In a previous post I talked about biometric systems and how electro-physiological signals such as the EEG and the ECG can be combined to obtain a reliable biometric system. Today I’d like to continue from where I left you last time. I specifically want to tell you about one of the main challenges such systems might face nowadays: how to respond to spoofing attacks. As you might know a spoofing attack is defined as someone trying to defeat a biometric system by presenting a fake biometric trait to the sensor.
People are becoming aware that this is a problem that needs to be addressed as biometric systems are becoming more widely adopted. Nowadays unlocking laptops, tablets or smart-phones using biometrics-based systems rather than typing a password is more and more common. For instance, Google included a face unlock system in Android 4.0 and Apple added a fingerprint scanner to the iPhone 5S. No doubt those decisions were a big step towards bringing biometrics-based authentication into the mainstream.
However those systems were bypassed as soon as they were released. Have a look at these videos: Ice Cream Sandwich Face Unlock feature hacked, iPhone 5S fingerprint scanner Hacking explanation.
The scientific community has been working on this issue for the past years. This is the case of the TABULA RASA project, which has studied the vulnerabilities of the current biometrics systems to spoofing attacks for the last three years and a half. The project has produced several countermeasures to make the systems more robust to this type of attack.
These countermeasures can be seen as a piece of software or hardware that checks that the biometric trait presented to the sensor comes from a living person. Take as an example the guy presenting a photo to the face unlock system in Android 4.0 in the video above. A liveness detector could check if the person blinks, thus avoiding the photo attack. Actually, Android’s following update incorporated such a functionality. But what happens if the attacker presents a video instead of a photo? In this case other parameters should be analyzed to prove that a real person is in front of the camera.
Starlab, the company I work for, has participated in the TABULA RASA project because of our experience in biometrics using electro-physiological signals. A biometric system based on analysing the EEG and the ECG, just as ours does using Enobio, is a liveness detector by itself since the reception of these signals proves that the person is alive. But are we really safe from being spoofed by using our EEG&ECG-based system? Could anyone artificially provide these signals to cheat the system? We have answered these questions within the project and provided solutions.
Yes, it is technically possible. But it’s expensive too. As a first step an attacker would need to get samples from the EEG and/or ECG of the person to be impersonated. We can agree that this would not be as easy as taking a photo or a video or recovering a latent fingerprint from a glass. Then he would need to build an electronic device capable of playing back those signals. The device would have to be able to synchronously provide all the signals as they were captured and then the attacker would need to make the electronic contact with the electrodes’ sensor matching the placement just as the original recording. All in all, it’s a difficult and expensive job.
However, the amount of resources an attacker might invest in spoofing a biometric system might be proportional to the value of what the system is locking. So if we envision that our system might be used in high-security environments it is worth providing a definite robust solution against spoofing attacks. And that is what we consider we have achieved at the end of the TABULA RASA project.
Now our system can discriminate between real and artificial signals by detecting Event-related Potentials. As explained in this post, ERPs are the brain’s response to a series of repetitive stimuli which can be visual, auditory, tactile and even olfactory and gustatory. Thus, our system can present those stimuli in a random way tagging some of them as targets. The expected response to those target/not target stimuli is expected to be in the range on few hundreds of milliseconds. If the signal analyzed by the biometric system does not contain the ERPs perfectly aligned with the presentation of the stimuli, the authentication transaction can be considered a spoofing attack.
This ERP-based countermeasure we have introduced in our EEG&ECG biometric system could be categorized as a challenge-response one. Unlike a challenge-response approach on a face recognition system (for instance, asking the subject to blink at a certain time or do a specific gesture), here the response is not voluntary but an unconscious behaviour of a real brain. So our system not only provides authentication results that check whether the person that wears the sensor is who he/she claims to be but also checks that behind the sensor there is a real person.
All in all, I can safely say that after the TABULA RASA project biometrics system attackers’ life will be tough.