Stop the Spoofing
A bad guy cases the supposedly secure Southern California headquarters of a major aerospace corporation with close governmental ties. He notes that everyone from the janitor to the CEO gains entrance after a facial recognition scan confirms their identities.
He returns the next day in a suit, looking the consummate professional. As the man waits for his facial scan, he puts on a lifelike mask of the CEO’s face that he created on a 3-D printer, using a picture from the company’s website. The business’s gates open. He walks into the building, hacks a server and downloads top-secret information onto his laptop.
The likelihood of such a scenario playing out has arguably grown in recent years. That’s because would-be malefactors have increasingly learned how to trick, or “spoof,” security systems protected by facial, iris and fingerprint recognition technologies. With gyms using fingerprint scanners to admit members and customs officers employing iris scans for passport control biometrics – the science of trying to teach computers physical and other traits that can identify people – has gone mainstream. On the downside, a clever criminal can now gain unauthorized access to a building with a printed mask or unlock a stolen iPhone with a fake fingerprint taken from a coffee cup.
Wael Abd-Almageed hopes to stop the spoofing.
A senior scientist and research team leader at USC’s Information Sciences Institute, Abd-Almageed and an international team of researchers have spent several years building more secure biometric authentication systems that they say are resistant to face, iris and fingerprint security breaches. Their work could have profound societal implications.
“I think our technology could have great humanitarian impact by making people more secure,” said Abd-Almageed, head of the IARPA-funded project. “Everybody’s anticipating that biometrics are going to be the standard way to do many business transactions in the future, from ATMs to border controls to smartphone access. We’re working to detect spoofing and protect lives.”
At a macro level, Abd-Almageed and his research team want to build “more robust” biometric authentication systems. They are doing so by creating and combining, in different combinations, 3-D cameras, short-wave infrared sensors, lasers, other imaging devices and artificial intelligence algorithms.
We fuse all the information to provide rich data for the algorithm to give you a much better analysis of somebody’s face, iris and fingerprint, he said.
Take iris recognition, a popular biometric authentication method used at some airports and borders. Using mathematical pattern-recognition techniques that analyze irises, a match allows a person to board a plane or even enter a country. But what if a bad guy spoofs the security system by wearing a mask with an image of another person’s eyes printed on them – an image downloaded from Facebook? Not very reassuring, is it?
Unlike current biometric approaches, Abd-Almageed’s lasers could capture blood flow, while shortwave infrared sensors could distinguish between real skin and a mask made of silicone, paper or any other material. Simply put, Abd-Almageed’s enhanced biometrics would do a much better job of thwarting would-be malefactors than existing biometric technologies.
IARPA, he said, is so happy with his group’s progress that the federal agency recently awarded it another round of funding. The new challenge: protect a security system, based on facial, iris or fingerprint biometrics, from a spoofing attack never seen before.
Abd-Almageed also believes there exists a market for enhanced biometric technology.
“I think there are a multitude of potential customers for what we’re doing, basically any entity that currently depends on or in the future would depend on biometrics for phone access, border control and so on,” he said. “I believe we are creating extremely secure technology for the future of biometrics and the security of mankind.”