Biometric Face Recognition Exploit

clscott writes "A researcher at the U. of Ottawa has developed an exploit to which most biometric systems are probably vulnerable. He developed an algorithm which allows a fairly high quality image of a person to be regenerated from a face recognition template. Three commercial face rec. algorithms were tested and in all cases the image could masquerade to the algorithm as the target person. Here are links to a talk and a paper. Unfortunately, biometric templates are currently considered to be non-identifiable, much like a password hash. This means that legislation gets passed to require hundreds of millions of people to have their biometrics encoded onto their passports. This kind of vulnerability could mean that anyone who reads these documents has access to the holders fingerprint, iris images, etc."

This problem is solved by redundancy

[NumberField]

This isn't a problem because most people have extras of the body parts used for most biometric schemes. For example, you probably a large supply of fingers (about ten), so it doesn't matter if a few get compromised. Similarly, if you have two eyes, it's not a big deal if your retinal print becomes known to bad guys.

(P.S. Please no replies from humor-impaired folks.)

Re:This problem is solved by redundancy

[gerf]

This isn't a problem because most people have extras of the body parts used for most biometric schemes. For example, you probably a large supply of fingers (about ten), so it doesn't matter if a few get compromised. Similarly, if you have two eyes, it's not a big deal if your retinal print becomes known to bad guys. (P.S. Please no replies from humor-impaired folks.)

I don't get it. The way you're talking isn't in a standard joking format at all. Maybe you Canadians have a different sense of humor?

Re:This problem is solved by redundancy

[stefanlasiewski]

I don't get it. The way you're talking isn't in a standard joking format at all. Maybe you Canadians have a different sense of humor?

Yeah really.

In the States, all of our humor formats have been standardized by the Department of Homeland Security. Currently, I'm 80% done with my ISO9666 humor certification. When I'm done, everyone will be able to understand and interface with my humor.

Re:This problem is solved by redundancy

[Xzzy]

I'm sorry, go back and read chapter two, where they talk about humor types by geographic region. Your above intended format falls into "excessively dry", which if my memory serves is a method perfected, and quite jealously defended, by the British.

American humor is expected to involve either bodily functions or blonde women.

Failure to employ region-appropriate humor will potentially flag you for review as a potential terrorist.

Re:This problem is solved by redundancy

[YU+Nicks+NE+Way]

Please put your tin-foil hat away. The incorrect use of humor will not flag anyone for review as a potential terrorist. There is no reason to be concerned that we will interfere with any humor-related deviance. It is only in those cases where individuals with perverted senses of so-called humor that pose a threat to our national security (as determined by our objective and reproducible criteria), and who aver themselves unwilling to participate in our voluntary humor-retraining camps, who will be marked for review. In order to reduce the number of individuals whose privacy will be sacrificed to review, we will use only publicly available data. In order to incentivize those who will be encouraged to attend humor-improvement camps, we intend to locate them in tropical locations near to the ocean, but not on US territory.

Other systems too?

[mgcsinc]

Personally I use BioPassword for authenticating my workstation using keystroke recognition, so I seem to be safe from the exploit as yet; holding an image up to a computer seems like it would require considerably less effort than attaching a PS2 device that typed at exactly the correct rate. Nonetheless, I wonder if this discovery will prompt the redesigning of the way user data is stored across the biometric spectrum, going as far as the oft considered-foolproof keystroke systems...

Re:Other systems too?

[NixterAg]

BioPassword unfortunately suffers from a habit of producing false rejections. It really diminishes its usability. BioPassword's best trait is that it doesn't require an additional hardware purchase to work. Several high profile banks inspected BioPassword to determine whether they could use it for identity authentication within the context of online purchases. They came to the conclusion that it wasn't usable enough.

I think many people miss the boat when it comes to biometric identity authentication. The fact is, any security protocol can be exploited. The idea is to make it a protocol difficult enough to exploit so that it isn't in the best interests of an attacker to go after whatever is being secured. It's like cryptography. There is no unbreakable code or cipher, but there are codes that are difficult enough to break that it isn't worth the time or effort required to break them.

paranoia

[klokwise]

maybe i should extend my tin-foil hat to a tin-foil facemask and a pair of shiny gloves... that way they'll never recognise me!

One thing that is missing from "the spoof"

[adzoox]

A local company to me, has a biometric scan + retina and thumbprint scan, but it also takes your body temp average/signature .... the combination of the three are pretty hard, if not impossible, to spoof. And, anyone that can, was going to break into your system anyway. (With the VERY expensive equipment and extensive knowledge it would take to reproduce all three)

Sometimes we give criminals to much credit. Again, if it's someone that can go through all three of those, they were going to get past the toughest of Indiana Jones hurdles.

Re:One thing that is missing from "the spoof"

[Emugamer]

Biometric analysis equipment $250,000
Staff time to implement new security procedures $12500
Sledge hammer: $25
Expression on the Project Manager's face after he realized he should have installed a better door: Priceless

Old News

[fobbman]

The fallibility of biometric systems has been widely known since a scientific expose was released on the topic no less than five years ago.

Re:Facial recognition

[Herr_Nightingale]

the point that EVERYbody is missing is that biometric authentication is inherently flawed - it's like a password that cannot be changed. Obviously there are innumerable flaws. How is this news?

Joe Average User...

