómo de segura es realmente la protección del teléfono. La mayoría de los nuevos teléfonos inteligentes incluyen un sensor de huellas dactilares integrado debido a su mayor comodidad, velocidad y, como afirman los fabricantes, seguridad. En las últimas décadas, muchos estudios y pruebas han demostrado que es posible robar la huella dactilar de una persona y reproducirla, con la intención de hacerse pasar por ella. Esto se ha convertido en un problema mayor a medida que la adopción de los teléfonos celulares con sensor de huellas dactilares se ha ido generalizando. En el caso del control fronterizo y de las infraestructuras críticas, el reconocimiento biométrico facilita la tarea de identificación de las personas y la comprobación de listas negras. Aunque las tasas de rendimiento en materia de verificación e identificación han disminuido en las últimas décadas, la protección antifraude todavía está bajo intenso desarrollo. Existen casos en los que se han utilizado dedos falsos para vulnerar la seguridad de dichas entidades. El primer paso necesario para superar estos problemas es contar con una base común desde la que realizar evaluaciones de seguridad. De esta manera, se pueden medir y comparar las capacidades de los diferentes sistemas para detectar y rechazar huellas dactilares falsas. Esto se consigue mediante la estandarización y la correspondiente certificación de los sistemas biométricos. Las nuevas técnicas de detección de ataques de presentación de software y hardware deben someterse a pruebas que se ajusten a dichas normas. Esta Tesis tiene dos objetivos: evaluar los sistemas biométricos de huellas dactilares comerciales contra ataques de presentación (dedos falsos) y desarrollar un nuevo método de detección de ataques de presentación para disminuir la eficacia de estos ataques. Además, a través de este proceso, se propusieron y aceptaron varias contribuciones en las normas internacionales ISO. Sobre el primer asunto, hay que responder algunas preguntas: es bien sabido que es posible hackear un teléfono inteligente con dedos falsos hechos de Play-Doh y otros materiales fáciles de obtener, pero ¿hasta qué punto? ¿Es esto cierto para todos los usuarios o sólo para los especialistas con un profundo conocimiento de la Biometría? ¿Importa quién es la persona que realiza el ataque, o todos los atacantes son iguales cuando parte de la misma base de conocimiento? ¿Son los sensores de huellas dactilares de los teléfonos inteligentes tan fiables como los de sobremesa? ¿Cuál es la manera más fácil de robar una huella digital a alguien? Para responder estas preguntas, se realizaron cinco experimentos en varios lectores de huellas dactilares de escritorio y de teléfonos inteligentes, incluyendo muchos atacantes y lectores de huellas dactilares diferentes. Como resultado general, todos los dispositivos de captura pudieron ser hackeados con éxito por personas sin experiencia en Biometría. Todas las evaluaciones siguieron las normas pertinentes, ISO/IEC 30107 Partes 3 y 4 y Common Criteria y se llevó a cabo un análisis del potencial de ataque. Además, los conocimientos adquiridos durante este proceso sirvieron para aportar una contribución metodológica a las normas mencionadas. Una vez adquiridos algunos conocimientos sobre ataques a sensores de huellas dactilares, se decidió desarrollar un nuevo método para detectar huellas falsas. El objetivo era encontrar un sistema de bajo coste y eficiente para resolver este problema. Como resultado, se utilizó un nuevo sistema óptico para capturar las huellas dactilares y clasificarlas en muestras reales o falsas. El sistema se probó mediante la realización de una evaluación utilizando 5 materiales de dedos falsos diferentes, obteniendo tasas de error mucho más bajas que las reportadas en el estado del arte en el momento de redactar esta Tesis. Las contribuciones de esta Tesis incluyen: • • Mejoras en la metodología de evaluación de detección de ataques de presentación. • • Contribuciones a “ISO/IEC 30107 - Biometric presentation attack detection - Part 3: Testing and reporting” y “Part 4: Profile for evaluation of mobile devices”. • • Evaluaciones de detección de ataques de presentación en sensores de huellas dactilares comerciales de escritorio y de teléfonos inteligentes siguiendo la norma ISO/IEC 30107-3 y 4. • • Un nuevo y eficiente mecanismo óptico de detección de ataques de presentación, de bajo coste, y una evaluación de dicho sistema.Programa de Doctorado en Ingeniería Eléctrica, Electrónica y Automática por la Universidad Carlos III de MadridPresidente: Enrique Cabello Pardos.- Secretario: Almudena Lindoso Muñoz.- Vocal: Patrizio Campis

On Generative Adversarial Network Based Synthetic Iris Presentation Attack And Its Detection

