Facial make-up and latex fingers engraved with someone else’s fingerprint used to be enough to fool identification software – but that’s about to change thanks to an EU project which is part of European efforts to beef-up authentication software and network security.
Identification using facial features or fingerprints – known as biometric identification – was once seen as a way to a password-free future. However, they have proved all too easy to dupe – the fingerprint scanner on Apple’s iPhone 5S was hacked within days of its launch using just a photograph.
The EU-funded TABULA RASA project is coming up with ways to make biometric identification resistant to attack.
‘The aim of the TABULA RASA project is to study the vulnerabilities of biometric systems in the context of spoofing attacks ... and in case of vulnerability, to develop counter measures to detect those kind of attacks,’ said Dr Sébastien Marcel, the project coordinator.
The three-year project set up the Spoofing Challenge where researchers developed new ways of attacking biometric systems. One successful attack involved the attacker using make-up to look more like the person she was trying to fake.
Researchers drew up a list of known spoofing attacks using experts, scientific papers and online sources, and those that were easiest to replicate were chosen for further research as these posed the most realistic threat.
They recreated the attacks and recorded the data, which they then used to develop countermeasures to beef up biometric authentication systems such as face, fingerprint and voice identification software.
They found, for example, that photographic spoofs on facial recognition systems can be identified by detecting how three-dimensional the face is. The flatter and more two-dimensional the face appears to be, the more likely it is to be a spoof.
Model fingers can fool fingerprint scanners. Image courtesy of the TABULA RASA project
The project also studied the effect of combining biometric identifiers to increase security. For example, a real finger can have moisture on it and blood running under its surface. Producing a fake finger to fool moisture and blood-flow sensors can be costly and time-consuming, making the spoofing attack more difficult and perhaps less likely to happen.
‘It can be hacked, but is it worth it?’ said Dr Marcel.
He gave the hacking of the iPhone 5S’s fingerprint scanner as an example. While the method used to hack it was ‘nothing new’, it took days to do, by which point the owner could have locked their phone remotely. ‘You also have to steal the phone,’ he added.
Many of the countermeasures developed during the project are sold commercially by TABULA RASA’s industrial partners. This flow of information and innovation goes both ways, as the industrial partners on the project provide information on commercially available biometric systems and vital market insight for researchers.
Outside of biometric authentication, other EU-funded projects are developing new detection and protection techniques against computer viruses. The MALCODE project identifies a virus by the instructions it carries out on a computer. By detecting the virus at such a low level, the software bypasses many of the virus’ ways of fooling a system, such as encrypting its code.
In addition to researching attacks on individual computers, the EU funds projects investigating and improving the security of communication networks.
Control systems for critical infrastructures, such as power grids, are rapidly moving from offline custom networks to more standardised online solutions.
‘The aim of the TABULA RASA project is to study the vulnerabilities of biometric systems in the context of spoofing attacks.’
Dr Sébastien Marcel, the coordinator of TABULA RASA
‘Unfortunately this technological trend introduces new security issues, since in the new scenario critical infrastructures are increasingly exposed to cyber threats,’ explained Prof. Salvatore D’Antonio, project manager for the INSPIRE project. Researchers on the project developed a system that prioritises important instructions for a critical infrastructure over other network traffic in the event of a fault or cyber attack. This means that network performance is not compromised for the critical infrastructure, even if the total capacity of the network is reduced by a fault or attack on part of it.
Similar to INSPIRE, the TClouds project developed a ‘cloud of clouds’ to make healthcare data and power-grid commands sent through the cloud more resilient to cyber attacks. Using the system, a user can access multiple clouds containing identical information, so that if one cloud is compromised by a cyber attack or simply stops working, another cloud can take over.
New EU projects, such as Privacy-Preserving Computation in the Cloud (PRACTICE), aim to create tools to make user data stored in the cloud unreadable by cloud providers, adding another layer of privacy to cloud computing.
The problems facing online security and biometric authentication research are similar, as Dr Marcel explained, ‘It’s a bit like the virus-antivirus industry – the more attacks and countermeasures to those attacks you develop, the more you realise that you can find more attacks.’
Imagine controlling your computer just by thinking. It sounds far-out, but real advances are happening on these so-called brain-computer interfaces. More researchers and companies are moving into the area. Yet major challenges remain, from user training to the reality of invasive brain implant procedures.
Artificial intelligence is growing ever more powerful and entering people’s daily lives, yet often we don’t know what goes on inside these systems. Their non-transparency could fuel practical problems, or even racism, which is why researchers increasingly want to open this ‘black box’ and make AI explainable.
In the summer of 2014 a strange building began to take shape just outside MoMA PS1, a contemporary art centre in New York City. It looked like someone had started building an igloo and then got carried away, so that the ice-white bricks rose into huge towers. It was a captivating sight, but the truly impressive thing about this building was not so much its looks but the fact that it had been grown.
Bilingual people can effortlessly switch between languages during everyday interactions. But beyond its usefulness in communication, being bilingual could affect how the brain works and enhance certain abilities. Studies into this could inform techniques for learning languages and other skills.
Live mycelium networks, capable of information processing, could be used as building materials.
Researchers are investigating whether bilingualism enhances certain cognitive abilities.
Dr Kate Rychert studies ocean plate structures.