While much of the world continues to play football, American “football” wrapped up this month at the professional level with the “Commercials, Concerts, And a Sports Show”(tm).
During the game, New England Patriots quarterback Drake Maye threw two interceptions, or throws that were received by players on the opposing them (the Seattle Seahawks).
But what if Maye were throwing iris templates? And what if the defending Seahawks used the intercepted data in injection attacks?
Bet you didn’t think I was going there.
Iris template replay attacks
Facial data (from companies such as FaceTec and iProov) isn’t the only type of data that can be protected by injection attack detection. You can inject data from any type of biometric to bypass the capture device.
One type of injection attack is a template replay attack. It works something like this:
- For this example assume that I am a legitimate subject and an authorized user, and the biometric workstation captures my iris.
- Rather than sending the entire iris image to the server, it converts the image into a template, or a much smaller mathematical representation.
- The biometric workstation transmits this template to the server. BUT…
- The evil fraudsters use some type of malware to intercept my iris template and save it for future mischief. Unfortunately, unlike a football interception seen by over 100 million people, no one realizes that this iris “interception” happened.
- Later, when a fraudster wants to gain access to the biometric system, they perform an injection attack. Rather than capturing the fraudster’s iris at a workstation and sending that template to the server, the fraudster performs a “replay” and “injects” my intercepted iris template into the workflow.
- The server receives my iris template, thinks I am accessing the system, and authorizes access.
- The fraudster does bad things.
Iris template replay attack detection
How do you prevent an iris template replay attack?
First you have to detect it. Perhaps the system can detect that the template is not from a current iris capture, or that the template originated somewhere other than an iris workstation.
Once you detect it, you can reject it. Fraudster denied.
Of course this applies to any biometric template: fingerprint, face, whatever.
Injection attack detection, when implemented, is just another tool embedded in the biometric product.
Bredemarket 