Considerations on T.PA_Enrolment

[BrJu]

From @yamadaAIST

The current T.PA_Enrolment is as follows:

An attacker may attempt to get impersonated as another user during enrolment. In order to perform the attack, the attacker uses artificial biometric characteristics, carrying the biometric characteristic of the attacked user (as so called Presentation Attack)

The current T.PA_Enrolment contains two threats: one is identity theft and the other is presentation attack. The former half is identity theft. If an attacker uses another user’s identity and enrols the attacker's own biometric characteristic, then he can impersonate the user of the identity later. The latter half is presentation attack. Even if an attacker doesn’t know another user’s identity, he or she can enrol an artefact with his or her identity and later ask another attacker to impersonate the first attacker using the artefact. This makes a collusion attack. For example, the first attacker can claim that his smartphone was stolen and his account was illegally used to pay for an Internet shopping through a presentation attack.

An impersonation is an attack to authentication system, i.e., it cannot be done if a user is not registered. Still presentation attack is possible to enrolment system, for example, an attempt to enrol artefacts or enrol a biometric characteristic in such a way that it results in a biometric reference in a low quality. They shall not make biometric references. They are considered as presentation attacks to enrolment system. If they are successfully enrolled, they will facilitate presentation attacks to verification system later. In biometrics, identity is out of scope. By definition, a biometric verification is just a comparison of a biometric probe against a biometric reference and does not handle the identity. In BioAPI, a standard API in biometrics specified in ISO/IEC JTC 1/SC 37, there is no input parameter of identity for the verification function. Threats in the cPP should be as universal as possible, Therefore the threat on identity theft should be optional. In conclusion, the current threat should be divided into a threat of presentation attack and an optional threat of identity theft.

T.PA_Enrolment During enrolment, an attacker may attempt to present an artefact or his/her biometric characteristic in such a way that it results in a biometric data of a low quality to be enrolled as his/her biometric reference for the purpose of successful presentation attacks of later biometric verification.

T.IdTheft_Enrolment (optional) During enrolment, an attacker may attempt to use another user’s identity for the purpose of impersonation of later biometric authentication.

[BrJu]

From @woodbe, on T.PA_Enrolment

So again, thinking about the mobile use case, where I’m not sure it is realistic to assume the attacker can actually enroll even artifacts (the collusion case is not something that can be readily handled on a device that it outside any other controls), I am wondering about whether this is really an attacker issue or just that the system should not allow poor quality templates (references). In the MDFPP v3/3.1 there is FIA_BMG_EXT.2.1 which specifically states sample quality shall be sufficient to create a good template to some metric (they suggested the NFIQ as that was what some people knew, but it was an assignment). This was an objective (i.e. we would like to see it now, but it is optional today, could be mandatory in the future) which I think is still relevant for mobile (since I have yet to see an agreed-to metric we could/should use), I think this is a better approach. I would suggest this instead:

T.PA_Enrolment : During enrolment artefacts or biometric characteristics may be presented in such a way as to result in a low quality biometric reference for the enrolled user that may be subject to successful presentation attacks during later biometric verification.

This would take the threat away from a specific attacker and move it to a general issue about making it a general threat, even from the actual user that a poor set of samples can lead to a low quality biometric template. I don’t see any specific Threat or Objective that seems to talk about this in this manner (i.e. covering the accidental low quality template as opposed to the intentional one).

[n-kai]

First of all, it’s not possible to define “optional” threat in the PP under current CC. So it’s not possible to define T.IdTheft_Enrolment in our PP.

Secondary, quality of image may not be relevant to the SFAR (Spoof False Accept Rate). Intuitively low quality image could cause higher SFAR however there is no scientific background of such hypothesis. There is a research paper on face anti-spoofing that shows that anti-spoofing accuracy is worse for higher quality image. So low quality image can be successfully enrolled, but they may or may not facilitate presentation attacks to verification system later. It may depend on the matching/PA algorithm of the TOE or modality. Threat should not include such uncertain specificity but supporting document may include such information.