[Greyfox]

Is going to be awfully put out when the authorities hold him because someone with his biometric pattern did soemthing highly illegal.

He will be in the position of being assumed guilty because everyone know that biometrics don't lie and are completely infallable. Thanks to legislation like the DMCA, no one will testify that the systems are, indeed, very easy to compromise. It'll be illegal to talk about those aspects of security. Not that the law has ever stopped the black hats...

RTFA yourself

[MarcoAtWork]

You don't understand what the article is talking about. When you enroll in a biometric system, the system itself -doesn't- match based on your picture, but on a 'template' which is created by taking your standard data and performing certain destructive operations to arrive to a much smaller 'template' which can still be used to identify you.

This is very similar to the one-way hashing that happens with unix passwords, only that in this case the hashing is 'lossier' so you have 'confidence scores' instead of a black/white answer.

The article shows that given this 'hashed' value you can recreate an image that has a good chance of not only being authenticated by the same system/algorithm (which already should be very hard, given the one-way nature of the templatization) =BUT= also by different systems!

It also is really interesting how if you have access to the 'confidence score' outputted by the recognizer, you can take arbitrary images and blending/averaging them again come up with an image that works.

This is definitely not useless news and will have quite some implications.

How to fix the problem

[Atario]

Make the cameras use x-ray backscattering (as in the earlier story today) of your face. Then in order to spoof the system, a printout of your picture (generated from the hash or not) would not work -- you'd have to build something that recreates your x-ray backscatter and show that to the camera. (I'm assuming that would be much more difficult, like making a sculpture out of meat or something -- anyone in the know wish to shoot down my theory?)

Of course, then there's the issue of getting x-rayed in the face every time you walk in the door...

Not as significant as you might think

[swillden]

This isn't such a big deal for face recognition systems, because face recognition systems suck at identifying people anyway. Why? First a little tereminology:

With any biometric matcher you have to define a match "tolerance", which defines how close a pair of templates (usually one from a database and one from a livescan) have to be before they're considered to be a match. Set this tolerance too "loose" and you get lots of false positives (matches that shouldn't match), set it too "tight" and you get the opposite, false negatives. The tolerance setting where you get roughly the same number of errors each way is called the equal error point, and the error rate is called the equal error rate (abbreviated ERR for some unfathomable reason).

Well, all current face recognition systems have an ERR that is too high to be useful in nearly any situation, even when used for identity verification, as opposed to the much-harder problem of identification (verification: I say I'm Bill Gates, and the system agrees; identification: The system says I'm Bill Gates, not RMS or anyone else). It's possible that in the future this will change, of course.

However, this doesn't really matter because we already have ready access to an excellent and very widely available face recognition system: the Mark I eyeball. Millions of years of evolution have made people extremely good at identifying and matching human faces. What people aren't so good at (with notable exceptions) is matching a face against a database of thousands of faces they've seen only once, and *that* is something that face recognition systems can do extremely well. They may not be able to decide which faces are a "match", but they can do an excellent job of finding the *closest* faces, which can then be reviewed by the super-duper face-matching algorithm contained in the average person's head.

When automated face recognition is used in that sort of context, spoofs like this one are unlikely to be very useful; if you want to impersonate someone you'd better get a face that's good enough to fool another human. It's doable, certainly, but much harder. And holding a laptop screen in front of your face is likely to raise some suspicions.

Everyone has missed the point

[SiliconEntity]

Every comment I have read has missed the point!

This is not an exploit designed to show that biometric systems can be fooled or that you could create some kind of fake image that would match an existing one.

The whole point is that this shows that biometric templates are privacy-sensitive. Previously it was thought that they could be stored and promulgated without interfering with anyone's privacy, because it was thought to be infeasible to start from the template and reconstruct personally identifiable information about the subject.

The new paper shows that this is not true; from the templates, you can reconstruct an identifiable picture of the individual. That means that, for example, if you had a bunch of templates of people who went in for an AIDS test, you could re-create pictures of the people who went in, adequate to recognize individuals.

This would therefore interfere with the privacy of those individuals. And that implies that templates need to be subject to the same kind of privacy restrictions as other forms of personally identifying information, a standard to which they have not traditionally been held.

And that's the point of the paper.

Not anything like a password hash

[lkaos]

A useful password hash (at least one that isn't considered to be plain-text equivalent) is a cryptographic hash. A cryptographic hash is one thought to be np-hard.

For instance, take this simple hash:

uint32_t hash;

for (size_t i=0; i < str.length(); i++) {
hash += str[i];
}

Given an input of say, foobar, one would get a hash of 633. Now, if I start with an arbitrary password of say, google, I get a hash of 637.

Since I know that slight adjustments to the word, produce slight differences, I know that I can just start moving letters one space down the alphabet until I find a matching value.

Lets say I choose:

google -} 637
foogle -} 636
fnogle -} 635
fnngle -} 634
fnnfle -} 633 *bingo*

So know I've successfully "exploited" this password protection mechanism.. This is why it's referred to as plain-text equivalent.

A cryptographic hash though has the interesting proper that a small change results in a unpredictable different. For instance, in the same example you might get:

google -} 3453
foogle -} 234543
fnogle -} 234
fnngle -} 23425434
fnnfle -} 53424 ...

There's no reason biometrics can't be cryptographically strong. It's just that the algorithms currently being aren't. That's no big news for anyone with even half a clue stick.