Human iris is considered a reliable and accurate modality for biometric recognition due to its unique texture information. Reliability and accuracy of iris biometric modality have prompted its large-scale deployment for critical applications such as border control and national identification projects. The extensive growth of iris recognition systems has raised apprehensions about the susceptibility of these systems to various presentation attacks. In this thesis, a novel iris presentation attack using deep learning based synthetically generated iris images is presented. Utilizing the generative capability of deep convolutional generative adversarial networks and iris quality metrics, a new framework, named as iDCGAN is proposed for creating realistic appearing synthetic iris images. In-depth analysis is performed using quality score distributions of real and synthetically generated iris images to understand the effectiveness of the proposed approach. We also demonstrate that synthetically generated iris images can be used to attack existing iris recognition systems. As synthetically generated iris images can be effectively deployed in iris presentation attacks, it is important to develop accurate iris presentation attack detection algorithms which can distinguish such synthetic iris images from real iris images. For this purpose, a novel structural and textural feature-based iris presentation attack detection framework (DESIST) is proposed. The key emphasis of DESIST is on developing a unified framework for detecting a medley of iris presentation attacks, including synthetic iris. Experimental evaluations showcase the efficacy of the proposed DESIST framework in detecting synthetic iris presentation attacks

Fingerprint recognition with embedded presentation attacks detection: are we ready?

The diffusion of fingerprint verification systems for security applications makes it urgent to investigate the embedding of software-based presentation attack detection algorithms (PAD) into such systems. Companies and institutions need to know whether such integration would make the system more “secure” and whether the technology available is ready, and, if so, at what operational working conditions. Despite significant improvements, especially by adopting deep learning approaches to fingerprint PAD, current research did not state much about their effectiveness when embedded in fingerprint verification systems. We believe that the lack of works is explained by the lack of instruments to investigate the problem, that is, modeling the cause-effect relationships when two non-zero error-free systems work together. Accordingly, this paper explores the fusion of PAD into verification systems by proposing a novel investigation instrument: a performance simulator based on the probabilistic modeling of the relationships among the Receiver Operating Characteristics (ROC) of the two individual systems when PAD and verification stages are implemented sequentially. As a matter of fact, this is the most straightforward, flexible, and widespread approach. We carry out simulations on the PAD algorithms’ ROCs submitted to the most recent editions of LivDet (2017-2019), the state-of-the-art NIST Bozorth3, and the top-level Veryfinger 12 matchers. Reported experiments explore significant scenarios to get the conditions under which fingerprint matching with embedded PAD can improve, rather than degrade, the overall personal verification performance

Vulnerability assessment in the use of biometrics in unsupervised environments

Mención Internacional en el título de doctorIn the last few decades, we have witnessed a large-scale deployment of biometric systems in different life applications replacing the traditional recognition methods such as passwords and tokens. We approached a time where we use biometric systems in our daily life. On a personal scale, the authentication to our electronic devices (smartphones, tablets, laptops, etc.) utilizes biometric characteristics to provide access permission. Moreover, we access our bank accounts, perform various types of payments and transactions using the biometric sensors integrated into our devices. On the other hand, different organizations, companies, and institutions use biometric-based solutions for access control. On the national scale, police authorities and border control measures use biometric recognition devices for individual identification and verification purposes. Therefore, biometric systems are relied upon to provide a secured recognition where only the genuine user can be recognized as being himself. Moreover, the biometric system should ensure that an individual cannot be identified as someone else. In the literature, there are a surprising number of experiments that show the possibility of stealing someone’s biometric characteristics and use it to create an artificial biometric trait that can be used by an attacker to claim the identity of the genuine user. There were also real cases of people who successfully fooled the biometric recognition system in airports and smartphones [1]–[3]. That urges the necessity to investigate the potential threats and propose countermeasures that ensure high levels of security and user convenience. Consequently, performing security evaluations is vital to identify: (1) the security flaws in biometric systems, (2) the possible threats that may target the defined flaws, and (3) measurements that describe the technical competence of the biometric system security. Identifying the system vulnerabilities leads to proposing adequate security solutions that assist in achieving higher integrity. This thesis aims to investigate the vulnerability of fingerprint modality to presentation attacks in unsupervised environments, then implement mechanisms to detect those attacks and avoid the misuse of the system. To achieve these objectives, the thesis is carried out in the following three phases. In the first phase, the generic biometric system scheme is studied by analyzing the vulnerable points with special attention to the vulnerability to presentation attacks. The study reviews the literature in presentation attack and the corresponding solutions, i.e. presentation attack detection mechanisms, for six biometric modalities: fingerprint, face, iris, vascular, handwritten signature, and voice. Moreover, it provides a new taxonomy for presentation attack detection mechanisms. The proposed taxonomy helps to comprehend the issue of presentation attacks and how the literature tried to address it. The taxonomy represents a starting point to initialize new investigations that propose novel presentation attack detection mechanisms. In the second phase, an evaluation methodology is developed from two sources: (1) the ISO/IEC 30107 standard, and (2) the Common Evaluation Methodology by the Common Criteria. The developed methodology characterizes two main aspects of the presentation attack detection mechanism: (1) the resistance of the mechanism to presentation attacks, and (2) the corresponding threat of the studied attack. The first part is conducted by showing the mechanism's technical capabilities and how it influences the security and ease-of-use of the biometric system. The second part is done by performing a vulnerability assessment considering all the factors that affect the attack potential. Finally, a data collection is carried out, including 7128 fingerprint videos of bona fide and attack presentation. The data is collected using two sensing technologies, two presentation scenarios, and considering seven attack species. The database is used to develop dynamic presentation attack detection mechanisms that exploit the fingerprint spatio-temporal features. In the final phase, a set of novel presentation attack detection mechanisms is developed exploiting the dynamic features caused by the natural fingerprint phenomena such as perspiration and elasticity. The evaluation results show an efficient capability to detect attacks where, in some configurations, the mechanisms are capable of eliminating some attack species and mitigating the rest of the species while keeping the user convenience at a high level.En las últimas décadas, hemos asistido a un despliegue a gran escala de los sistemas biométricos en diferentes aplicaciones de la vida cotidiana, sustituyendo a los métodos de reconocimiento tradicionales, como las contraseñas y los tokens. Actualmente los sistemas biométricos ya forman parte de nuestra vida cotidiana: es habitual emplear estos sistemas para que nos proporcionen acceso a nuestros dispositivos electrónicos (teléfonos inteligentes, tabletas, ordenadores portátiles, etc.) usando nuestras características biométricas. Además, accedemos a nuestras cuentas bancarias, realizamos diversos tipos de pagos y transacciones utilizando los sensores biométricos integrados en nuestros dispositivos. Por otra parte, diferentes organizaciones, empresas e instituciones utilizan soluciones basadas en la biometría para el control de acceso. A escala nacional, las autoridades policiales y de control fronterizo utilizan dispositivos de reconocimiento biométrico con fines de identificación y verificación individual. Por lo tanto, en todas estas aplicaciones se confía en que los sistemas biométricos proporcionen un reconocimiento seguro en el que solo el usuario genuino pueda ser reconocido como tal. Además, el sistema biométrico debe garantizar que un individuo no pueda ser identificado como otra persona. En el estado del arte, hay un número sorprendente de experimentos que muestran la posibilidad de robar las características biométricas de alguien, y utilizarlas para crear un rasgo biométrico artificial que puede ser utilizado por un atacante con el fin de reclamar la identidad del usuario genuino. También se han dado casos reales de personas que lograron engañar al sistema de reconocimiento biométrico en aeropuertos y teléfonos inteligentes [1]–[3]. Esto hace que sea necesario investigar estas posibles amenazas y proponer contramedidas que garanticen altos niveles de seguridad y comodidad para el usuario. En consecuencia, es vital la realización de evaluaciones de seguridad para identificar (1) los fallos de seguridad de los sistemas biométricos, (2) las posibles amenazas que pueden explotar estos fallos, y (3) las medidas que aumentan la seguridad del sistema biométrico reduciendo estas amenazas. La identificación de las vulnerabilidades del sistema lleva a proponer soluciones de seguridad adecuadas que ayuden a conseguir una mayor integridad. Esta tesis tiene como objetivo investigar la vulnerabilidad en los sistemas de modalidad de huella dactilar a los ataques de presentación en entornos no supervisados, para luego implementar mecanismos que permitan detectar dichos ataques y evitar el mal uso del sistema. Para lograr estos objetivos, la tesis se desarrolla en las siguientes tres fases. En la primera fase, se estudia el esquema del sistema biométrico genérico analizando sus puntos vulnerables con especial atención a los ataques de presentación. El estudio revisa la literatura sobre ataques de presentación y las soluciones correspondientes, es decir, los mecanismos de detección de ataques de presentación, para seis modalidades biométricas: huella dactilar, rostro, iris, vascular, firma manuscrita y voz. Además, se proporciona una nueva taxonomía para los mecanismos de detección de ataques de presentación. La taxonomía propuesta ayuda a comprender el problema de los ataques de presentación y la forma en que la literatura ha tratado de abordarlo. Esta taxonomía presenta un punto de partida para iniciar nuevas investigaciones que propongan novedosos mecanismos de detección de ataques de presentación. En la segunda fase, se desarrolla una metodología de evaluación a partir de dos fuentes: (1) la norma ISO/IEC 30107, y (2) Common Evaluation Methodology por el Common Criteria. La metodología desarrollada considera dos aspectos importantes del mecanismo de detección de ataques de presentación (1) la resistencia del mecanismo a los ataques de presentación, y (2) la correspondiente amenaza del ataque estudiado. Para el primer punto, se han de señalar las capacidades técnicas del mecanismo y cómo influyen en la seguridad y la facilidad de uso del sistema biométrico. Para el segundo aspecto se debe llevar a cabo una evaluación de la vulnerabilidad, teniendo en cuenta todos los factores que afectan al potencial de ataque. Por último, siguiendo esta metodología, se lleva a cabo una recogida de datos que incluye 7128 vídeos de huellas dactilares genuinas y de presentación de ataques. Los datos se recogen utilizando dos tecnologías de sensor, dos escenarios de presentación y considerando siete tipos de instrumentos de ataque. La base de datos se utiliza para desarrollar y evaluar mecanismos dinámicos de detección de ataques de presentación que explotan las características espacio-temporales de las huellas dactilares. En la fase final, se desarrolla un conjunto de mecanismos novedosos de detección de ataques de presentación que explotan las características dinámicas causadas por los fenómenos naturales de las huellas dactilares, como la transpiración y la elasticidad. Los resultados de la evaluación muestran una capacidad eficiente de detección de ataques en la que, en algunas configuraciones, los mecanismos son capaces de eliminar completamente algunos tipos de instrumentos de ataque y mitigar el resto de los tipos manteniendo la comodidad del usuario en un nivel alto.Programa de Doctorado en Ingeniería Eléctrica, Electrónica y Automática por la Universidad Carlos III de MadridPresidente: Cristina Conde Vila.- Secretario: Mariano López García.- Vocal: Farzin Derav