I prefer simpler threat like “An attacker may attempt a presentation attack to the TOE using presentation attack instruments” and SFR such as “The TSF shall perform Presentation Attack Detection testing on each biometric verification and [selection: enrollment, none]”

It may not be necessary to consider presentation attack to enrolment for mobile device. Vendor normally provides a manual and instruct a user to enroll herself correctly (CC evaluation normally assumes that a user or admin follow the manual because it’s user or admin’s responsibility to follow the manual and use the TOE securely). So if a user is assumed to follow the manual, it’s not possible to present an artefact or his/her biometric characteristic intentionally in such a way that it results in a biometric data of a low quality. However I also know that some customer want to see PAD for mobile biometric enrolment so we may need to satisfy both needs.

[BrJu]

On T.IdTheft_Enrolment: as this is a threat, and as the wording implies, I think it will not apply if you manage no identity.

I like @n-kai suggestion “An attacker may attempt a presentation attack to the TOE using presentation attack instruments”. Additionally, if we want to include the issue with low quality enrolment, as it may have an impact on accuracy of biometric recognition part, then we would need to add an additional threat focusing only on low quality (I have a doubt: didn't we already discuss this before?).

On PAD for mobile biometric enrolment: I also know customer requiring it.

[nils-tekampe]

If I understand the proposal from @n-kai and @BrJu correctly, it would mean to 1) replace the current T.PA_enrolment and T.PA_Verification with a generic threat like “An attacker may attempt a presentation attack to the TOE using presentation attack instruments” 2) later introduce a SFR that requires PAD but allows the ST author to choose whether its required for enrollment or verification of both?

It this is a correct summary, I would support this proposal. However, we have to make sure that the whole security statement of the PP stays sound. This means that the ST author shall only perform a meaningful assignment in the SFR that is appropriate for its TOE. I would suggest to add an application note to highlight this.

[n-kai]

I think that we have to wait a response from @woodbe about the new proposal. He is out of office this week but would join the next meeting.

[BrJu]

seems ok from the today's call that @nils-tekampe implements his comment, but wait for @woodbe and @yamadaAIST feedbacks, and we will open a new issue on low quality enrolment.

[yamadaAIST]

There were SC 37 WG meetings in Japan. I had s short interview with Dr. Christoph Busch on T.PA_Enrolment: During enrolment, an attacker may attempt to present an artefact or his/her biometric characteristic in such a way that it results in a biometric data of a low quality to be enrolled as his/her biometric reference for the purpose of successful presentation attacks of later biometric verification.

I introduced Kai-san's opinion:

(1) Quality of image may not be relevant to the APCER. (2) Intuitively low quality image could cause higher APCER however there is no scientific background of such hypothesis. (3) There is a research paper on face anti-spoofing that shows that anti-spoofing accuracy is worse for higher quality image. (4) So low quality image can be successfully enrolled, but they may or may not facilitate presentation attacks to verification system later. (5) It may depend on the matching/PA algorithm of the TOE or modality.

Dr. Busch agreed to (2), the latter part of (4), and (5) (He used an expression "thinking logically" instead of "intuitively". There is a little difference between (2) and his idea). Regarding (5), he let me an example:

If the algorithm is tolerant for intra-class (intra-subject, intra-instance) variation, that might be the case for accommodating the environmental changes or changes of the biometric characteristics due to aging.

However he still thinks that there should be T.PA_Enrolment. I didn't ask the reason why he thinks so.

Two experts from different Japanese vendors also supported T.PA_Enrolment because TOEs with sufficient security can counter this threat while TOEs with insufficient security cannot, and can differentiate themselves. In other words, there should be T.PA_Enrolment because of (5).

[yamadaAIST]

To @woodbe, on T.PA_Enrolment

1. There is no threat without attackers. It is natural to use attacker to define a threat.

2. The real threat of presentation attack is to biometric verification. A PA to enrolment is just a preparation for a PA to biometric verification. If an artefact can be enrolled, then it will match the biometric reference enrolled with it. If a biometric reference of low quality can be enrolled, then an artefact or a presentation which results in a biometric sample of low quality may match the biometric reference. As you think, it would be good to specify a quality standard for biometric reference. Fingerprint is a special case, an exception which has a quality standard NFIQ. Most of the modalities don't have such quality standards. Instead each TOE has its own quality "standard".

3. An artefact may result in a data of high quality. In most of products, there are other criteria to conclude a presentation is an attack.

