Von der Unmöglichkeit der Fälschungserkennung

Von der Unmöglichkeit der

Fälschungserkennung

The AAA faking process

– Acquire the pattern of the biometric characteristic - not discussed here

2. A

ssemble

– Assemble a plagiarism from the biometric characteristic • including unique pattern and

• including / excluding properties the biometric system uses for fake detection (if known)

– Behavioral characteristics: for example, training of a robot 3. Apply

– Apply the plagiarism to the biometric capture system in just the way required for optimum recognition – not discussed here

Difficulty of faking steps

• Rough estimation of relative effort “in the natural case” – More stars means more effort

– No fake detection assumed (refers to Apply)

– No cooperative victims assumed (refers to Acquire)

– No acquisition behind a sensor assumed (refers to Acquire)

3D face 2D face

Finger veins

Signature (dyn. full) Fingerprint Biometric Password Apply Assemble Acquire

Effort

Bottom – Up

Our simple fake testing method

– Different coatings match different sensor principles (color, conductivity, etc.)

Fake detection method: Temperature

• Idea: finger is genuine => temperature is in a certain range

• Passable skin temperatures for finger are between 12 °C (DIN 33403) and >35 °C

• It’s easy to bring every fake finger to any required temperature

• Problem: temperature is in a certain range ≠_{> finger is genuine}

– Temperature is not a very characteristic property of human fingers

• Really a cheap but silly fake detection method

– OK, it can be used to detect non-liveness: If temperature is below 0°C or above 100°C for a certain time, finger is NOT al ive

Fake detection method: Capacitive sensors

• Life property: skin contains water and water has a high relative permittivity (ε

r ~ 80)

• Problem 1: In reality not ε

r is measured but the capacitance

• 1. fake method: plastics with barium titanate (difficult)

• 2. fake method : gelatin (contains a lot of water, but is not durable) • 3. fake method : rubber stamp, possibly with conducting coating or

with breathing upon it (perfect)

• 4. fake method : overhead foil with printed finger pattern and breathing upon it (cheap but difficult to apply)

Fake detection method: Blood oxygen measurement

absorption of two different infrared light wavelengths by hemoglobin – the oxygen concentration changes periodically with pulse

– method has been verified by Delsy 10 years ago with optical sensor

• How to circumvent: Use a live finger and cover it with a foil

implementing the finger pattern while being transparent to infrared light

• Problem: it is not verified whether live finger and pattern belong to the same person

The best method today

• Using optical finger & skin spectrum by using

multi-spectral illumination in an optical fingerprint scanner

• Successfully implemented by Lumidigm V302 (‘Venus’)

– Reliably rejects even our fingerprint stamps – Does not show significant false reject rates

• Less successfully implemented by Lumidigm M311 (‘Mariner’)

– False acceptions of our fingerprint stamps possible • How to circumvent: Find a matching coating for the

fake finger

• Problem: measures only a few properties of the finger which may not be very specific

Further fake finger detection methods

• 3D Ultrasound: explore the finger structure beneath the fingerprint pattern

– Problem: Only the ultrasound properties of the finger are investigated – How to circumvent: A 3D copy (using 3D printers?) with the same

ultrasound properties should do

• A similar consideration holds for optical coherence tomography except for the different influence of microscopic structures

– The smaller wavelength of light may increase fake assembly effort

Other biometric characteristics

• Fingerprint considered here because of broad own experience – Best investigated biometric modality except for biometric password

– As a result, it is erroneously ill-reputed as the most vulnerable biometric modality

• There is no biometric characteristic which is invulnerable

– Not yet faked usually means not yet tried to fake

– However, there may be difficult to compare differences between different modalities regarding the AAA steps

12

Conclusions

• Today’s fake detection methods only deliver annoying results – All methods can be circumvented once revealed

– Circumvention effort steadily decreases (technology, knowledge)

• If I verify a biometric pattern this does not verify the complete human identity

• It has not sufficiently been ensured that all properties being tested belong to the same human entity

• Literature: Dragula, P.: Erkennung der feinen Hautbewegungen des Fingers, Diploma Thesis (tutor: Martin Drahanský), FIT BUT, CZ, 2007 Status

Top – Down

Science fiction (?)

What is identity?

• Identity is the set of all independent, measurable properties of a

subject

– Detlef Hühnlein: “Die Identität einer Entität ist bestimmt durch die Menge ihrer Attribute, wobei eine Entität genau eine Identität besitzt.” (DuD 3/2008 S165)

– Mondinis Study on Identity Management in eGovernment: Common Terminological Framework for Interoperable Electronic Identity Management; Consultation Paper v.2.01; November 23, 2005

• Each linear independent property spans one coordinate in an “identity vector space”

– Each identity is characterized by one point at a time instant in the identity vector space

– Example for a one-dimensional identity vector space of human heights showing about 25 identities:

Identity vector space I

• Example: 2D identity vector space

– In reality, dimension will be extremely high

Identity vector space II

• Identities change with respect to time

Identity vector space III

• Alternatively, the fluctuations of an identity may be shown as a cloud whose density represents the joint probability to have certain

properties

• It is NOT important that identity remains constant, rather separability is essential

Identity vector space IV

• Biometrics is complex enough to guarantee that no two identities have the same distribution shape

– This fact greatly reduces the value of biometric failure rates from large scale tests for individuals

19

What types of identity properties are there?

• Unique identity properties are considered as biometric characteristics – Unique properties have parts of genotypic, randotypic, and behavioral

origin

• Common identity properties are common for all humans – and define a human being if considered completely

– Exceptions such as diseases, special marks, etc. are considered as

anomalies

• Properties may be divided into sub-properties until simple measurability is achieved (elementary property)

– Example: Presence of head may be divided into presence of eyes, nose, mouth, hair, ears, ... etc.

Identity determination

• Identity determination is the measurement of measurable human properties

– Identity determination encompasses unique and common properties

• Identity determination is used for

1. creating and storing an identity reference (enrolment)

2. comparison of the resulting data with a stored reference (verification)

• A complete identity determination considers ALL identity properties – A perfect identity determination needs no fake detection!

Human identity determination: Challenges

– Humans cannot permanently be separated from their surrounding • Are all properties measurable in a non-destructive way?

– E.g., when measuring DNA information cell by cell • Clothing as a fast varying part of the identity?

– There may be limited enthusiasm for undressing... – Clothing is a valuable identifier for short-time linkage – Foreign DNA (most of all cells are of non-human origin)

• Privacy goodbye!

– The perfect identity de-terminator knows everything about a subject! – The deviations from the common reference (anomalies) are most

How many identity properties are there?

• The real challenge seems to be the enormous number of properties to be measured, possibly with different sensors

For simplicity we consider the reference size

• The genotypic structure of humans is determined by the genome and includes unique and common parts

– The genome represents an information of roughly 50 MB, including non-coding sequences

(http://de.wikipedia.org/wiki/Erbinformation#Genomgr.C3.B6.C3.9Fen) • How much for unique randotypic parts and anomalies?

– No information found – would require the knowledge of all biometric modalities

• For the behavioral part the storage capacity of brain may be an indication

– Brain stores about 2 PB = 2000 TB = 2x1015 _{B [?, Wikipedia]}

23

Human identity determination is a complex task

Identity confirmation

• Identity confirmation is the comparison of two sets of identity properties

– The result may be "Yes" or "No" • The task may be split into two parts:

1. the comparison of unique identity properties (mandatory) 2. the comparison of common identity properties (optional)

• The following references are required for identity confirmation – Unique properties: One reference data set required per identity – Common properties: One reference data set for all humans – Anomalies: One reference data set required per identity

• A complete identity confirmation considers ALL identity properties – Nevertheless, due to small identity changes and measurement errors,

What is a fake?

A fake is a partial imitation of an identity

– Name for hardware-based imitations: spoof / spoofing, plagiarism – Name for software-based (behavior) imitations: mimicry

• A fake may imitate unique (mandatory) and common (optional) properties

• A successful fake has to imitate ALL properties with good quality which are used for identity confirmation

Fake detection

Realization of fake detection type I (passive):

• Find at least one mismatch with common parts of identity reference – Non-matching common properties are due to fakes or anomalies – The more properties are compared, the better the fake resistance

Realization of fake detection type II (active):

• Find at least one match with fake references

– A fake may have specific properties which do not match with originals – Like virus scanners it needs the references of all known fake methods – Like virus scanners, a permanent update is required - but including

hardware (sensors)

– Advantage: For a perfect fake detection a limited number of props suff. – Problem: does not detect unknown fakes

The big challenge: transplantations

• Transplantations create ‘mixtures’ of human identities and define a new human identity (at least due to different DNA)

– Requires re-enrolment - how to securely link to old identities?

• Transplantations may affect biometric characteristics

– Today, biometrically effective transplantations are possible at least for faces and fingers

• Legal / ethical identity aspects of transplantations

– Is there something like an identity center such as brain?

– Can we exclude that ever brain transplantations will become possible? – Who is responsible for the obligations of the old identities?

The practical solution: Fake prevention

Fake prevention instead of or in combination with fake detection

• For higher requirements use independent multiple protection & identity confirmation stages

• Provide measures against mixing identity properties from different subjects during measurement (AAA)

– separation required (known from physical access control)

• Undertake small attempts on sensor side to complicate fake application (AAA)

Why faking is easier than fake detection

• Fake detection is like the trial to keep water in a sieve

• If you only plug a few holes (compare a few properties) the water will quickly find another way (easy)