1、Cabinet of expertise covering technologies,standards and European policiesTechnology Evaluation Laboratory expert inDigital Identities,Biometrics,Mobile Security,Data Protection and Cyber SecurityWe are member of following associations:Injection attack:a major threat against remote identity verifica
2、tionIFPC 2025,01/04/2025Quick presentation Director of CLR Labs which provides evaluationservices for biometrics(both PAD and IAD),mobile application security,physical accesscontrol and cyber security.PhD on the subject of injection attacks(PhD defense in October 2024)at Ecole des Mines de Saint-Eti
3、enne(France)Editor of the CEN/TS 18099 and the future ISO/IEC 25456Kvin CartaThe standards scopeData captureSignal processingMatchingDecisionApplication DeviceData storage132489567PresentationAttackBiometricData InjectionAttackOverideSignal ProcessorModifyProbeOverrideComparatorModifyScoreOverrideDe
4、cisionOverride orModify DatabaseModifyBiometricReferenceCEN/TS 18099 and ISO/IEC 25456scopesISO/IEC 30107scopeWhat are biometric data injection attacks?Remote identity proofing(RIDP)Different types of fraudsBiometricsID documentPhysicalMaskPhoto printedScreenFake ID documentPrinted on paperAltered I
5、D documentDigitalSelfieReplay attackMorphingDeepfakeReplay attackVideo overlayAugmented reality overlayProblem of digital attacks(as an attacker)How to present a digital attack to the system:With a screen?Ideal:Send the digital attack through a“fictitious”video stream.No or little loss of image qual
6、ity compared to the source media.Bypassing screen detection:liveness detection is purely at the biometric level.Today:State-of-the-art liveness detection systems easily detect the presentation of screensSolution:Injection attacks.UserVerifierIAI(digital)Video injectionIAMApplication or systemVideo c