IARPA Wants To Stop You From Spoofing Facial Scans and Fingerprints


The intelligence community's R&D group wants technology that can detect attempts to evade biometric collection.

An intelligence community agency wants to make sure people can't evade biometric security systems.

R&D team the Intelligence Advanced Research Projects Activity is looking for technology that can detect when someone is trying to "disguise their biometric identity," especially fingerprints, facial and iris scans. 

The program, called "Thor," aims to stop the so-called presentation attacks that make it difficult for biometric databases to correctly identify subjects. This might involve using a prosthetic to either hide the subject's real prints, or to present someone else's, a new IARPA announcement says.

Fingerprint mutilation and facial plastic surgery may also throw off current systems. A subject may also simply try to scan different parts of their finger on a sensor "to minimize overlapping data."

As biometrics are increasingly important when determining someone's identity, it's key the identification systems "cannot easily be deceived" using a presentation attack. If detected, evaders could be prevented from passing through travel checkpoints, gaining access to secured facilities and being authenticated in cyber systems, according to IARPA. 

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

If a subject is caught attempting to obfuscate, an ideal solution would either flag the biometric sample, or not save the sample at all, according to the BAA, as opposed to some kind of effort to "‘see through’ an obfuscation such as gloves to capture fingerprints."

Thor would have three phases: the first two 18-month phases would focus on detecting known and then unknown presentation attacks, respectively, and the third 12-month phase on "operationally relevant" requirements for implementation.

The technology solutions might require different "false detect rates" -- the chance a system will flag a presentation attack when there isn't one -- depending on the setting. For instance, travel checkpoints might need a lower false detect rate because of high volumes of people passing through, and "limited resources to accommodate additional screening due to false alarms." A high-security facility might be able to accommodate a higher false detect rate, but also a higher "true detect rate" -- the chance the system will flag a presentation attack when there is one. 

The first round of proposals are due Aug. 15.

Thor is slated to be a 4-year program, starting in January 2017.