Kévin Carta（Louis Reynaud 內閣）：注入攻擊：遠程身份驗證面臨的主要威脅.pdf

1、Cabinet of expertise covering technologies,standards and European policiesTechnology Evaluation Laboratory expert inDigital Identities,Biometrics,Mobile Security,Data Protection and Cyber SecurityWe are member of following associations:Injection attack:a major threat against remote identity verifica

2、tionIFPC 2025,01/04/2025Quick presentation Director of CLR Labs which provides evaluationservices for biometrics(both PAD and IAD),mobile application security,physical accesscontrol and cyber security.PhD on the subject of injection attacks(PhD defense in October 2024)at Ecole des Mines de Saint-Eti

3、enne(France)Editor of the CEN/TS 18099 and the future ISO/IEC 25456Kvin CartaThe standards scopeData captureSignal processingMatchingDecisionApplication DeviceData storage132489567PresentationAttackBiometricData InjectionAttackOverideSignal ProcessorModifyProbeOverrideComparatorModifyScoreOverrideDe

4、cisionOverride orModify DatabaseModifyBiometricReferenceCEN/TS 18099 and ISO/IEC 25456scopesISO/IEC 30107scopeWhat are biometric data injection attacks?Remote identity proofing(RIDP)Different types of fraudsBiometricsID documentPhysicalMaskPhoto printedScreenFake ID documentPrinted on paperAltered I

5、D documentDigitalSelfieReplay attackMorphingDeepfakeReplay attackVideo overlayAugmented reality overlayProblem of digital attacks(as an attacker)How to present a digital attack to the system:With a screen?Ideal:Send the digital attack through a“fictitious”video stream.No or little loss of image qual

6、ity compared to the source media.Bypassing screen detection:liveness detection is purely at the biometric level.Today:State-of-the-art liveness detection systems easily detect the presentation of screensSolution:Injection attacks.UserVerifierIAI(digital)Video injectionIAMApplication or systemVideo c

7、apture deviceGenuine source(physical)PresentationVideo inputInjection Attack Method-IAM:It exists several methods(cf.next slides).Injection Attack Instrument IAI:Set of images manipulated video.Application or system:Web application,acquisition software,mobile application,etc.Objective:Bypass securit

8、y mechanisms.Different types of IAMsThe use of modified or falsified camera.It allows the attacker to inject an Injection Attack Instrument(IAI)using a tool or software that is perceived by the facial recognition system as a real camera.Examples:Software virtual camera Hardware virtual camera Extern

9、al video capture card Mobile device emulatorReplacing the images captured by a real camera with attack images.The images are replaced by an IAI during the transmission of authentic images to other modules of the facial recognition systemExamples:Function hooking process Man-in-the-Middle processDiff

10、erent types of IAIsRaw dataThe attacker injects stolen raw data in order to fool the biometric system.Examples:Replay attacks Editing attacksModifed/altered dataThe attacker uses stolen biometric data and modifies it to fool the biometric system.Examples:Face reenactment Morphed images Face swapSynt

11、hetic dataThe attacker can use artificially generated face data in order to conceal its own identity.Examples:Synthetic images Injection Attack Detection(IAD)Injection Attack Method Defense Mechanism(IAMDM)A defense mechanism aiming at making a biometric system resistant to injection attack methods.

12、Examples:Camera anti-tempering Session metadata analysis Code obfuscation Runtime Application Self Protection Mobile device emulatorInjection Attack Instrument Defense Mechanism(IAIDM)A defense mechanism aiming at making a biometric system resistant to injection attack instruments.Examples:Replay at

13、tack detection Automated artifact detection Procedural controls(randomness,humanoperators,etc.)Why do we need a standard?The contextEU regulationsThe AML 5 anti-money laundering regulation and the recent revision of eIDAS have accelerated the use of remote identity proofing solutions(RIDP).This use

14、mainly concerns sensitive services:Digital identity(governments)Banking services e-health services Insurance services A new threatInjection attacks are therefore a recent threat,having emerged with the use of remote biometrics,particularly in remote identity proofing services.This threat is already

