Defending against advanced attack

vectors on Biometric Identification

and Authentication Systems

Description
Biometric authentication in the current age mostly relies on fingerprint authentication, facial authentication, voice &
video recognition, and behavioral contexts. The attack ecosystem has evolved to adopt capabilities to circumvent the
authentication system using fake video, audio, and even by playing with behavioral attributes. The attack vectors
exploit deep learning capabilities to plan and launch the attack in novel and automated ways. As digitization heavily
relies on biometrics authentication, such compromises would lead to identity theft, the integrity of transactions, and
lead to financial loss. They would also lead to low confidence of end-users and would affect the realization of
digitization goals. Criminals are exploiting the biometric authentication for various malicious and unlawful purposes
using artificial intelligence and machine learning, especially deep learning and generative adversarial network.
Morphed or doctored image/ video/ audio are used to develop fake videos to carry out financial frauds. Biometrics
authentication unleashes many digitization possibilities. Securing digitization demands a sound defense against such
advanced attacks.

Background

Financial sector regulations allowed video KYC for opening accounts or onboarding customers. It is a great step towards
digitization by allowing video KYC through regulated entities such as banks, non-banking financial companies, wallet
service providers, and other financial entities. Adversarial network using deep fake technologies can use morphing or
doctoring image/ video/ audio to compromise the system. Even advanced behavioral biometric like GAIT can be
compromised. Information can be leaked via profiling of sensors and using side-channel attacks. For securing
digitization, protection against such attacks needs to be built, which should have the capability of detection of
doctoring the attributes used for malicious use. Real-time identification of the events compromising security through
video analytics would help to make identification and authentication robust. The solution should also be able to browse
through multiple vectors, contexts, and stages of the attacks to provide real-time contexts for taking authentication
decisions.
Possible Targets
▪ Endpoint or/and on-premise or/and cloud deployment or/and mix-up of the solution
▪ Separate solution or solution that integrates with existing solution as an add-on
▪ Software or hardware or mix up of the approaches
▪ Point solution for a client or platformed solution for multiple clients

Industry Use Cases

• Transaction processing industry (BFSI, Telecom)

• Government institutions and public sector for delivering public services and benefits transfer
• Law enforcement for investigation purposes
• Curbing frauds in educational and skill building industry

Expected Outcome

• Solution or product that rely on software, hardware, cloud capability- any of it or combination
• Solution or product that provides high throughput, delivers a higher level of performance, and scalable
• Solution or product that promises higher accuracy, and lower false positives and negatives
• Solution or product that is interoperable and integrable