In recent years we’ve seen face, voice and fingerprint identification software move from Sci-Fi films into real life affordable devices, such as smartphones and tablets. The TABULA RASA consortium, which is supported by EU research and innovation investment, has set out to identify just how well this new software works, in particular against the growing phenomenon of “spoofing ” i.e. using everyday materials such as make-up, photographs and voice recordings to subvert or directly attack biometric systems.
| © fotolia
Biometric systems have proven to be one of the most efficient security solutions available today. However, some biometric sensor vulnerabilities still exist, including some which have been well publicised in the International media. The TABULA RASA consortium comprises 12 different organisations across seven countries that have worked together over a period of three years to research as many vulnerabilities as possible, to develop countermeasures accordingly and ultimately a new breed of safer biometric systems.
In the course of its research, TABULA RASA hosted a “Spoofing Challenge,” which invited researchers from around the world to develop attack plans and to attempt to deceive various biometric systems. Participants showed that there are many different and creative ways to attack the systems. The most innovative attack proposed during this challenge used make-up to spoof a 2D face recognition system and succeeded in being recognised as the victim. Other contestants used well-known attacks such as photographs, masks or fake fingerprints (“gummy fingers”) to successfully spoof the systems.
Dr Sébastien Marcel, Coordinator of the TABULA RASA project, said: “It would have been impossible to conduct such large scale research and to collaborate with so many EU partners without the investment from the European Union. As well as more secure devices and information, the improved software will offer quicker logins to IT equipment and faster more accurate border control and passport verification. We believe that many different organisations will be interested in our research including technology companies, post offices, banks, manufacturers of mobile devices or online service providers.”
The EU invested €4.4 million in the TABULA RASA project, which was used alongside a €1.6 million investment by the Consortium to carry out the extensive research and testing involved.
The TABULA RASA research project has made an extensive list of possible spoofing attacks, evaluated the vulnerability of biometric systems to such attacks, and developed countermeasures that for instance detect signs of “liveness” (e.g. blinking, perspiration) and improve security of biometric systems. TABULA RASA has already transferred five of these countermeasures to companies. This in-depth knowledge about spoofing attacks allows European industries to maintain their leadership by improving conception of future spoofing proof biometric sensors, thus opening up the huge potential of biometric technology.
The project is expected to create jobs within the European SME sector as the results are integrated into commercialised solutions. For example, KeyLemon, a Swiss based start-up, has integrated a face recognition software countermeasure, developed by TABULA RASA, into a final product. The expertise developed in the TABULA RASA project helped KeyLemon to secure a series A investment of $1.5M, creating jobs within the company. Morpho (Safran), the world leader in biometric solutions, is also deeply involved, bringing its invaluable expertise and market vision to the consortium.
Ryan Heath European Commission spokesman responsible for the Digital Agenda and digital technologies said; "Many of us keep personal and confidential information on our smartphones and tablets, so we need to have confidence that we can fully rely on these biometric tools. The European Commission is pleased with TABULA RASA's success so far. No other research group has achieved such advanced results in biometrics to date."