Observed Biometric Attack Patterns Tend Towards Digital Injection
|
NEWS
|
The need for an apt online method of verification is growing. Driven by the aftermath of COVID-19, the market for enabling citizen service technologies to be remotely, and securely, accessed has grown. The means by which this secure access is granted is often through the partnership of biometric developers and identity system integrators that deliver secure and biometric-backed verification within a government app or portal, usually via a citizen’s mobile device. Despite offering high levels of assurance, often in a multi-factor approach or through multiple modes of biometrics in partnership with identity credential data, adversaries will continue to develop attack mechanisms in order to profit from fraudulent activities. Digital injection attacks are on the rise as the method which causes the greatest difficulty for vendors in the current market.
Deepfakes and Replays are More Sophisticated and Scalable Than Presentation Attacks
|
IMPACT
|
With respect to threats to biometric verification, three attack types can be defined:
- Impersonation Attacks: This is a case of simply a different person than that who owns the identity attempting to verify themselves as the legitimate person. This case is largely unproblematic given the appropriate biometric engine is employed for face matching, where the impersonation attempt is rejected.
- Presentation Attacks: These involve the physical presentation of an artifact, for instance a mask, of the legitimate citizen to the camera in attempt to spoof verification. For this attack methodology, liveness detection, which differentiates a ‘real’ human being to a static object, largely mitigates the threat.
- Digital Injection Attacks: A much more sophisticated attack type than the previous described, this attack represents more of a problem to biometric developers and identity integrators. These involve feeding data streams directly to the sensor of the device capturing the biometrics during verification.
Digital injection attacks feed deepfakes or replays of the legitimate citizen into the verification process. Due to the accuracy of a replay of the correct person, and the very high levels of likeness achieved in digitally generated ‘deepfakes’, liveness detection does not detect the attack and reject the fraudulent attempt. Moreover, due to the scalability of the attack not requiring a physical person with the presentation prop as well as being purely digital, the volume of attacks of this type able to be carried out can be far greater. Digital injection attacks, due to their increased sophistication and scalability, are becoming increasingly popular. Detected cases are exceeding other attack types greatly, creating a need for vendors to adapt solutions to maintain security in light of new threats is highlighted.
A Dynamic Approach to Monitoring Threats, and Reacting Accordingly, is Key
|
RECOMMENDATIONS
|
Biometric vendors must remain reactive to developments in attack types in order to ensure the necessary level of trust in their solution remains. For this to occur, attacks and threats must be monitored as closely as possible to enable the vendors solution to be developed to counter new methodologies that are being observed.
With respect to digital injection attacks, iProov’s Flashmark technology represents an innovative solution. Flashmark uses a structured illumination of colors from the smartphone’s screen during the facial capture to enable genuine presence assurance; deepfakes and replays will not see these illuminations captured within the verification and, as such, are rejected. This sort of development comes as a result of active monitoring and evaluation of threats, and Research and Development of solutions in accordance with what is observed. Agile responses to the dynamic and ever-changing methods of adversaries to find weaknesses within systems is of key importance to vendors. Their solution must have a high verification success rate to be trusted and implemented by governments. Reactivity to threats which could weaken their solution are vital, enabling success rates to be maintained despite attacker developments.