[IT REQUEST] Cooperative fingerprint vs non-cooperative

[woodbe]

Before submitting your request, please check https://biometricitc.github.io/TD/tech-dec.html for the current set of Technical Decisions.

Requesting Organization: Google

Status: If your issue arises from a currently active CC evaluation then please tick the ‘On-going certification’ box, submit the completed request through your Certification/Validation Body (CB), and update the 'Certification deadline dates' field.

[X] On-going certification [ ] Preparatory/Other

Certification Deadline Dates: In process for listing, testing needs to be finished by December 15 (estimate)

SFR or Section of cPP/SD/Toolbox in question: Fingerprint toolbox - creation of the species

Supporting Document testing in question: Fingerprint toolbox

Issue: The fingerprint toolbox has been written with the expectation of using cooperative fingerprint sources to create all species that will be tested. While this does have benefits for consistency in producing species, the problem is that this scenario provides what are essentially MUCH higher quality fakes than normally seen in practice. Most testing systems specifically preclude the use of cooperative samples due to the much higher quality of the captured sample and the unrealistic nature of such an attack (if you can capture it cooperatively, why did you need to capture it in the first place).

In testing reported from the lab, samples using cooperative testing are able to bypass at much higher rates than shown with internal testing using non-cooperative samples (upon which claims are based for our products). As this is the first time these are being tested, it looks like the assumptions about cooperative may have been wrong, and use of non-cooperative may be imperative to reflect actual use.

Proposed Resolution: The resolution seems to require a move to non-cooperative capture instead of cooperative to reflect the actual expectations of how the sensors will be used in the real world.

Another alternative could be to make some assumptions about cooperative vs non-cooperative success rates (like saying that 3x more failures are allowed than the claim due to the capture being cooperative), but this seems very open to problems, and some cooperative fakes may have VERY high success rates (which would also mean needing to tailor that assumption to each type of fake).

Rationale: I don't have any specific supporting evidence, though https://e-archivo.uc3m.es/bitstream/handle/10016/29714/tesis_ines_goicoechea_telleria_2019.pdf?sequence=1&isAllowed=y seems to show a similar difference between cooperative and non-cooperative fakes in testing (only thing I could find that seemed to talk about it, but it is only slides).

[gfiumara]

Strongly against making assumptions about failure rates.

Toward requester's other proposed resolution: I think we could rapidly generate some non-cooperative tests that still fall within Basic Attack Potential. However, these are going to be quite variable, which isn't great for an evaluation. Quick ideas:

• Fingerprint deposition on glass (following IFRG guidelines for hand-washing, etc). Black powder + tape to white card (or photograph visible ridge structure). Scan. Proceed with existing recipes.
  • Some people will be better donors than others and some depositions+lifts better than others.
    • Perhaps some sort of NFIQ check for ensuring lifted print is lower than live-scan print?
    • Perhaps some sort of requirement for a depletion series (i.e., using second or third deposition)
    • Age deposition for X number of days prior to lift?
• Use of camera from a fixed distance to photograph fingerprint on arm hanging next to body. Follow fixed set of steps in Photoshop to convert to fingerprint. Proceed with existing recipes.

[woodbe]

One of the follow-up questions (I had thought about this, but then it came up in the discussion with the lab, too), that some of the species we have now require the capture by holding the finger in the mold for a 3D capture. So how would something like this go in a non-cooperative scenario?

For the above suggestions, I'm not sure about an NFIQ check (only in that I have no idea what that would entail, but I like the idea).

[gregott]

I have always preferred using cooperative subjects knowing that real world performance will likely be better than that measured in the lab. Using cooperative subjects represents the worst-case scenario from a security perspective, which is what a user should want to know. It gets back to the concept that Defense has to be effective 100% of the time to keep the bad guys out. Offence only needs one success to get in. If the Offence manages to get a very high quality fingerprint sample, then we are in the same space as using cooperative subjects. For what it is worth, iBeta (an NVLAP accredited biometrics testing lab) uses cooperative test subjects for their PAD species manufacture according to their website.

If all vendors are evaluated against the same criteria using the same PAI manufacturing process, the results should be comparable (able to be compared).

