How Can This Biometric Be Spoofed?2

Previous page
Table of content
Next page
 <  Day Day Up  >  

How Can This Biometric Be Spoofed? [2]

[2] This section is based on the work from C'T ( www.heise.de/ct/english/02/11/114/ ), Nov. 2002, p. 114.

As discussed in the opening of this chapter, even humans can be fooled into thinking they recognize a face when they do not. If this is the case, it is believable and predictable that a face biometric system could be fooled as well. While it is generally accepted that face biometrics do not provide the same level of FAR as other biometrics, face biometrics offer other very attractive attributes. It is accepted by most people that we readily use our face for recognition every day. As such, face biometrics are widely accepted. Face biometrics can also operate with a relatively low-cost imaging device. These positive qualities make face biometrics attractive.

Face biometrics are like any other biometric: susceptible to some level of spoofing. What follows is a discussion of face biometric spoofing.

Attacks on a face biometric system fall into the following categories:

  • Attacking the physical face

  • Using artifacts

  • Attacking communications (see Chapter 5)

  • Compromising the template (see Chapter 5)

  • Attacking the fallback system (see Chapter 5)

Attacking the Physical Face

Face biometrics are passive. That is, a biometric sample can be taken from you without your knowledge or consent . Just think of the number of pictures of you that you know about. The number of pictures you know about is likely quite high. While the majority were probably taken with your knowledge, with you posing for the picture, others were taken without your realizing it. What about pictures in which you just appear in the background? What about the picture taken by the surveillance camera at your bank? What about the camera at the tollbooth for catching drivers who run the toll? Now, imagine that someone wanted to get your picture. How hard would it be? All that person needs to do is wait for you outside your house, place of work, favorite restaurant, or a shopping center. There is no real way to know for sure that your image has not been captured. It is this very thing that makes the face biometric ripe for spoofing.

Once a facial image is captured, how it is spoofed to the system is dependent on what facial characteristics are required to acquire the image. What follows are some of the methods by which a clandestinely acquired face can be presented:

  • A two-dimensional image ” This is normally a photograph or an enlargement that is presented to a facial scanner. This method generally works for systems that do not use active eye recognition or depth perception for face acquisition. Active eye recognition uses the reflective nature of the pupil to identify the location of the eyes and, in turn , the other macro facial features. Depth perception is normally accomplished through the adjusting of the camera's focal length to focus on macro features that are at different depths. Though this is in general a good method, it can be fooled by moving the facial image closer and farther away from the camera until the image is captured.

  • A two-dimensional image with eye cutouts ” This is good for scanners that require the acquisition of the face from the pupil location. The spoofer takes the victim's face and cuts out the pupil area for the pupils to show through. The image and face behind are presented to the scanner until an image is captured. This type of attack can be mitigated to a certain degree by the requirement of the face to show movement. This would be hard to duplicate with a two-dimensional, flat image.

  • Replay of captured video ” This is generally done through the clandestine gathering of video footage showing the face of the intended victim. The video is then edited and enhanced to show the victim's facial features and associated movement. This can also be done through the use of a series of stills played back in a looping video stream. This works since most facial capture devices rely on individual frames for detection, when processing a video stream. This is done to reduce the needs for increased processing and possibly specialized hardware. The video can be played back to the camera on some small video screen, like a laptop or handheld DVD player. With the advent of higher-definition video data recorders , this type of attack becomes more practical because of the increase in video quality and the reduced cost of such devices.

Mitigating this attack

While not every attack is foolproof, many are very close to always compromising the system. As pointed out above, some of the attempted compromises have relatively easy countermeasures. Once a countermeasure is introduced, the spoofer can take it to the next level. What is required to defeat this type of spoofing is a holistic approach, which uses the best of all the anti-spoofing techniques.

In the above attacks, the spoofed image could be either moved or imaged in such a way to make it fool the system. What all the spoofing methods had in common was that the spoofed image needed to be recorded. That is, it needed to be a static presentation. Whether those static presentations took the form of a two-dimensional image or a loop of video, taken as a whole, they were all static.

What is needed to trick the spoofer is a dynamic measure of the face. Some have suggested using actions such as the blinking of the eyes or the movement of the face with breathing . These are all good starts, but with a little thought and ingenuity, these could be compensated for. What is really required is an indeterminate challenge and response method. The challenge and response method used would depend on the algorithm's ability to utilize a facial feature for recognition. Thus, the user could be asked to blink his/her eyes a certain number of times, or in a particular pattern. The user could be asked to turn his/her head in a particular direction, or change the shape of the mouth. These types of challenge and response methods would require the spoofer to create a spoofed model of the victim with such a high level of detail that it becomes prohibitively expensive or complex.

Using Artifacts

Since face biometrics are passive and do not require the user to actively submit to measurement, there is no physical contact between the user and the scanner. This means that the artifacts left by facial scanning are different from the type left by fingerprints . Facial artifacts are normally in the form of image files that were used by the system during capture. As such, they could provide a wealth of knowledge and data for replay attacks against a biometric system. It should be sufficient with proper programming not to leave these types of files behind. Even if they are erased, they can be recovered and then their contents could be used unless they are overwritten.

Mitigating this attack

To mitigate this attack, do not use a physical file for the video stream or, if needed, encrypt it using ( ideally ) PKI. This way, only the process can read the contents and the secret used for encrypting is not shared or embedded in the application itself.

 <  Day Day Up  >  

Previous page
Table of content
Next page
Biometrics for Network Security
Biometrics for Network Security (Prentice Hall Series in Computer Networking and Distributed)
ISBN: 0131015494
EAN: 2147483647
Year: 2003
Pages: 123
Authors: Paul Reid
BUY ON AMAZON
ADO.NET 3.5 Cookbook (Cookbooks (OReilly))
Agile Project Management: Creating Innovative Products (2nd Edition)
Lotus Notes Developers Toolbox: Tips for Rapid and Successful Deployment
GO! with Microsoft Office 2003 Brief (2nd Edition)
Special Edition Using FileMaker 8
User Interfaces in C#: Windows Forms and Custom Controls
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy