Modern mobile devices such as smartphones are equipped with a variety of sensors, ranging from motion measurement and GPS to biometric sensors. Some experts say that with the introduction of the Apple iPhone 5S a new era has begun for identification management. But is this really true? What are the requirements for reliable mobile devices? Distinction will be made between supervised and unsupervised use, in a professional and a consumer environment. What is the current status of technology? Which future improvements do we expect? Ruud van Munster tries to find the answers.
“The Apple iPhone 5S will definitely mean a change in identity management. Individuals will get back control over their identity. This is definitely disruptive technology.” This statement by a biometrics expert had only just been delivered when the first reports were published of hacking the iPhone’s finger scanner. This was to be expected. Does this make the statement invalid? The question is indeed whether this specific product is going to cause a paradigm shift. But the fact that an era has been marked, in which smartphones and other devices will take over the tasks of the larger biometrics systems, can no longer be denied.
Smartphones have obtained a central role as the inseparable personal assistant of almost every citizen. Besides making phone calls, sending emails and engaging in social media, navigation, calendar management and access to information also play a key role. For some time now, smartphones have been equipped with a range of on-board sensors that were inconceivable in the past, including a (photo) camera, compass, motion sensors, level sensors and GPS. Both the miniaturisation of electronics and sensor technology have been a breakthrough. So why would fingerprint sensors and iris scans not be part of it? The ability to use fingerprints as a means of identification has been around for quite some time. The iris scan is currently only available in top-class devices, but it seems only a matter of time until it is available in consumer devices as well.
Vulnerability of biometrics
Biometric systems are vulnerable to various kinds of attacks. This applies to the traditional, larger systems as well as to the more recent mobile systems. It is crucial that mobile systems get extra attention to make them more resistant against attacks.
Biometric systems can be attacked by unnoticeable changes to the device, granting a person with a forged identity the rights of the rightful owner. As an example, the data path between the sensor and the information processing system can be modified. As a result a different finger is captured than has been taken by the sensor. Other options include customising the database or injecting unwanted code. The most famous way of attacking a biometric system, however, is the so-called spoofing: a counterfeit or altered face, finger or iris is presented to a device.
A popular example of spoofing is covering a finger with a replica of someone else’s finger skin. This can be carried out with a range of materials, depending on the specific sensitivities of the scanner to be spoofed. An interesting possibility is making a transparent copy of solidified wood glue. The sensor will recognise the line pattern of the counterfeit finger, but also experiences the skin colour of the finger on which the replica is placed. Even top model tamper-resistant sensors can be fooled this way.
Face recognition systems can also be spoofed. The biometric authentication can be fooled with an image of the authorised user or by presenting a laptop screen with an image of the owner’s face to the camera.
There are various measures against spoofing. Faces can be tested for the presence of eye movement and other (micro) movements in the face. Digitally recorded images can often be detected by checking whether moiré-like patterns occur as a result of repeated digitisation. Another commonly used measure against using copies of fingerprints is the use of multispectral scanners, which analyse the material of the skin.
Supervised versus unsupervised use
Spoofing is especially dangerous when biometric systems are used in unsupervised mode. In supervised use an officer is usually involved, who – if sufficiently alert – can recognise a spoofing attack. The example of the face on the laptop screen can easily be recognised. Thin layers of material that are applied to a finger require more attention. With the current state-of-the-art biometrics it is necessary to make a clear distinction in risk assessment for both modes of operation.
Supervised mobile biometrics
In supervised mobile biometrics an officer is supported in performing his or her task by a professional mobile biometric device. Examples are: police checks in the street, identification by stewards in football stadiums and ticket inspectors in public transport. In these situations the unit is in safe hands. If sufficiently alert, the officer will be able to identify the most common cases of spoofing. In these cases a professional device is used instead of a consumer product.
Unsupervised mobile biometrics
Unsupervised mobile biometrics are potentially the holy grail of identification. It includes selfidentification, often performed with mobile devices at home or while travelling, out of sight of controlling authorities. This is what is meant by the paradigm shift mentioned in the introduction. Obviously, there is no human supervision with respect to spoofing. Moreover, in this situation a high risk of unseen modifications to the equipment occurs, which leads to additional requirements in order to detect attacks. At the same time, in this situation, it has to work in consumer products. A clear case of conflicting requirements, and one that could be a serious showstopper for the paradigm shift.
Future, the paradigm shift expected or hoped for
The ultimate paradigm shift that we all hope for is that a verifiable signal from the smartphone will be sufficient to tell us that we can trust someone to do business with, whether this is a bank transfer, cash withdrawal, border passage or access to a restricted area. The emphasis is on the authority of a person (‘What is this person allowed to do?’), rather than on their identity (‘Who is this person?’). This is a way to approach the ideal of Privacy Enhancing Technology (PET) as close as possible. The device presents no more information about the person than is necessary for the intended purpose. It will be clear that the amount of information (and thus privacy), to be released to create confidence, depends directly on the confidence that the approving authority has in the underlying technology, and thus the extent to which vulnerabilities can be prevented.
Reality, the current situation
After hacking the iPhone 5S, currently one of the flagships of consumer smartphones, it is too early for the above-mentioned ‘blind faith’ scenario, where the judgment of the smartphone can be fully trusted. The intended unsupervised use, including home banking and other transactions from home, is susceptible to fraud. Attackers have every opportunity to make a replica of a finger out of sight of anybody, or even modify or hack the entire device.
With today’s smartphones we will have to make do with unattended biometrics applications without high security requirements, but there is nothing wrong with that. There are many possibilities where biometrics on the smartphone can be used for personal applications, for example to protect the data on the smartphone or for applications where the phone gives access to home automated applications.
Current professional smartphone opportunities
Using smartphones for supervised applications is a good option. In these situations the possibilities to easily hack the device or to present fake fingerprints are limited.
The use of smart phones for supervised applications has been given an extra boost with the introduction of devices that extend their use. An example is the Grabba smartphone extender. The Grabba contains a housing that can serve as a docking station for smartphones or tablets, supplemented with a choice of various devices for reading fingerprints, signatures and passports, as well as barcodes and data from RFID chips (figures 1,2 and 3). The device uses the computing power, communication facilities and user interaction of the smartphone or tablet. Support includes Apple iPhone, Samsung Galaxy, and BlackBerry. The smartphone is turned into a handheld biometrics device or a handheld passport verification system.
Future of smartphones
Although the professional use of smartphones and tablets for biometric applications is still limited to supervised use, we have an exciting future ahead of us. Smartphones are true champions in combining information from a variety of very different sources and sensors. The future of biometrics lies in the use of multiple biometrics to come to a decision about identification. It is therefore expected that these paths will intersect at a good time and will yield a reliable combination. The smartphone in its current form is already collecting a lot of information about its owner, such as location information and movements. This information contributes to the determination whether a particular person using the device is the original owner. Further miniaturisation will lead to yet unimaginable sensory observations. Recently a device was announced that can be worn as a wrist strap. By touching the device with a finger of the other hand, an electrical circuit is made though the body and the cardiac signals are detected. Not only the heart rate is determined this way, but the heartbeat also contains personal characteristics, which can serve as a signature. This signature can contribute to the determination of the identity of the owner. The device directly communicates with the smartphone. Miniaturisation will also enable improved biometric sensors to be built into the small space of a mobile device. It is expected that application of nanotechnology will bring us a step forward in the miniaturisation of highly accurate and reliable iris scanners. Perhaps, the combination of these developments will bring us the expected breakthrough.