Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
Technical Standardization Activitiesrelated to Voice Biometrics
Andreas Nautsch
Hochschule Darmstadt, CRISP, da/sec Research Groupmaterial kindly provided by Prof. Christoph Busch
Florence, 27.06.2017
Andreas Nautsch Voice Biometrics in Standardization / Florence, 27.06.2017 1/25
Outline
1. Introduction to biometric standards projects
2. Biometric data interchange format 19794-13
3. Biometric performance reporting & testing 19795-1
4. Validation of biometric methods for forensic evaluation 19795-8
5. Presentation attack detection (anti-spoofing) 30107-1 to -4
6. Conclusion
Andreas Nautsch Voice Biometrics in Standardization / Florence, 27.06.2017 2/25
Introduction: Standardization
Introduction: Standardization
Data Interchange
Performance Reporting
Presentation Attack Detection
Conclusion
Andreas Nautsch Voice Biometrics in Standardization / Florence, 27.06.2017 3/25
Introduction: Standardization
How does standardization work?
Andreas Nautsch Voice Biometrics in Standardization / Florence, 27.06.2017 4/25
Introduction: Standardization
ISO/IEC JTC 1/SC 37: Biometrics
Andreas Nautsch Voice Biometrics in Standardization / Florence, 27.06.2017 5/25
Introduction: Standardization
ISO/IEC Project cycles
I Project typesIS International Standard
TS Technical Specification
TR Technical Report
PAS Publicly Available Specification
I Development tracks: 18, 24, 36, 48 months⇒ auto-cancel if too long
I Document StagesNP New Project
WD Working Draft
CD Committee Draft
DIS Draft International Standard
FDIS Final DIS
⇒ publication =⇒ revisions every 5 years
Andreas Nautsch Voice Biometrics in Standardization / Florence, 27.06.2017 6/25
Introduction: Standardization
SC 37: Biometrics – Working Groups & Onion Layers
WG1 Harmonized BiometricVocabularyconvenor:Steve Clark (Australia)
WG2 Biometric TechnicalInterfacesYoung Bin Kwon (Korea)
WG3 Biometric Data InterchangeChristoph Busch (Germany)
WG4 Technical Implementationof Biometric SystemsMichael Hogan (USA)
WG5 Biometric Testing andReportingNigel Gordon (UK)
WG6 Cross-Jurisdictional andSocietal AspectsMario Savastano (Italy)
Andreas Nautsch Voice Biometrics in Standardization / Florence, 27.06.2017 7/25
Data Interchange
Introduction: Standardization
Data Interchange
Performance Reporting
Presentation Attack Detection
Conclusion
Andreas Nautsch Voice Biometrics in Standardization / Florence, 27.06.2017 8/25
Data Interchange
Generations of Biometric Data Interchange Formats
Andreas Nautsch Voice Biometrics in Standardization / Florence, 27.06.2017 9/25
Data Interchange
Generations of Biometric Data Interchange Formats
Andreas Nautsch Voice Biometrics in Standardization / Florence, 27.06.2017 9/25
Data Interchange
DIS 19794 Part 13: Voice Data (XML)
BDIR Biometric Data Information Record
VRs Voice Representations: single audios ⇔ prompted dialog speech
I Headers: meta data for processing (encoding, language, . . . )I Quality score field (optional)I Data as base64 BLOB or URL path
I Status: DIS approved 7→ disposition of notes 7→ FDIS
source: ISO/IEC CD 5 19794-13, editor: A. Nautsch (h da)Andreas Nautsch Voice Biometrics in Standardization / Florence, 27.06.2017 10/25
Performance Reporting
Introduction: Standardization
Data Interchange
Performance Reporting
Presentation Attack Detection
Conclusion
Andreas Nautsch Voice Biometrics in Standardization / Florence, 27.06.2017 11/25
Performance Reporting
19795 Part 1: Framework
I Based on speaker recognition concepts as of 2001
Published in 2006, confirmed in 2011 & 2016 7→ currently under revision
I Assessment of general biometric systemFTA, FTE failure to acquire, to enrol
FMR, FNMR false match rate, non-match rate domain: algorithm
FAR, FRR false accept rate, reject rate incl. FTA, FTE ⇒ system domain
I Verification ⇔ identification metrics note: unawareness to diarization
I Visualizations: DETs and CMCs note: ROCs will be deprecated after revision
I Informative annexes, inter alia:I Technology ⇔ scenario ⇔ operational evaluationsI Test size & uncertainty e.g., Rule of 3, Rule of 30I Factors influencing performanceI Pre-selection / binning performance e.g., gender-dependent
Editor: T. Mansfield (National Physics Laboratory)
Andreas Nautsch Voice Biometrics in Standardization / Florence, 27.06.2017 12/25
Performance Reporting
19795 Part 1: Framework
I Based on speaker recognition concepts as of 2001
Published in 2006, confirmed in 2011 & 2016 7→ currently under revision
I Assessment of general biometric systemFTA, FTE failure to acquire, to enrol
FMR, FNMR false match rate, non-match rate domain: algorithm
FAR, FRR false accept rate, reject rate incl. FTA, FTE ⇒ system domain
I Verification ⇔ identification metrics note: unawareness to diarization
I Visualizations: DETs and CMCs note: ROCs will be deprecated after revision
I Informative annexes, inter alia:I Technology ⇔ scenario ⇔ operational evaluationsI Test size & uncertainty e.g., Rule of 3, Rule of 30I Factors influencing performanceI Pre-selection / binning performance e.g., gender-dependent
Editor: T. Mansfield (National Physics Laboratory)
Andreas Nautsch Voice Biometrics in Standardization / Florence, 27.06.2017 12/25
Performance Reporting
19795 Part 8: Validation of Methods in BiometricForensics
I Scope: likelihood ratio based methods
I Forensics in standardization17020 crime-scene
17025 analysis & human-based evaluation
=⇒ ? computer-based evaluation & reporting
I Validation on performance characteristicsPrimary accuracy, discriminating power, calibration
Secondary robustness, coherence, generalization
I Status: project approved / registered: 2016-12-09 7→ WD1
Editors: D. Meuwly (NFI), A. Nautsch (h da),
A. Suman (UK Home Office CAST), E. Tabassi (NIST)
https://www.nist.gov/news-events/events/2017/06/technical-colloquium-weight-evidence
Andreas Nautsch Voice Biometrics in Standardization / Florence, 27.06.2017 13/25
Presentation Attack Detection
Introduction: Standardization
Data Interchange
Performance Reporting
Presentation Attack Detection
Conclusion
Andreas Nautsch Voice Biometrics in Standardization / Florence, 27.06.2017 14/25
Presentation Attack Detection
30107 series: assessing Anti-Spoofing Evaluations
source: ISO/IEC 30107-1, inspired by Ratha et al.: Enhancing security and privacy in biometrics-based authentivationsystems, IBM Systems Journal, 40 (3), 2001.
Andreas Nautsch Voice Biometrics in Standardization / Florence, 27.06.2017 15/25
Presentation Attack Detection
30107 series: Presentation Attack Detection
I Part 1: Framework published: 2016-01-14
Editor: E. Newton (Oracle)
I Part 2: Data formats DIS 2: 2017-03-22
Editor: O. Henniger (Fraunhofer IGD)
I Part 3: Testing and reporting FDIS: 2017-04-06
Editor: M. Thieme (Novetta)
I Part 4: Profile for evaluation of mobile devices proposed: 2017-03-13
Editors: M. Thieme, P. Gacon (Morpho), E. Newton, M. Olsen (Fingerprint Cards)
online: http://standards.iso.org/ittf/PubliclyAvailableStandards/c053227_ISO_IEC_30107-1_2016.zip
Andreas Nautsch Voice Biometrics in Standardization / Florence, 27.06.2017 16/25
Presentation Attack Detection
30107 Part 1: Framework
I Harmonized definitions ISO/IEC 2382-37: Vocabulary
30107-1 presentation attackpresentation to the biometric capture subsystem with the goal of interfering with
the operation of the biometric system
30107-1 presentation attack detection (PAD)automated determination of a presentation attack
2382-37 impostorsubversive biometric capture subject who attempts to being matched to someone
else’s biometric reference
2382-37 identity concealersubversive biometric capture subject who attempts to avoid being matched to
their own biometric reference
online: http://standards.iso.org/ittf/PubliclyAvailableStandards/c066693_ISO_IEC_2382-37_2017.zip
Andreas Nautsch Voice Biometrics in Standardization / Florence, 27.06.2017 17/25
Presentation Attack Detection
Types of Presentation Attacks
30107-1 presentation attack instrument (PAI)biometric characteristic or object used in a presentation attack
30107-1 artefactartificial object or representation presenting a copy of biometric characteristics or
synthetic biometric patterns
I Types of presentation attacks
source: ISO/IEC 30107-1
Andreas Nautsch Voice Biometrics in Standardization / Florence, 27.06.2017 18/25
Presentation Attack Detection
FDIS 30107 Part 3: Testing and Reporting
30107-3 Impostor Attack Presentation Match Rate (IAPMR)in a full-system evaluation of a verification system, the proportion of impostor attack
presentations using the same PAI species in which the target reference is matched
30107-3 Concealer Attach Presentation Match Rate (CAPNMR)in a full-system evaluation of a verification system, the proportion of concealer attack
presentations using the same PAI species in which the target reference is not matched
outdated CD: http://isotc.iso.org/livelink/livelink?func=ll&objId=17578675&objAction=Open&viewType=1
Andreas Nautsch Voice Biometrics in Standardization / Florence, 27.06.2017 19/25
Presentation Attack Detection
FDIS 30107 Part 3: Testing the PAD subsystem
I Attack presentation non-response rate (APNRR)
I Bona fide presentation non-response rate (BPNRR)
I Attack presentation classification error rate (APCER)
I Same PAI species: APCERPAIS = 1− 1NPAIS
NPAIS∑ {1, if attack prediction,
0, if bona fide prediction.
}I Different species: APCERat attack potential AP = max
PAIS∈AAP
APCERPAIS,
with AAP: subset of PAI species with attack potential at or below AP
I Bonda fide presentation classification error rate (BPCER)
BPCER = 1NBF
NBF∑ {1, if attack prediction,
0, if bona fide prediction.
}
Andreas Nautsch Voice Biometrics in Standardization / Florence, 27.06.2017 20/25
Presentation Attack Detection
FDIS 30107 Part 3: Testing the PAD subsystem
⇒ One may report BPCER when APCERAP is 5% BPCER20
I PAI speciesclass of presentation attack instruments created using a common production method
and based on different biometric characteristic
I Attack potentialmeasure of the capability to attack a TOE given the attacker’s knowledge, proficiency,
resources and motivation
I Target of evaluation (TOE)within Common Criteria, the IT product that is the subject of the evaluation
Andreas Nautsch Voice Biometrics in Standardization / Florence, 27.06.2017 21/25
Conclusion
Introduction: Standardization
Data Interchange
Performance Reporting
Presentation Attack Detection
Conclusion
Andreas Nautsch Voice Biometrics in Standardization / Florence, 27.06.2017 22/25
Conclusion
Summary
I Motivation: ISO/IEC JTC 1/SC 37: BiometricsI Relevance of Standards to Voice Biometrics:
I Harmonized Biometric Vocabulary 2382-37
I Data Interchange Format (XML header structure) 19794-13
I Performance reporting 19795-1
I Validation in Biometric Forensics 19795-8
I Presentation Attack Detection 30107-1 – 4
⇒ Preventing vendor lock by providing interchangeability
⇒ Harmonization of performance characteristics
⇒ Motivation: reaching out for multi-stakeholder discussions
This work has been funded by the Center for Research in Security and Privacy (CRISP), andthe Hesse government (project no. 518/16-30, BioMobile II).
Andreas Nautsch Voice Biometrics in Standardization / Florence, 27.06.2017 23/25
Conclusion
European Association for Biometrics (eab)
I Non-profit multi-stakeholder platform
I Engages European stakeholders: pan European networkcommunity building, training & education, research and programme development
I Advance proper and beneficial use of biometrics in Europe
I Currently > 200 membersI Target audience: policy, industry, research & academia and citizensI also members from US or JP, most European-basedI Key players from over 10 years of European projects
BioSecure, Mobio, TURBINE, FIDELITY, BEAT, TABULA RASA, etc.
I EventsI EAB Research Projects ConferenceI EAB Biometrics Research and Industry Awards 2017I IAPR/Eurasip Summer School on BiometricsI Biometrics in Banking and Payments
www.eab.org/events/upcoming_events.html
www.eab.org
Andreas Nautsch Voice Biometrics in Standardization / Florence, 27.06.2017 24/25
Conclusion
Discussion
— Q&A —
Andreas Nautsch Voice Biometrics in Standardization / Florence, 27.06.2017 25/25
Round-trip Binary ⇔ XML
Roadmap: Generation 3
I Continue common semantics
I ASN.1 encoding
⇒ convertible to binary & XML⇒ easy extensible
Andreas Nautsch Voice Biometrics in Standardization / Florence, 27.06.2017 1/8
Round-trip Binary ⇔ XML
Encoding in Abstract Syntax Notation (ASN.1)
Andreas Nautsch Voice Biometrics in Standardization / Florence, 27.06.2017 2/8
Common Criteria
WD 19989: Common Criteria testing of Biometric Sensors
I Target of Evaluation (TOE)
I Protection Profile (PP)Performance features, environmental assumptions, security properties
I Security Targets (ST)validation of IT-security requirements, specification of security mechanisms
I Evaluation Assurance Levels (EALs) ISO/IEC 18045
EAL 1 – 7: functionally tested to formally verified, designed & tested
I ScopeI Extend security functional component ISO/IEC 15408-2
I Extend vulnerability assessment (AVA) ISO/IEC 15408-3
I Complements to EAL methodology ISO/IEC 18045
Editors of SC 27 IT-Security Techniques, in liaison to SC 37 BiometricsAndreas Nautsch Voice Biometrics in Standardization / Florence, 27.06.2017 3/8
Common Criteria
WD 19989: Rating Attack Potential
I FactorsI elapsed time few seconds, < 1 day, 1 week, 1 month, months
I expertise layman, proficient, expert, multiple experts
I knowledge of TOE public, restricted, confidential, critical information
I window of opportunity to TOE easy, moderate, difficult
I window of opportunity to biom. immediate, easy, moderate, difficult
I equipment standard, specialized, bespoke
I PhasesI Identification define the method
I Exploitation generate a PAI
⇒ numeric value for each factor / phase 7→ score by sum 0, 1, 2, 4, 8, . . .
Andreas Nautsch Voice Biometrics in Standardization / Florence, 27.06.2017 4/8
Common Criteria
WD 19989: from APs to Assurance Components
Andreas Nautsch Voice Biometrics in Standardization / Florence, 27.06.2017 5/8
Common Criteria
Common Criteria: History
Andreas Nautsch Voice Biometrics in Standardization / Florence, 27.06.2017 6/8
Common Criteria
Common Criteria: ISO/IEC Structure
Andreas Nautsch Voice Biometrics in Standardization / Florence, 27.06.2017 7/8
Common Criteria
Common Criteria: Target of Evaluation (TOE)
Andreas Nautsch Voice Biometrics in Standardization / Florence, 27.06.2017 8/8