Hitoshi Kokumai

1年前 · 2 分の読書時間 · visibility 0 ·

chat 著者への問い合わせ

thumb_up 関連性 message コメント

Biometrics - Spoofing and Liveness Detection

 

Last November I examined the issue of spoofing and liveness detection from the view point of the trade-off between False Acceptance/False Match (FA/FM) and False Rejection/False Non-Match (FR/FNM). I bring it back in view of the yet bigger noises around fruitless arguments.

Below is the conclusion.

Spoofing is another factor to raise FA/FM rates and Liveness Detection is another factor to raise FR/FNM rates; the presence of FR/FNM forcing the users to rely on a fallback measure, a default password/pincode in most cases, which brings down the overall security to the level lower than the authentication by a default password/pincode alone.

That’s all.


Biometrics - Spoofing and Liveness DetectionWorry about a backdoor?

Spoofing and Liveness-Detection of Biometrics


Summary: 'Spoofing' of body features is an additional factor that raises false acceptance/match rates, while a 'counter-spoofing' measure is an additional factor that raises the false rejection/non-match rates. 

 You are perhaps aware of this news - http://www.forbes.com/sites/daveywinder/2019/11/02/smartphone-security-alert-as-hackers-claim-any-fingerprint-lock-broken-in-20-minutes/

In view of such big incidents, ‘Liveness-Detection’ as a counter-spoofing measure is reportedly a hot topic now among certain biometrics people. It's not worth it. 

 We are focusing on the problems arising from the trade-off relation between false match/acceptance (FM/FA) and false non-match/rejection (FNM/FR) inherent in the measurement of body features.

* The relation between FM/FA and FNM/FR is closely examined with graphs in this article - http://www.valuewalk.com/2018/02/biometrics-aadhaar-danger/

59c48210.pngSpoofing raises FA/FM rates<br />
<br />
Counter-spoofing raises FR/FNM ratesFrom this perspective, the counter-spoofing measures like liveness detection could be a factor to increase the FNM/FR rates while possibly contributing to the reduction of FM/FA rates. A gain grasped in the right hand could possibly be dropping from the left hand, although it is not possible to quantitatively examine this effect until the specific liveness detection is put to the empirical tests in both indoor and outdoor environments.

 You may recall that we had already heard of liveness detection 15 years ago. It was a built-in thermometer and an infra-red sensing to measure the warm temperature of genuine or spoofed hands, fingers and faces. We were not surprised to hear that those measures were fooled within hours by curious students who started to warm the spoofed objects. Sensing the presence of heartbeats was also defeated very quickly by smart students. Motion-detection beaten by video as well. We could be watching what will happen between the ‘advanced liveness detection’ and the ever more inquisitive students.

 We should not forget that, even if someone comes up with a perfect liveness detection technology, it would solve just one aspect of the spoofing problem. There would still be the spoofing for which liveness detection may not be relevant. And, even if someone miraculously comes up with a perfect solution to eliminate the spoofing altogether, biometrics still has the fundamental problem of having the trade-off relation between FM/FA and FNM/FR due to the nature of body features inherent in living animals.


03df192e.pngFRR (Fal Reyection Rages)<br />
<br />
 <br />
<br />
 <br />
<br />
False Acceptance Rates and False Rejection Rates|<br />
<br />
 <br />
<br />
FA (Poise Acceptance] v3 FR (False Rejection) & Threshold |<br />
<br />
 <br />
<br />
§<br />
<br />
10°<br />
<br />
    <br />
 <br />
<br />
RR (Equator Rates)<br />
<br />
00 wt<br />
a]<br />
<br />
10°


 The trade-off relation of FM/FA and FNM/FR inevitably brings this security problem - Early models of smartphones were safer than newer models - How come? – https://www.linkedin.com/pulse/early-models-smartphones-were-safer-than-newer-how-come-kokumai



By the way, liveness-detection is sometimes discussed as if it were a second layer of security. It is not the case. Body features of living animals are variable. What would the user be expected to do if they got wrongly rejected by the liveness detection? Give up the login altogether? 

If something gets brought in as a fallback measure, it means that the liveness detection works as a second entrance, not a second layer. Liveness detection is not outside the scope of FM/FA and FNM/FR.


< Related Articles and Video >

Summary and Brief History - Expanded Password System

External Body Features Viewed as ‘What We Are’

Negative Security Effect of Biometrics Deployed in Cyberspace

Removal of Passwords and Its Security Effect

Video Biometrics in Cyber Space - "below-one" factor authentication



thumb_up 関連性 message コメント
コメント

その他の記事 Hitoshi Kokumai

ブログを見る