Facial make-up and latex fingers engraved with someone else’s fingerprint used to be enough to fool identification software – but that’s about to change thanks to an EU project which is part of European efforts to beef-up authentication software and network security.
Identification using facial features or fingerprints – known as biometric identification – was once seen as a way to a password-free future. However, they have proved all too easy to dupe – the fingerprint scanner on Apple’s iPhone 5S was hacked within days of its launch using just a photograph.
The EU-funded TABULA RASA project is coming up with ways to make biometric identification resistant to attack.
‘The aim of the TABULA RASA project is to study the vulnerabilities of biometric systems in the context of spoofing attacks ... and in case of vulnerability, to develop counter measures to detect those kind of attacks,’ said Dr Sébastien Marcel, the project coordinator.
The three-year project set up the Spoofing Challenge where researchers developed new ways of attacking biometric systems. One successful attack involved the attacker using make-up to look more like the person she was trying to fake.
Researchers drew up a list of known spoofing attacks using experts, scientific papers and online sources, and those that were easiest to replicate were chosen for further research as these posed the most realistic threat.
They recreated the attacks and recorded the data, which they then used to develop countermeasures to beef up biometric authentication systems such as face, fingerprint and voice identification software.
They found, for example, that photographic spoofs on facial recognition systems can be identified by detecting how three-dimensional the face is. The flatter and more two-dimensional the face appears to be, the more likely it is to be a spoof.
Model fingers can fool fingerprint scanners. Image courtesy of the TABULA RASA project
The project also studied the effect of combining biometric identifiers to increase security. For example, a real finger can have moisture on it and blood running under its surface. Producing a fake finger to fool moisture and blood-flow sensors can be costly and time-consuming, making the spoofing attack more difficult and perhaps less likely to happen.
‘It can be hacked, but is it worth it?’ said Dr Marcel.
He gave the hacking of the iPhone 5S’s fingerprint scanner as an example. While the method used to hack it was ‘nothing new’, it took days to do, by which point the owner could have locked their phone remotely. ‘You also have to steal the phone,’ he added.
Many of the countermeasures developed during the project are sold commercially by TABULA RASA’s industrial partners. This flow of information and innovation goes both ways, as the industrial partners on the project provide information on commercially available biometric systems and vital market insight for researchers.
Outside of biometric authentication, other EU-funded projects are developing new detection and protection techniques against computer viruses. The MALCODE project identifies a virus by the instructions it carries out on a computer. By detecting the virus at such a low level, the software bypasses many of the virus’ ways of fooling a system, such as encrypting its code.
In addition to researching attacks on individual computers, the EU funds projects investigating and improving the security of communication networks.
Control systems for critical infrastructures, such as power grids, are rapidly moving from offline custom networks to more standardised online solutions.
‘The aim of the TABULA RASA project is to study the vulnerabilities of biometric systems in the context of spoofing attacks.’
Dr Sébastien Marcel, the coordinator of TABULA RASA
‘Unfortunately this technological trend introduces new security issues, since in the new scenario critical infrastructures are increasingly exposed to cyber threats,’ explained Prof. Salvatore D’Antonio, project manager for the INSPIRE project. Researchers on the project developed a system that prioritises important instructions for a critical infrastructure over other network traffic in the event of a fault or cyber attack. This means that network performance is not compromised for the critical infrastructure, even if the total capacity of the network is reduced by a fault or attack on part of it.
Similar to INSPIRE, the TClouds project developed a ‘cloud of clouds’ to make healthcare data and power-grid commands sent through the cloud more resilient to cyber attacks. Using the system, a user can access multiple clouds containing identical information, so that if one cloud is compromised by a cyber attack or simply stops working, another cloud can take over.
New EU projects, such as Privacy-Preserving Computation in the Cloud (PRACTICE), aim to create tools to make user data stored in the cloud unreadable by cloud providers, adding another layer of privacy to cloud computing.
The problems facing online security and biometric authentication research are similar, as Dr Marcel explained, ‘It’s a bit like the virus-antivirus industry – the more attacks and countermeasures to those attacks you develop, the more you realise that you can find more attacks.’
From about 245 to 66 million years ago, dinosaurs roamed the Earth. Although well-preserved skeletons give us a good idea of what they looked like, the way their limbs worked remains a bigger mystery. But computer simulations may soon provide a realistic glimpse into how some species moved and inform work in fields such as robotics, prosthetics and architecture.
As wind turbines become increasingly familiar sights along shorelines, developers of offshore floating platforms, which harness the powerful winds further out to sea, are seeking to establish their technologies as a major viable source of clean energy.
Bill Gates and the European Commission have launched a €100 million investment fund designed to bring radical clean energy technologies more quickly to market in order to promote energy efficiency and cut greenhouse gas emissions.
Floating wind turbines could be a clean energy game changer.
Europe's leadership 'more important than ever', says Gates.
A circular economy needs new business models and reusable products, says Felipe Maya.