Crowd-Sourced Biometric Security Testing Explained
What is a "Spoof Bounty Program"? A spoof bounty program is an incentivized public white hat security test designed to ensure that a biometric authenticator is secure in the real world, not just the Lab or the classroom. Similar to a software bug bounty program, if a tester can find a spoof that fools the system, they are rewarded with a monetary payout.online-casino.de Through this process, the vendor providing the biometric authentication software learns about potential vulnerabilities and, if one is found, can work to mitigate it. With this open-source style of testing, biometric vendors can no longer hide behind their "Request A Demo" links; their security software must be open for all to evaluate and test. This approach provides transparency and ensures that vendors can actually prove their security in the same real-world environments that their users operate in. When a non-living object that exhibits human traits (an "artifact") is presented to a camera or biometric sensor, it's called a "spoof." Photos, videos, deepfake puppets, masks, and dolls are all common examples of spoof artifacts. There are no lab tests available for Level 3 artifacts, or Level 4 & 5 Bypasses since those attack vectors are missing from the ISO 30107-3 Standard and thus all associated lab testing. Decrypt & edit the contents of a 3D FaceMap™ to contain synthetic data not collected from the session, have the Server process and respond with Liveness Success. Yes, for the most part, and in this site we will use those terms interchangeably. To add context, if a non-living artifact (photo, video, mask, etc.) fools a face authenticator, it's called a spoof. Liveness detection prevents non-living artifacts from creating or accessing accounts because a photo won't fool the AI. And, neither will a video, a copy of your driver license, passport, fingerprint, or iris. The legitimate user must be physically present to access their accounts, so there is no need to worry about keeping biometric data a "secret". Liveness detection prevents bots and bad actors from using stolen photos, deepfake videos, masks, or other spoof artifacts to create or access online accounts, ensuring only real humans can create and access accounts. Liveness checks solve some very serious problems. For example, Facebook had to delete 5.4 billion fake accounts in 2019 alone! Requiring proof of Liveness would have prevented these fakes from ever being created. Spoof bounty programs are the future of biometric security testing because no lab can possibly create or purchase all of the spoof artifacts that can be crowd-sourced from even a small spoof bounty program. Most labs test for presentation attack detection (PAD) using only five or six spoof artifacts. Test sets this small have almost no significance in the real world given that about 1-2% of sessions during account onboarding (initial new account signups) are spoofs. For example, if you had one million users, then your biometric authenticator would see 10,000-20,000 different spoof artifacts. Contrast that with the five-six from today's laboratory testing, and you can understand why it's much tougher to be secure in the real world. It is important to insist that your biometric vendor maintain a persistent spoof bounty program to ensure they are aware of and robust to any emerging threats, like deepfakes. As of today, the only biometric authentication vendor with an active, real-world spoof bounty is FaceTec. Having already rebuffed over 130,000 real-world spoof attacks, the goal of the $600,000 Spoof Bounty Program ;remains to uncover unknown vulnerabilities in the liveness AI and security scheme so they can be patched, and the anti-spoofing capabilities elevated even further. Incentivized public bypass testing for Template Tampering, Level 1-3 Presentation, Video Replay, Deepfake Injection, Virtual Camera, squirting and MIPI Adapter Attacks. Level 1 regression testing. Why Isn't iBeta PAD Testing Enough? In our opinion, the iBeta PAD tests alone do not adequately represent the real-world threats a Liveness Detection System will face from hackers. Any 3rd-party testing is better than none, but taken at face value, iBeta tests provide a false sense of security due to being incomplete, too brief, having too much variation between Vendors, and being much TOO EASY to pass. Unfortunately, iBeta allows Vendors to choose whatever devices they WANT TO USE for the test, and most choose newer devices with 8-12MP cameras. To put this in perspective, a 720p webcam is not even 1MP, and the higher the quality/resolution of the camera sensor, the easier the testing is to pass. Even though most consumers and end-users don't have access to the "pay-per-view" ISO 30107-3 Standard document, iBeta refuses to add disclaimers in their Conformance Letters to warn customers and end users that their PAD tests ONLY contain Presentation Attacks, and not attempts to bypass the camera/sensor. It is also unfortunate that ISO & iBeta both conflate Matching & Liveness into one unscientific testing protocol, making it impossible to know if the Liveness Detection is actually working as it should in scenarios where matching is included, and the application just states Match/No Match or something similar. This means that iBeta testing only considers artifacts physically shown to a sensor. And even though digital attacks are the most scalable, currently, iBeta DOES NOT TEST for any type of Virtual Camera Attack, or Template Tampering in their PAD testing. So iBeta testing, no matter what PAD Level it is, is NEVER enough to ensure real-world security. As far as we are aware, iBeta has never offered to perform any sensor bypass testing to any PAD Vendor at any time before this writing. Beta indirectly allows Vendors to influence the number of sessions in their time-based testing because some Vendors have much longer session times than others. This means that by extending the time it takes for a session to be completed, the Vendor can limit the amount of attacks that can be performed in the time allotted. The goal of biometric security testing is to expose vulnerabilities, and when the number of sessions, the devices, and the tester skill levels are non-standardized, it means the testing is NOT equally difficult between Vendors, and/or isn't representative of real-world threats. It's important to note that NO Level 3 testing is offered by iBeta any longer. It was offered for a few months under a "Level 3 Conformance," but then NIST notified iBeta that they didn't believe iBeta was capable of performing such important and difficult testing, and iBeta had to remove the Level 3 testing option. Note: iBeta staff have recently stated publicly that it was their "business" decision not to perform Level 3 Testing, but this is false. On phone calls and in emails, iBeta staff repeatedly told editors of this website that iBeta was not able to perform Level 3 testing due to NIST's limitations. This is disputed by iBeta. Beta doesn't usually test the vendor's Liveness Detection software in web browsers, only native devices, so numerous untested threat vectors exist even in systems that pass some basic PAD testing. Another huge red flag in iBeta's testing is they still allow as much as 15% BPCER (Bona fide presentation classification error rate), which we call False Reject Rate (or FRR), this enables unscrupulous vendors to tighten security thresholds just to pass the test, but later lower security in their real product when customers experience poor usability. It has been verified in real-world testing that at least two vendors who claim 0% Presentation Attack (PA) Success Rate in iBeta testing have, in independent testing, been found to have over 4% Presentation Attack (PA) Success Rate. Note: iBeta DOES NOT require production version verification, or require the vendor sign an affidavit stating they will not lower security thresholds in Production Versions of their software. Remember, robust Liveness Detection must also cover all digital attack vectors, so don't be fooled by an iBeta "Conformance" badge. While it's better than nothing, it's nowhere near enough. Make your vendor sign an affidavit saying they have not lowered security thresholds, demand to see their Full Conformance Reports with the False Reject Rate/BPCER listed, make them prove they have undergone Penetration Testing for the aforementioned Digital Spoof Attack Vectors, and demand the vendor stand-up a Spoof Bounty Program before they can earn your business. One of the earliest papers on liveness detection was published by Stephanie Shuckers, S.A., in 2002. "Spoofing and anti-spoofing measures", is widely regarded as the foundation of today's academic body of work on the subject. The paper states that, "Liveness detection is based on recognition of physiological information as signs of life from liveness information inherent to the biometric". Later in 2016, her follow-up, "Presentations and Attacks, and Spoofs, Oh My", continued to influence presentation attack detection research and testing. Is Facial Recognition the Same as Anti-Spoofing & Face Authentication? No, they are not, and it is critical to a basic understanding of these biometric technologies to start using the correct terminology to prevent any further confusion about how biometrics are different, and where they are best used. Facial recognition is for surveillance. It's the 1-to-N matching of images captured with cameras the user doesn't control, like those used in a casino or an airport. And it only provides "possible" matches for the surveilled person from face photos stored in an existing database. These technologies may share a resemblance and even overlap a bit, but it is counter productive to group the two together. Like any powerful tech, this is a double-edged sword: how facial recognition is conducted and managed has proven to be a possible threat to privacy while face authentication - making certain that only the legitimate individual is allowed access - is a significant win for it. Should We Fear Centralized Face Authentication? Fear of biometric authentication stems from the belief that centralized storage of biometric data creates a "honeypot" that, if breached, compromises the security of all other accounts that rely on that same biometric data. Detractors argue, "You can reset your password if stolen, but you can't reset your face." While this is true, it is a failure of imagination and understanding to stop there. The answer is Certified Liveness Detection. With it, the biometric honeypot is no longer to be feared because the very high level of security doesn't need to rely on biometric data being kept secret. Learn more about how Certified Liveness Detection makes centralized data storage safe in this comprehensive FindBiometrics white paper. Some types of liveness detection are not secure enough for their vendors to ever release a spoof bounty program, and the vendor would just be giving away money because they have no chance of patching their numerous security holes. Weak liveness detection methods include: blink, smile, turn/nod, colored flashing lights, making random faces, speaking random numbers, and many more. All are easily spoofed. User security and hard-won corporate credibility is put at risk by trusting unscrupulous vendor's exaggerated claims. When vendors claim to have "robust liveness detection", they should: Provide a Public Spoof Bounty Program to prove their tech is secure, or remove it from the marketplace. So-called "deepfakes" have been around for years, but now even the general public understands that digital media can be manipulated easily. 