- Email: [email protected]
TrustWave system helps ‘White Hats’
NEWS standards
FaceTec first in liveness detection
F
aceTec has announced that its ZoOm 3D Face Login has become the first, and only, biometric system to achieve a Level 1 rating in the NIST-supported iBeta PAD (presentation attack detection) certification test. The test measures the effectiveness of anti-spoofing liveness detection technology against the ISO 30107-3 standard. FaceTec says that in a six-day trial involving over 1,500 spoof sessions, ZoOm was never fooled, giving it a 100% score. FaceTec CEO Kevin Alan Tussy added: “We believe most of our competitors have attempted PAD testing and failed, so achieving the first and only Level 1 certification is a milestone in the biometrics industry.” ZoOm works by matching the user’s face, while concurrently verifying three-dimensionality and human liveness.
security
TrustWave system helps ‘White Hats’
T
rustWave has developed a timesaving facial recognition tool called Social Mapper that helps security researchers – like penetration testers and red teamers – quickly gather information on people they want to target by tracking them across a wide range of social media platforms. TrustWave says ethical hackers just need to feed Social Mapper with the name and picture of anyone they want to target for a phishing attack. The open-source tool then uses facial recognition to search out all their profiles across LinkedIn, Facebook, Twitter, Instagram and other leading social sites. Social Mapper gathers the information gleaned into a report, which the pen tester can use to create a plausible social engineering approach. TrustWave security consultant Jacob Wilkin said: “As the security industry continues to struggle with talent shortages and rapidly evolving adversaries, it is imperative that a penetration tester’s time is utilised in the most efficient means possible. Intelligence gathering can become incredibly tedious when done at scale. “TrustWave has successfully used the tool in a number of penetration tests and red teaming engagements. It takes an automated approach
September 2018
to searching popular social media sites for individuals.” More information on Social Mapper is available on the TrustWave SpiderLabs GitHub page.
algorithmic bias
Biometric Mirror shines light on facial bias
A
‘world first’ project running at Australia’s University of Melbourne until the end of this month is designed to raise awareness about the possible inaccuracy of the algorithms and datasets used in facial recognition. ‘Biometric Mirror’ is an interactive installation, sited at the university, that asks people to stand in front of a camera that takes their photo, then uses it to analyse their physical and personality traits. The Mirror displays their perceived characteristics under 14 headings – ranging from gender, age and ethnicity to attractiveness, level of responsibility and emotional stability. The longer a person stands there, the more personal the traits become. The algorithms used for the analysis are based on the crowd-sourced views of volunteers who were asked by the research team – from the University of Melbourne and the Melbourne Science Gallery – to study thousands of photos for their key characteristics. Because the information they provided was subjective, so is the Mirror’s output. The project is designed to provoke discussion about issues around consent, data storage and algorithmic bias. “We want to raise awareness about the flaws of artificial intelligence,” said lead researcher Dr Niels Wouters. “Government and businesses will increasingly use CCTV cameras to detect emotions, age, gender and demographics of people passing by. Our study shows users how easy it is to implement AI that discriminates in unethical or problematic ways which could have societal consequences.”
Biometric Mirror uses a dataset of thousands of facial images and crowd-sourced evaluations. Pic Credit: Sarah Fisher/University of Melbourne.
EVENTS CALENDAR 4–5 October 2018
Border Management & Technologies Summit Asia 2018
New Delhi, India This conference and exhibition explores the emergence of digital identity management, and its potential use in global border management and immigration programmes. It brings together government officials from Central and South-East Asia, Australia and the Middle East to discuss their border security challenges. India itself has one of the largest land borders in the world and its border security management has evolved rapidly since the Indian Government created one of the world’s largest biometric ID systems, Aadhaar, in 2009. The event will be chaired by IBMATA chairman Tony Smith, former director general of the UK Border Force. More information: http://www.ibmata.org/events/border-managementtechnologies-summit-new-delhi-4th-5th-october-2018/
9–10 October 2018
ATM & Cyber Security 2018
Park Plaza Victoria Hotel, London, UK This conference, focused on physical and logical ATM security, features speakers from retail banks, law enforcement agencies, hardware and software providers and other industry bodies, with an accompanying exhibition of ATM security products and services. Its key themes include artificial intelligence, big data and biometrics, black box attacks, hacking, insider fraud and video surveillance. This year, ATM & Cyber Security will be co-located with the EAST Financial Crime & Security (FCS) seminars for the first time. More information: https://www.rbrlondon.com/conferences/acs/
15–16 October 2018
Insider Threat Symposium
Alexandria, Virginia, USA The US Defense Strategies Institute’s Insider Threat Symposium is billed as a whole-of-government insider threat event, and is open to American citizens only. The two-day conference will focus on efforts to develop insider threat programmes across government agencies and private sector companies, and will bring together representatives of federal agencies, industry and academia. More information: http://dsigroup.org/dsi-insider-threat-symposium/
17–18 October 2018
Biometrics Institute Congress
Grange Hotel, St Paul’s, London, UK This two-day congress focuses on technology innovation, including artificial intelligence, machine learning and blockchain, consumer biometrics, borders security, biometrics for social enablement, liveness detection, vulnerability testing and new privacy legislation. Keynote speakers include the UK’s Biometrics Commissioner and its Surveillance Camera Commissioner, joined by international speakers from NIST, the United Nations and the Australian and Israeli Governments among others. The congress is bookended by a privacy impact assessment and face recognition workshop on 16 October, and expert briefings on biometric security and integrity, technology innovation and research on 19 October. More information: https://www.biometricsinstitute.org/biometricscongress-2018
Biometric Technology Today
3
FaceTec first in liveness detection
F
aceTec has announced that its ZoOm 3D Face Login has become the first, and only, biometric system to achieve a Level 1 rating in the NIST-supported iBeta PAD (presentation attack detection) certification test. The test measures the effectiveness of anti-spoofing liveness detection technology against the ISO 30107-3 standard. FaceTec says that in a six-day trial involving over 1,500 spoof sessions, ZoOm was never fooled, giving it a 100% score. FaceTec CEO Kevin Alan Tussy added: “We believe most of our competitors have attempted PAD testing and failed, so achieving the first and only Level 1 certification is a milestone in the biometrics industry.” ZoOm works by matching the user’s face, while concurrently verifying three-dimensionality and human liveness.