Also, if we wish to be in harmony with the other standards, we should look at what is done there. I do not have access to ISO 30107-3, but I understand it discusses both cooperative and uncooperative subjects. The FIDO requirements use cooperative subjects for their PAIs, however PAIs based on pressing the finger into molding material are explicitly out of scope at this time.

[woodbe]

@gregott so it would appear maybe the problem then is cooperative in the molds, which we rely upon pretty heavily in our test set is the issue? Cooperative for flat may not be then? I could see that as possible, though I am not certain.

[gregott]

From the iBeta website: "ISO 30107-3 discusses cooperative versus uncooperative subjects. iBeta uses cooperative subjects in that the artefacts are created from biometric characteristics provided by volunteer data subjects (if not purchased) who are willing and able to pose for photos, record videos, provide their fingerprints in molding material or sit for a live cast. We only use cooperative subjects as the artefacts created from willing volunteers are of better quality making for a more conservative test. iBeta is evaluating the vendor solution and not the ability of our testers to obtain latent prints, as an example."

I am not sure why FIDO does not use cooperative subjects placing their fingers into molding material while at the same time allowing fingerprints to be acquired with fingerprint scanners. Both methods require the same level of cooperation, one just takes a little longer.

Would we want to also include an additional set of more real world PAIs to get a sense of that level of PAD performance? That will extend the testing time and increase cost. I am not sure that is a good idea.

I am in favor of continuing with our use of the molding materials to achieve the best PAIs possible to judge the most challenging test cases for the PAD system. That will give a lower bound on PAD performance.

[woodbe]

I don't know the specific answer (of course), but it wouldn't surprise me if it is in part, at this point, that the ability to create certain fakes using cooperative molds is just beyond where the capabilities of the sensors are at this time, and so testing those becomes unuseful (what is the point of testing something that may be created under some circumstances that aren't "real-world" and yet, with current tech in the market, is likely to fail).

I don't have a good answer off hand, just pointing out that we may be pushing the edge of what is possible in the types of devices are are focusing on at the moment. That is probably why FIDO isn't doing it, if I had to guess (since they are industry driven, concerns about device capabilities were always primary there).

As a note, the lab did tell me that initial testing with some of the flat ones (as opposed to the molds) seem to be working more as expected in terms of testing (by which I mean few to no passes), so there really may be something to the class of capture being a more major concern. I don't have a good answer off hand.

[n-kai]

Only solution I can think of is changing the rating of "Cooperative" in attack potential table *1) from 4 to 10 or 20 (and all such recipes that use molds will move to PADv2 or PADv3) so that our table can match the FIDO (and current state of art of mobile fingerprint verification) only if the scheme (NIAP) allows this kind of change, as described in "A.6 Scheme responsibilities" t) in CEM or ISO/IEC 18405.

*1) https://github.com/biometricITC/cPP-biometrics/blob/master/Supporting%20Documents/BS_SD.adoc#attackpotentialcalc

[woodbe]

Reach out to external groups to get opinions. @n-kai seems to have the best method for handling this if it is agreed that the cooperative attacks should be restricted.

One possible consideration if these are moved to another PAD level, is if this leaves a gap that needs to be filled, for example are there any additional tests that should start from other attacks but use some techniques from the moved scripts as a mixed set that may still be in the correct AP.

[woodbe]

Looking at this quickly actually, based on the AP calculation, making a change there won't actually fix the problem. We already assume non-cooperative in the AP calculations for each of the tests, so they all get 2 points (I don't know how high cooperative should be, but 20 drops it straight into Moderate AP without anything else). Just actually saying that the way we wrote the tests using cooperative and adding that in puts pretty much all the tests above basic and outside of scope.

My thinking here is that we are in a situation where the tests written in 3 & 4 are higher than basic as they assume more cooperative testing, and as such the score should be higher off hand. I do not know if we can use those in some way that would still work for basic, but it seems that is where the problem lies.

As a side point, our AP tables are much different than the CEM with much larger spreads, but it seems like our point assignments haven't been increased with it (Moderate is 14-19 in the CEM, vs 20-29 in our table). This is something we should review (maybe the ISO docs say something more about this, I don't actually remember the conversations at the time).

[huylabs]

I have a newbie question on the fingerprint toolbox: Why the tests require cooperative subjects (in Input section) but the Windows of Opportunity is non-cooperative in the AP?