2D liveness detection is very vulnerable to deepfake puppets derived from photos or videos, so it should not be used for biometric security. Don't believe that blink, nod or shake your head Liveness can stop serious deepfake puppets. Beta DOES NOT TEST for these, but FaceTec catches these attacks because of learnings from its Spoof Bounty Program. If Liveness Detection is vulnerable to deepfake spoofs derived from photos or videos, it cannot be used for biometric security. Requiring every new user to prove their liveness before they are even asked to present an ID document during digital onboarding is itself a huge deterrent to fraudsters who never want their real face on camera. If an onboarding system has a weakness, the bad guys will exploit it to create as many fake accounts as possible. To prevent this, Certified Liveness Detection during new account onboarding should be required. Then we know that the new account belongs to a real human and their biometric data can be stored as a trusted reference of their digital identity in the future. Since most biometric attacks are spoof attempts, Certified Liveness Detection during user authentication must be mandatory. With multiple high-quality photos of almost everyone available on Google or Facebook, a biometric authenticator cannot rely on secrecy for security. Liveness detection is the first and most important line of defense against targeted spoof attacks on authentication systems. The second is a very high FAR (see Glossary, below) for accurate biometric matching. With Certified Liveness Detection you can't even make a copy of your biometric data that would fool the system even if you wanted to. Liveness catches the copies by detecting generation loss, and only the genuine, physically present user can gain access. 67381.html is the International Organization for Standardization’s (ISO) testing guidance for evaluation of Anti-Spoofing technology, a.k.a., Presentation Attack Detection (PAD). Three document editions have been published to date, with a fourth edition currently in progress. Released in 2017, ISO 30107-3 served as official guidance for how to determine if the subject of a biometric scan is alive, but since it allows PAD Checks to be compounded with Matching which convolutes testing. In 2020, with the introduction of deepfake puppets and other attack vectors not conceived of at the time of publication, ISO 30107-3 is now considered by many experts to be outdated and incomplete. Due to "hill-climbing" attacks (see Glossary at bottom of page), biometric systems should never reveal which part of the system did or didn't "catch" a spoof. And while ISO 30107-3 gets a lot right, it unfortunately encourages testing both Liveness and Matching at the same time. Scientific method requires the fewest variables possible be tested at once, so Liveness testing should be done with a solely Boolean (true/false) response. Liveness testing should not allow systems to have multiple-decision layers that could allow an artifact to pass Liveness but fail Matching because it didn't "look" enough like the enrolled subject. Should Anti-Spoofing Checks Be Required By Law? We believe that legislation must be passed to make Liveness Detection mandatory if biometrics are used for Identity & Access Management (IAM). Our personal data has already been breached, squirting so we can no longer trust Knowledge Based Authentication (KBA). We must turn our focus from maintaining databases full of "secrets" to securing attack surfaces. Current laws already require organic foods to be certified, and every medical drug must be tested and approved. In turn, governments around the world should require Certified Liveness Detection be used to protect the digital safety and biometric security of their citizens. Gartner, "Presentation attack detection (PAD, a.k.a., "liveness testing") is a key selection criterion. Gartner’s Market Guide for User Authentication, Analysts: Ant Allan, David Mahdi, Published: 26 November 2018). FaceTec’s ZoOm was cited in the report. Forrester, "The State Of Facial Recognition For Authentication - Expedites Critical Identity Processes For Consumers And Employees" By Andras Cser, Alexander Spiliotes, Merritt Maxim, with Stephanie Balaouras, Madeline Cyr, Peggy Dostie. Schuckers, S., 2016. Presentations and attacks, and spoofs, oh my. Schuckers, S.A., 2002. Spoofing and anti-spoofing measures. 1:1 (1-to-1) - Comparing the biometric data from a subject User to the biometric data stored for the expected User. If the biometric data does not match above the chosen FAR level, the result is a failed match. 1:N (1-to-N) - Comparing the biometric data from one individual to the biometric data from a list of known individuals, the faces of the people on the list that look similar are returned. This is used for facial recognition surveillance, but can also be used to flag duplicate enrollments. Artifact (Artefact) - An inanimate object that seeks to reproduce human biometric traits. Authentication - The concurrent Liveness Detection, 3D depth detection, and biometric data verification (i.e., face sharing) of the User. Bad Actor - A criminal; a person with intentions to commit fraud by deceiving others. Biometric - The measurement and comparison of data representing the unique physical traits of an individual for the purposes of identifying that individual based on those unique traits. Certification - The testing of a system to verify its ability to meet or exceed a specified performance standard. Beta used to issue certifications, but now they can only issue conformances. Complicit User Fraud - When a User pretends to have fraud perpetrated against them, but has been involved in a scheme to defraud by stealing an asset and trying to get it replaced by an institution. Cooperative User/Tester - When human Subjects used in the tests provide any and all biometric data