[woodbe]

Sorry for the delay in responding.

I like the porposal as summarized by @nils-tekampe in replacing it with a generic attack followed by an SFR where it can be selected for enrollment as a selection.

This is something along the order (I think) of how @n-kai wrote it up in the use case 2 SPD.

[nils-tekampe]

@yamadaAIST will write down some information on a specific attack regarding this discussion before the next meeting

[yamadaAIST]

An attack scenario to Internet banking (of use case 2): 1) An attacker, say A, who lives in a country X enrols an artefact as A's biometric reference at an mobile device M in order to use the biometric authentication at an Internet banking site BNK. It does not matter whether the artefact is made very similar to A's biometric characteristic or not. At this stage, the goal is that an artefact is enrolled. 2) A orders a cooperated attacker, say B, to use the artefact to be authenticated as A at the Internet banking site BNK. A hands the mobile device M to B, leaves the country X to go to another country Y. 3) B accesses to the Internet banking site BNK with the mobile device M in the country X, is authenticated with the artefact, and withdraw a huge amount of money from A's banking account after A has left the country X. B destroys and leaves the mobile device M so that it is not found. 4) A says that A has lost the mobile device M but has not been aware of that. A also says a lot of money has been withdrawn from A's banking account while A was away from the country X. It is proved that the access to the banking site BNK was from the country X and that the money was not withdrawn by A because A was not in the country X at the time. There is no evidence that an artefact was enrolled because the mobile device is lost.

I heard from a biometric product manufacturer that banks often asks them whether their product can reject presentation attacks during enrolment because banks are afraid of attack scenarios such as above. If presentation attack is possible during enrolment, presentation attack during verification is very easy.

[n-kai]

I know this senario but my question is:

In step 3, you mentioned that "withdraw a huge amount of money from A's banking account", how can B actually withdraw money in Japan? As you know, you can't directly withdraw money from ATM with mobile device in Japan. So B need to transfer such money to B's account first to withdraw money but it's too risky. So this threat may not be applicable to internet banking in Japan or other countries.

In some countries you can withdraw money from ATM with mobile devices after biometric authentication so this attack may work and PAD for enrolment should be implemented.

This is the reason why I suggested to make PAD for enrolment optional so that, for example, banks can select what they want.

Another reason is that I want to set a appropriate bar for vendors as Brain mentioned.

[BrJu]

On the threat scenario detailed by @yamadaAIST , note that if the artifact used in enrolment is B's biometric data, then the threat remains even if PAD is active at verification.

[woodbe]

I'm not sure I really see how PAD would prevent this. As @BrJu says, using B's data directly bypasses any PAD because the device can't know you that isn't A's biometric. That seems a much easier threat to pull off, too, just using B's data directly, because if you enrolled a fake for B and then he tried to use it, what if it failed (as the attacker committing the fraud)? I would think enrolling a fake and then trying to use a "real" biometric could lead to similar issues as the traditional use (with the fake trying to match a real).

[BrJu]

checked during the meeting: remains open until next meeting. For the moment, the easier option seems to have PAD optional for enrolment.

[yamadaAIST]

If PAD is not evaluated at enrolment for a TOE which is vulnerable to fakes, then any fake presented by anyone can be verified against the enrolled fake . In order to exclude such TOEs of low product quality with CC evaluation, the evaluation of PAD for enrolment is necessary. Some Japanese stakeholders think that customers will feel safe if PAD evaluation for enrolment is done.

[BrJu]

use case 1: make it optional ( @n-kai ) - see Nils comment from June 28 to implement it.

Discussion still open for other use cases.

[BrJu]

For use case 1, to be reformulated based on decision on #24

[BrJu]

Enrolment case being optional, an application note will be added in T.Presentation_Attack in cPP for use case 1

[n-kai]

I added the following notes. please close this item if it's OK.

"The TOE may or may not counter the presentation attack during the enrollment. If the ST author requires the TOE to counter the attack during the enrollment, ST author should include relevant optional security requirement defined in “6.2 Optional Security Fundamental Requirements”.

[BrJu]

Thanks @n-kai Closed. Above text had been integrated since 3 weeks. If any objection or further thought, drop me a message or open a new issue.