The intelligence community’s R&D unit awarded a few groups funds to prevent criminals from tricking biometric scanners.
What good is a fingerprint scanner if the criminal is wearing fake fingers? Or if they’ve transplanted their toeprints to their fingerprints to prevent law enforcement from matching them to a database? What if they dilated their eyes to confound iris scans?
Biometric data—images of an individual’s physical characteristics—might help law enforcement identify criminals and persons of interest with a higher degree of accuracy than visual spot-checks. While savvy criminals can occasionally throw off today’s biometric collection methods, the intelligence community is developing ways to detect disguises.
The Intelligence Advanced Research Projects Activity’s “Odin” project, unveiled last month, awarded funds to a handful of groups coming up with their own solutions. Prime performers include researchers at Michigan State, the University of Southern California’s Information Sciences Institute, and Crossmatch Security, a commercial company selling sells biometric authentication products.
» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.
Odin examines face, finger and iris scanning technology for flaws, Program Manager Chris Boehnen told Nextgov. IARPA wants the groups to thwart two common types of attacks: whitelist and blacklist attacks. In a whitelist attack, a person attempts to scan as another specific individual, for example, to gain entry to a restricted building. In a blacklist attack, a person needs to obscure his identity, for example, to avoid being matched to a watchlist.
In about 13 months, Boehnen said he expects IARPA will invite the groups to subject their prototypes to a common test in Washington. Potential solutions include technology that can detect if the finger that’s being scanned is alive by searching for evidence of blood flow and examine the light properties of an iris scan to confirm its integrity. Products might also scan faces, irises and fingerprints simultaneously because it's harder to disguise all three at once.
President Donald Trump’s travel ban, which attempted to block travelers from several Muslim-majority countries from entering the United States, also directed the Department of Homeland Security to invest in biometric tracking systems to process all travelers entering and exiting the country. IARPA often transitions early-stage technology into the intelligence community, but potential customers might include other federal agencies who rely on biometric databases, Boehnen explained.
The Odin program isn’t focused on a specific type of attack scenario, Boehnen explained. Though “we’re trying to ensure security across a really wide range of government uses,” he said commercial customers might be interested as well—and in fact, IARPA has struggled to retain biometric research teams when large companies, including Google, recruit them.
The agency has lost at least two “high-quality teams” to Google, Boehnen said. And though it’s a challenge, “in one sense that’s a compliment because it means we’re working on the right problems. We’re funding the right people.”