15、a reality:783%increase in injection attacks in 2024(iProov)Injection attacks increased 200%in 2023(Gartner)PVID referentialThe Agence Nationale de la Scurit des Systmes dInformations(ANSSI),which is the French cybersecurity agency,has been the first agency to provide of a certification scheme for RI

16、DP in 2021 with the PVID referential.This certification scheme requires penetration testing on presentation attacks,injection attacks and ID document fraud.A need for a standard on the subjectThe arrival of the EUDI walletThe need for a standard was quickly felt in order to explain the problem and e

17、nable manufacturers and academics to tackle the subject head on.It also comes with the upcoming release of the EUDI wallet,where injection attacks represent a major threat of identity fraud during the citizen enrolment phase.A need for European harmonisationThe standard will also make it possible to

18、 harmonise the various projects in Europe that deal in one way or another with injection attacks:French ANSSI(Agence Nationale de la Scurit des Systmes dInformation)in remote identity verification referential calledP.V.I.D.European Standards Organization ETSI(EuropeanTelecommunications Standards Ins

19、titute)in their TS 119 461 whichdeals with remote identity verification.European Union Agency for Cybesecurity(ENISA)in“RemoteIdentity Proofing:Attacks and Countermeasures”report.German BSI(Bundesamt fr Sicherheit in der Informationstechnik)in the Technical Guideline TR-03147 Assurance Level Assessm

20、entof Procedures for Identity Verification of Natural Persons.Spanish CCN Security Guide for ITC products Annex F.11:VideoidentificationThe content of the CEN/TS 18099Definition of the subjectBasically,this is all we have seen since now.All the terms and definition we have used here(IAI,IAM,etc.)hav

21、e been defined in the standard.The standard have been created to tackle different biometric modalities even if for now face recognition is the major target.Indeed,injection attacks are also applicable on:Iris recognition Voice recognition Fingerprint recognition(when filmed through RGB camera)A spec

22、ific test planThe standard provide a complete test methodology for the labs.The methodology is based on the identification+exploitation phases.If an attack bypass the system,it is identified.If it can be reproduced,the attackis exploited.Then the attack is rated thanks to the attack rating methodolo

23、gy defined in the standard.The test plan provides 3 different levels(withdifferent requirements on number of attacks,number of days of testing,etc.):Basic level Substantial level High levelWhy do we need a standardised test plan?Harmonisation between the labsThe main reason is to have a harmonisatio

24、n on the work performed by the different laboratories that will provide conformance evaluations.Indeed,without an evaluation methodology,the laboratories are free to develop their own test plan.For security purposesAs we have seen,most of the services threatenedby injection attacks are sensitive ser

25、vices.The methodology provided in the standard isbased on a deterministic approach to ensure that the system does not have any vulnerability.Important note:a system unvulnerable does not exist.Project began in September2021 Standard published in November 2024.Current state of the standard Mandatory

26、testing in conformance with TS 18099 should be added in the nextrevision of ETSI TS 119 461(October 2024)Could be referenced in the upcoming implementing actsfor EUDI wallet Project began in January 2025 Creation of a Joint WorkingGroup between SC27(Cybersecurity)and SC37(Biometrics)Questions?Our re

27、search papers on injection attacks 2024:K.Carta,A.Huynh,S.Mouille and N.El Mrabet,An Overview of Biometric Data Injection Attacks on Remote Identity Proofing Solutions,SSRN(https:/ Mrabet,S.Brangoulo and C.Barral,How video injection attacks can even challenge state-of-the-art Face Presentation Attac

28、k Detection Systems,IMCIC 2023-14th International Multi-Conference on Complexity,Informatics and Cybernetics,DOI:10.54808/IMCIC2023.01.105 2022:K.Carta,C.Barral,S.Mouille and N.El Mrabet,Video injection attacks on remote digital identity verification solution using face recognition,IMCIC 2022-13th I

29、nternational Multi-Conference on Complexity,Informatics and Cybernetics,DOI:10.54808/IMCIC2022.02.92 2021:K.Carta,C.Barral,S.Mouille and N.El Mrabet,On the pitfalls of video conferences for challenge based face liveness detection,25th World Multi-Conference on Systemics,Cybernetics and Informatics,WMSCI2021,ISBN:978-171383519-6