Increase of recognition performance and security of biometric processes

Biometrics is the automated recognition of individuals by their behavioral and biological characteristics. Among the most widely used biometric recognition methods are the observation of the characteristics fingerprint and face. Biometric recognition systems are nowadays an integral part of identity management systems. Unlike knowledge- and ownership-based authentication systems, biometric characteristics cannot be lost or delegated to third parties. This advantage improves both the usability and the security of traditional authentication systems, leading to an increasing deployment of operational biometric systems.

In a biometric system, a biometric sample is captured at the time a subject is registered. After pre‐processing the captured data, the biometric features are extracted and stored in a database as a biometric reference (template). During a biometric authentication, another biometric sample is acquired and processed in the same way to generate a probe sample. The features calculated from the probe sample can be compared with one or more reference template(s) within the database. The result of a biometric comparison process is a comparison score or a list of scores. A biometric decision can then be taken, based on the generated scores.

Core Topics

From the described general processes within a biometric system, various problems arise with regard to three core topics: quality, security and privacy, that define open research questions.

To determine the quality of biometric samples, e.g. facial images or fingerprint images, is an essential process of a biometric system when a high recognition performance is required. The signal quality of biometric reference data is crucial and will determine, how well the stored reference data is suited for automated recognition of the enrolled data subject. High recognition performance can only be achieved if the quality of the captured biometric data is sufficient. This applies in particular to biometric systems in which a large number of subjects is registered. Nevertheless, a reliable determination of the quality of biometric data is an unresolved research topic for many biometric modalities. In order to improve the usability and recognition performance of biometric systems, new algorithms must be developed that ensure a robust determination of the quality of biometric samples. This is particularly true for facial data, as shown by a recent study by the Joint Research Centre (JRC) of the European In addition to the need for robust algorithms, this study also calls for the standardization of such mechanisms. The aim of this research area is to develop algorithms and methods that allow a robust quality assessment of biometric samples. Moreover, the quality of service provided within biometric applications with limited resources is targeted in this research area. This requires efficient, adaptive, and application-aware innovations.

The increasing deployment of biometric systems requires a risk and impact assessment of these technologies. Due to the fact that many established biometric methods capture a publicly accessible source ‐ especially the face of an individual, so‐called presentation attacks or spoofing attacks are highly security‐critical. During a presentation attack, the attacker presents a so‐called presentation attack instrument to the biometric capture device, e.g. a 3D face mask, with the aim of being recognized as a (specific) data subject, who registered in the biometric Presentation attacks are probably the most relevant type of attack on biometric systems. In addition to presentation attacks, the vulnerability of biometric face recognition systems with regard to manipulation of biometric samples during the enrolment process (morphing attacks and image processing, e.g. through so‐called Beautification Apps) has recently been confirmed and published in inter­national media. Reliable detection of such manipulations is still an unsolved research task. In addition to developing suitable countermeasures with regard to the security‐relevant vulnerabilities mentioned above, the aim of this mission is to identify possible further vulnerabilities and to develop countermeasures. Moreover, issues inherited within the established biometric systems such as decision bias will be tackled within this research area.

In particular since the EU General Data Protection Regulation (GDPR) came into force, biometric reference data must be permanently protected. Conventional cryptographic methods, however, are unsuitable because they do not allow biometric comparison in the encrypted domain due to the variance in the biometric measurement. So‐called Biometric Template Protection procedures must therefore be used. Existing approaches, however, clearly show a conflict between biometric recognition performance and the degree of protection of biometric data. The aim of this mission is to investigate the use of special cryptographic methods, e.g. homomorphic encryption, in order to tolerate biometric variance in encrypted space. However, these methods are computationally very demanding and result in long response times, when a probe feature vector has to be compared against numerous reference templates. An efficient and data protection‐friendly identification with the help of biometric data is still an open research topic, which will be dealt with in this research area.

Research goals of NGBS

The research area “Next Generation Biometric Systems” should make fundamental progress in the field of biometrics and achieve the following goals and objectives.

Goal 1

Robust quality determination of biometric samples

A core objective of the mission is to develop newalgorithms and methods for quality determination. As describe dabove,this is highly relevant from a practical point of view for the operational systems in Europe (such as the Visa Information System and the Entry‐Exit System), in particular for theuse of face recognition systems.

Goal 2

Increased security against attacks on biometric systems

A systematic vulnerability analysis is essential to ensure the security of biometric systems. Suitable countermeasures must be developed for already known attack vectors. In addition to presentation attacks, the vulnerability of biometric systems (especially face recognition) to image manipulation has recently been identified. This specific research field is still in statu nascendi and only a few countermeasures have been proposed. The practicability of such countermeasures has not yet been tested in operational systems. A partial objective of the mission is, to analyze the security of biometric systems on the basis of a rigorous vulnerability analyses and to develop effective countermeasures. Moreover, such attacks on embedded and mobile biometrics imposes specific requirement that cannot be directly addressed for solutions developed for other application domains. Securing this rapidly expanding family of embedded biometric use-cases still require expanded research effort to be addressed.

Goal 3

Improved protection of biometric reference data

A weakness of today's biometric systems is the inadequate protection of biometric reference data. Classic cryptographic methods are not sufficient, to protect the privacy of data subject registered within a biometric systems. While existing template protection mechanisms can offer partial protection of biometric data, this is usually accompanied by a significant loss in recognition performance. The aim of the mission is to develop new concepts for data protection‐friendly processing/storage of biometric data. This an absolute necessity, if future biometric systems shall comply with new legal frameworks, in particular the EU General Data Protection Regulation (GDPR).

Goal 4

Increasing the efficiency and recognition performance of biometric identification systems

There is a steady growth of databases that link biometric data with other personal data (large scale databases). If a capture biometric probe sample has to be compared against a large amount of reference data to determine the identity of a capture subject, this can lead to long response times and an increased false positive identification rate of the system. In order to scale with the growth of biometric databases, the recognition performance of biometric systems must be improved. One objective of the mission is to improve the generalizability of biometric systems, especially facial recognition systems, in order to increase biometric performance. This is absolutely necessary for biometric data that show an increased variance, e.g. beautified facial images, which are very often found in social networks. On the other hand, a further objective is to develop methods that allow an efficient search query with the help of biometric data in large databases (in real time). Efficiency is specifically important when dealing with limited computational resources, which is the case in embedded and mobile biometric applications. Building modern and high-performing biometric solutions is essential to enable the spread of the technology in this domain. One of the goals of this project is to build smaller and more efficient models for the different sub-processes that constitutes the biometric decision making workflow.

Goal 5

Impacting inter­national standards evolving in the field of research

One of the mission's concurrent objectives, which covers all core topics, is to contribute the achieved findings to the relevant committees that deal with the standardization of biometric systems. This enables a transfer of knowledge to the industry and guarantees a long‐term impact of our research for operational biometric systems and thus for all end users. This additionally enables a transfer of knowledge to the relevant stakeholders (such as industry and policymakers) with a potential of long-term impact of our research for operational biometric systems and thus for all stakeholders.