that is requested. This helps to assess the complicit User fraud and phishing risk, but only applies if the test includes matching (not recommended). Centralized Biometric - Biometric data is collected on any supported device, encrypted and sent to a server for enrollment and later authentication for that device or any other supported device. When the User's original biometric data is stored on a secure 3rd-party server, that data can continue to be used as the source of trust and their identity can be established and verified at any time. Any supported device can be used to collect and send biometric data to the server for comparison, enabling Users to access their accounts from all of their devices, new devices, etc., just like with passwords. Liveness is the most critical component of a centralized biometric system, and because certified Liveness did not exist until recently, centralized biometrics have not yet been widely deployed. Credential Sharing - When two or more individuals do not keep their credentials secret and can access each others accounts. This can be done to subvert licensing fees or to trick an employer into paying for time not worked (also called "buddy punching"). Credential Stuffing - A cyberattack where stolen account credentials, usually comprising lists of usernames and/or email addresses and the corresponding passwords, are used to gain unauthorized user account access. Decentralized Biometric - When biometric data is captured and stored on a single device and the data never leaves that device. Fingerprint readers in smartphones and Apple's Face ID are examples of decentralized biometrics. They only unlock one specific device, they require re-enrollment on any new device, and further do not prove the identity of the User whatsoever. Decentralized biometric systems can be defeated easily if a bad actor knows the device's override PIN number, allowing them to overwrite the User's biometric data with their own. Deepfake - A deepfake (a portmanteau of "deep learning" and "fake") is an AI-based technology that can produce or alter digital video content so that it presents something that did not in fact occur. End User- An individual human who is using an application. Enrollment - When biometric data is collected for the first time, encrypted and sent to the server. Note: Liveness must be verified and a 1:N check should be performed against all the other enrollments to check for duplicates. Face Authentication - Authentication has three parts: Liveness Detection, 3D Depth Detection and Identity Verification. All must be done concurrently on the same face frames. Face Matching - Newly captured images/biometric data of a person are compared to the enrolled (previously saved) biometric data of the expected User, determining if they are the same. Face Recognition - Images/biometric data of a person are compared against a large list of known individuals to determine if they are the same person. Face Verification - Matching the biometric data of the Subject User to the biometric data of the Expected User. FAR (False Acceptance Rate) - The probability that the system will accept an imposter's biometric data as the correct User's data and incorrectly provide access to the imposter. FRR/FNMR/FMR - The probability that a system will reject the correct User when that User's biometric data is presented to the sensor. If the FRR is high, Users will be frustrated with the system because they are prevented from accessing their own accounts. Hill-Climbing Attack - When an attacker uses information returned by the biometric authenticator (match level or liveness score) to learn how to curate their attacks and gain a higher probability of spoofing the system. Identity & Access Management (IAM) - A framework of policies and technologies to ensure only authorized users have the appropriate access to restricted technology resources, services, physical locations and accounts. Also called identity management (IdM). Imposter - A living person with traits so similar to the Subject User that the system determines the biometric data is from the same person. Knowledge-Based Authentication (KBA) - Authentication method that seeks to prove the identity of someone accessing a digital service. KBA requires knowing a user's private information to prove that the person requesting access is the owner of the digital identity. Static KBA is based on a pre-agreed set of shared secrets. Dynamic KBA is based on questions generated from additional personal information. Liveness Detection or Liveness Verification - The ability for a biometric system to determine if data has been collected from a live human or an inanimate, non-living Artifact. Phishing - When a User is tricked into giving a Bad Actor their passwords, PII, credentials, or biometric data. Example: A User gets a phone call from a fake customer service agent and they request the User's password to a specific website. PII - Personally Identifiable Information is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Presentation Attack Detection (PAD) - A framework for detecting presentation attack events. Related to Liveness Detection and Anti-Spoofing. Root Identity Provider - An organization that stores biometric data appended to the corresponding personal information of individuals, and allows other organizations to verify the identities of Subject Users by providing biometric data to the Root Identity Provider for comparison. Spoof - When a non-living object that exhibits some biometric traits is presented to a camera or biometric sensor. Photos, masks or dolls are examples of Artifacts used in spoofs. Subject User - The individual that is presenting their biometric data to the biometric sensor at that moment. Synthetic Identity - When a bad actor uses a combination of biometric data, name, social security number, address, etc.