security
TrustWave system helps ‘White Hats’
T
rustWave has developed a timesaving facial recognition tool called Social Mapper that helps security researchers – like penetration testers and red teamers – quickly gather information on people they want to target by tracking them across a wide range of social media platforms. TrustWave says ethical hackers just need to feed Social Mapper with the name and picture of anyone they want to target for a phishing attack. The open-source tool then uses facial recognition to search out all their profiles across LinkedIn, Facebook, Twitter, Instagram and other leading social sites. Social Mapper gathers the information gleaned into a report, which the pen tester can use to create a plausible social engineering approach. TrustWave security consultant Jacob Wilkin said: “As the security industry continues to struggle with talent shortages and rapidly evolving adversaries, it is imperative that a penetration tester’s time is utilised in the most efficient means possible. Intelligence gathering can become incredibly tedious when done at scale. “TrustWave has successfully used the tool in a number of penetration tests and red teaming engagements. It takes an automated approach
September 2018
to searching popular social media sites for individuals.” More information on Social Mapper is available on the TrustWave SpiderLabs GitHub page.
algorithmic bias
Biometric Mirror shines light on facial bias
A
‘world first’ project running at Australia’s University of Melbourne until the end of this month is designed to raise awareness about the possible inaccuracy of the algorithms and datasets used in facial recognition. ‘Biometric Mirror’ is an interactive installation, sited at the university, that asks people to stand in front of a camera that takes their photo, then uses it to analyse their physical and personality traits. The Mirror displays their perceived characteristics under 14 headings – ranging from gender, age and ethnicity to attractiveness, level of responsibility and emotional stability. The longer a person stands there, the more personal the traits become. The algorithms used for the analysis are based on the crowd-sourced views of volunteers who were asked by the research team – from the University of Melbourne and the Melbourne Science Gallery – to study thousands of photos for their key characteristics. Because the information they provided was subjective, so is the Mirror’s output. The project is designed to provoke discussion about issues around consent, data storage and algorithmic bias. “We want to raise awareness about the flaws of artificial intelligence,” said lead researcher Dr Niels Wouters. “Government and businesses will increasingly use CCTV cameras to detect emotions, age, gender and demographics of people passing by. Our study shows users how easy it is to implement AI that discriminates in unethical or problematic ways which could have societal consequences.”
Biometric Mirror uses a dataset of thousands of facial images and crowd-sourced evaluations. Pic Credit: Sarah Fisher/University of Melbourne.
EVENTS CALENDAR 4–5 October 2018
Border Management & Technologies Summit Asia 2018
New Delhi, India This conference and exhibition explores the emergence of digital identity management, and its potential use in global border management and immigration programmes. It brings together government officials from Central and South-East Asia, Australia and the Middle East to discuss their border security challenges. India itself has one of the largest land borders in the world and its border security management has evolved rapidly since the Indian Government created one of the world’s largest biometric ID systems, Aadhaar, in 2009. The event will be chaired by IBMATA chairman Tony Smith, former director general of the UK Border Force. More information: http://www.ibmata.org/events/border-managementtechnologies-summit-new-delhi-4th-5th-october-2018/
9–10 October 2018
ATM & Cyber Security 2018
Park Plaza Victoria Hotel, London, UK This conference, focused on physical and logical ATM security, features speakers from retail banks, law enforcement agencies, hardware and software providers and other industry bodies, with an accompanying exhibition of ATM security products and services. Its key themes include artificial intelligence, big data and biometrics, black box attacks, hacking, insider fraud and video surveillance. This year, ATM & Cyber Security will be co-located with the EAST Financial Crime & Security (FCS) seminars for the first time. More information: https://www.rbrlondon.com/conferences/acs/
15–16 October 2018
Insider Threat Symposium
Alexandria, Virginia, USA The US Defense Strategies Institute’s Insider Threat Symposium is billed as a whole-of-government insider threat event, and is open to American citizens only. The two-day conference will focus on efforts to develop insider threat programmes across government agencies and private sector companies, and will bring together representatives of federal agencies, industry and academia. More information: http://dsigroup.org/dsi-insider-threat-symposium/
17–18 October 2018
Biometrics Institute Congress
Grange Hotel, St Paul’s, London, UK This two-day congress focuses on technology innovation, including artificial intelligence, machine learning and blockchain, consumer biometrics, borders security, biometrics for social enablement, liveness detection, vulnerability testing and new privacy legislation. Keynote speakers include the UK’s Biometrics Commissioner and its Surveillance Camera Commissioner, joined by international speakers from NIST, the United Nations and the Australian and Israeli Governments among others. The congress is bookended by a privacy impact assessment and face recognition workshop on 16 October, and expert briefings on biometric security and integrity, technology innovation and research on 19 October. More information: https://www.biometricsinstitute.org/biometricscongress-2018
Biometric Technology Today
3