Fusion of fingerprint presentation attacks detection and matching: a real approach from the LivDet perspective

The liveness detection ability is explicitly required for current personal verification systems in many security applications. As a matter of fact, the project of any biometric verification system cannot ignore the vulnerability to spoofing or presentation attacks (PAs), which must be addressed by effective countermeasures from the beginning of the design process. However, despite significant improvements, especially by adopting deep learning approaches to fingerprint Presentation Attack Detectors (PADs), current research did not state much about their effectiveness when embedded in fingerprint verification systems. We believe that the lack of works is explained by the lack of instruments to investigate the problem, that is, modelling the cause-effect relationships when two systems (spoof detection and matching) with non-zero error rates are integrated. To solve this lack of investigations in the literature, we present in this PhD thesis a novel performance simulation model based on the probabilistic relationships between the Receiver Operating Characteristics (ROC) of the two systems when implemented sequentially. As a matter of fact, this is the most straightforward, flexible, and widespread approach. We carry out simulations on the PAD algorithms’ ROCs submitted to the editions of LivDet 2017-2019, the NIST Bozorth3, and the top-level VeriFinger 12.0 matchers. With the help of this simulator, the overall system performance can be predicted before actual implementation, thus simplifying the process of setting the best trade-off among error rates. In the second part of this thesis, we exploit this model to define a practical evaluation criterion to assess whether operational points of the PAD exist that do not alter the expected or previous performance given by the verification system alone. Experimental simulations coupled with the theoretical expectations confirm that this trade-off allows a complete view of the sequential embedding potentials worthy of being extended to other integration approaches

Bio : A Mulrimodal biometric authentication system for person identification and verification

Not availabl

Device fingerprinting identification and authentication: A two-fold use in multi-factor access control schemes

Network security has always had an issue with secure authentication and identification. In the current mixed device network of today, the number of nodes on a network has expanded but these nodes are often unmanaged from a network security perspective. The solution proposed requires a paradigm shift, a recognition of what has already happened, identity is for sale across the internet. That identity is the users’ network ID, their behavior, and even their behavior in using the networks. Secondly a majority of the devices on the Internet have been fingerprinted. Use of device fingerprinting can help secure a network if properly understood and properly executed. The research into this area suggests a solution. Which is the use of device fingerprints including clock skews to identify the devices and a dual- authentication process targeted at authenticating the device and the user. Not only authenticating the identity presented but also combining them into a unified entity so failure to authenticate part of the entity means the whole is denied access to the network and its resources