BIOLAB

Current situation

In the age of advancing digitization and automation, biometric systems have now established themselves among IT security systems for user authentication. Fingerprint methods are widely used in the consumer sector, for example, on smartphones and online banking. Another well-known method is facial verification, as used in passport control at airports or even border controls in the sovereign sector.  The appeal of biometric technologies is primarily due to their ease of use and reliability. This is because, unlike classic authentication methods that use passwords or hardware tokens and are based on knowledge or possession, biometric features are personal and cannot be passed on. But the more widespread this technology is, the more attack surface it offers. To ensure the security and reliability of biometric systems, they must therefore be continuously evaluated and further developed.

Goals of the Biolab project

To meet the challenges in the field of biometrics, the Bonn-Rhein-Sieg University of Applied Sciences (H-BRS) and the German Federal Office for Information Security (BSI) are working on the implementation of the following goals within the Biolab project:

1. Evaluation of biometric systems

Through a continuous evaluation operation at the BEZ, the security of various biometric systems, especially in the area of sovereign applications, will be examined. The systems are tested on three criteria:

• Performance (recognition accuracy of a system)
• Vulnerabilities (resistance to different attack variants)
• Usability (ease of use by end users)

2. Development of evaluation methodologies and tools

Biometric technologies, but also attack methods on biometric systems, are constantly being varied and further developed. Therefore, the test processes for biometric systems must also be continuously revised and improved. In most cases, a new biometric sensor technology also requires a new test process adapted to it. However, there are currently hardly any international standards for these test processes or evaluation methodologies. One goal here is to define technical guidelines that provide concrete specifications for the requirements of biometric systems. Developments in this area include the automation of rolled fingerprints with the aid of a robotic arm, as well as the production of 3D masks that are used in the verification of override security.

3. Development of new technologies

Another goal of the Biolab project is the development of new technologies. These include, for example, new presentation attack detection (PAD) technologies based on optical coherence tomography (OCT). In the university's "3D Finger" project, this imaging technique, which originated in medicine, is used to record three-dimensional fingerprints. This way it is possible to identify deeper skin structures as well as sweat glands and to detect forgeries. In the field of facial biometrics, near-infrared technologies and 3D cameras are used. The near-infrared technology, which is also being investigated in the university project "FeGeb" (Fälschungserkennung für die Gesichtsbiometrie, Engl.: PAD for facial biometrics), makes it possible to distinguish between human skin and other materials with the aid of certain sensors.

3D cameras offer a promising alternative to the use of conventional cameras for detecting attempts at deception. Since these cameras can determine the XYZ spatial coordination for each pixel in addition to the image information, it is possible to distinguish 2D fakes such as photos or displays from real facial shapes. The determined facial profiles can also be used to evaluate additional biometric features.

(At the university, the development and application of 3D cameras is a research focus, for example in the RAIT project).

4. Implementation of training courses and workshops

In the future, the knowledge gained in the Biolab project will be communicated in a practice‑oriented manner in the form of consultations, training courses, and workshops, for example to official end users (German Federal Police), in order to coordinate the development and use of biometric systems more efficiently.

Performance, vulnerabilities, usability

The three criteria for evaluating biometric systems are performance, vulnerabilities, and usability. Performance describes the recognition accuracy of the system. Among other things, it provides information about how often an authorized person is classified as unauthorized by the biometric system and what influence environmental factors, such as lighting conditions, have. To find out vulnerabilities, systems are tested for their resistance to attacks. For example, how well is a camera able to distinguish skin from other materials? Does the system recognize whether it is being presented with a real face or a mask?

Usability examines the user-friendliness of the systems. This plays a decisive role in the quality of the biometric data recorded. To ensure this, it must be ensured that systems are operated correctly by the end user, whether at automatic border control at the airport or on a smartphone, i.e. that they are as easy to use as possible.

How biometric systems work

In general, biometric systems are used for two different purposes: for "verification" (i.e., a 1:1 comparison of currently captured biometric features against a reference to verify a person's stated identity and thus their authenticity) and for "identification" (i.e., a 1:N comparison of currently captured features against a larger set of references (e.g., in a database of N entries) to determine a person's identity).

In the Biolab project, the focus is on the evaluation of biometric verification systems. The question that is answered here is: Is the person presenting themself to the system really who they claim to be? Accordingly, there are two possible outcomes for verification processes: either the claimed identity is confirmed or refuted. This process is composed of the following three steps for all biometric systems: