SSupported by cloud hosting provider DigitalOcean – Try DigitalOcean now and receive a $200 when you create a new account!

Swiss Center For Biometrics Research And Testing Aims To Eliminate The Problems In Biometric Security

Listen to this article

Swiss Center for Biometrics Research and Testing at the Idiap Research Institute combines the outcomes of 3 research projects (MOBIO, TABULA RASA and BEAT) to create the structure for collaboration between active researchers and industry partners with the goal of conducting quality research, training researchers and engineers, testing and advancing biometric security technologies. Below is our interview with Sebastien Marcel, the director at Swiss Center for Biometrics Research and Testing:

Sebastien Marcel

Q: Could you provide our readers with a brief introduction to your work?

A: First we develop algorithms and methods to improve the accuracy of biometric recognition irrespectively from the application: authentication or identification.

For instance we aim to reduce the impact of pose and illumination in face recognition, we also explore deep learning for voice recognition or novel biometrics such as finger-vein or wrist-wein for wearable sensor applications. We also work on soft-biometrics which is about using biometrics not for identity recognition but for another purpose such as gender recognition, age estimation or heart-beat estimation for instance. Finally we develop algorithms and methods to improve the security of biometrics. It can be addressed by protecting the stored biometric data (ie. biometric template protection) to guard against indirect attacks (if the protected biometric data is stolen it should be irreversible, unlinkable and renewable) and by protecting against direct attacks (often called spoofing) performed by presenting a fake biometrics (ie. gummy finger, 3D mask, voice playback, …).

We work for several years on presentation attack detection (PAD), often called anti-spoofing or liveness detection, to protect biometrics against these direct attacks.

This is a kind of arms race similar to virus and anti-virus. The topic is very exciting since the initial work is generally to demonstrate the vulnerability of a biometric system to spoofing.

As a matter of fact we demonstrated the vulnerability of face recognition to photo display, video replay and 3D rigid masks, of voice recognition to replay of synthesised speech and of vein recognition to a paper-based attack.

idiap MaskRecommended: Biveo Helps Small Businesses Produce An Effective Marketing Video

Q: What do you see as most important issues facing biometrics security today?

A: In my opinion the most important issue is identity spoofing or more exactly presentation attacks (cf. ISO/IEC 30107-1:2016) which is the type of direct attack I mention earlier.

It is relatively easy for anyone, even without advanced computer skills, to create a fake biometric from a biometric sample that could have been stolen (ie. in 2015 about 5 million fingerprints from US government employees where stolen) or can be observed (ie. face images in media or social networks). As a matter of fact research and government agencies are taking this problem very seriously. In 2010 and 2012 Europe funded two research projects, respectively TABULA RASA and BEAT to study presentation attacks, to develop counter-measures and to propose an evaluation framework. Our institute, Idiap, was the principal investigator behind these projects.

In 2015 the Swiss State of Valais sponsored Idiap to establish the Swiss Center for Biometrics Research and Testing and support our activities on the topic.

Finally, the Intelligence Advanced Research Projects Activity (IARPA) launched in 2016 a multi-million program called ODIN to address the problem of biometric presentation attacks, hence recognising this as a important issue to be addressed to ensure the security of biometric systems.

Biometrics_ImageRecommended: GUI Test Automation Squish Tool Suite Delivers Reliable And Proven Solutions For Test Automation

Q: More generally, how do you see the biometric technologies developing?

A: First I strongly believe that biometrics is here to stay as it brings a solution to many problems in cyber-security, border control, mobile banking, identity management, workforce and retail management, health and Forensics.

From a user perspective, I think that biometric technologies will develop along the use of mobile and wearable devices. These are sensing devices able to capture physiological data (face, finger, voice, iris) but also behavioural data (gyroscope, accelerometer, connectivity, …) that can be used for convenient biometric recognition.

From a security perspective, I think that biometric technologies will become more secure by incorporating biometric template protection and presentation attack detection. However, the society will need independent organisations to perform testing and certification of biometric products.

From a scientific perspective, there is still a lot to be done. Presentation attack detection currently lacks generalisation to unseen attacks. Some biometrics need attention, for instance vein biometrics has some advantages (difficulty to steal vein biometrics) but its accuracy is still unclear and under debate. Also novel biometrics can emerge due the development of new sensing technologies or to the use of digital traces on the Internet (ie. behaviour on social media, …). Finally biometric ageing is not completely understood as there is a lack of longitudinal databases on the topic.

idiap mechanicsRecommended: More E-retailers Offering “Prime-Like” Shopping Experience With ReadyReturns

Q: You’ve recently announced a new a training program; tell us something more?

A: That’s correct.

The Distance University Switzerland and the Idiap Research Institute propose a 100% online continuing education program on Biometrics & Privacy. This program delivers a 12 ECTS Certificate of Advanced Studies (CAS).

The goal of this CAS Biometrics & Privacy is to teach concepts and technologies in the area of Biometrics and Privacy and provide students with a full understanding of data protection, privacy preservation, compliance with privacy regulations and potential privacy losses. The CAS Biometrics & Privacy is particularly intended for:

• private individuals
• employees of companies and institutions dealing with private data (HR, marketing, trade union, members, etc.)
• data protection officers
• business executives or owners
• IT Managers
• assessors
• archivists

At a larger scale, this programme could be of interest to every person dealing with private data (human resources, medical centres, private clubs, association, communities, etc.).

A short video teaser is available here.

Q: What are your plans for next six months?

A: We are working on a new cool way to make a presentation attack for face recognition. We believe that this attack will be very effective and possibly difficult to detect, hence giving us an exciting challenge.

We will also improve our Biometrics Evaluation and Testing web-based platform that is based an Open Science computing e-infrastructure. We will add new features such as support for GPU-computing needed by deep learning frameworks.

Finally we are conducting a couple of projects with companies related to biometrics security and testing but I can’t tell anything about it.

Activate Social Media: