Technical Standardization Activities related to Voice Biometrics · 2017. 7. 9. · Technical Standardization Activities related to Voice Biometrics Andreas Nautsch Hochschule Darmstadt,

Technical Standardization Activitiesrelated to Voice Biometrics

Andreas Nautsch

Hochschule Darmstadt, CRISP, da/sec Research Groupmaterial kindly provided by Prof. Christoph Busch

Florence, 27.06.2017

Andreas Nautsch Voice Biometrics in Standardization / Florence, 27.06.2017 1/25

Outline

1. Introduction to biometric standards projects

2. Biometric data interchange format 19794-13

3. Biometric performance reporting & testing 19795-1

4. Validation of biometric methods for forensic evaluation 19795-8

5. Presentation attack detection (anti-spoofing) 30107-1 to -4

6. Conclusion


Introduction: Standardization


Data Interchange

Performance Reporting

Presentation Attack Detection

Conclusion



How does standardization work?



ISO/IEC JTC 1/SC 37: Biometrics



ISO/IEC Project cycles

I Project typesIS International Standard

TS Technical Specification

TR Technical Report

PAS Publicly Available Specification

I Development tracks: 18, 24, 36, 48 months⇒ auto-cancel if too long

I Document StagesNP New Project

WD Working Draft

CD Committee Draft

DIS Draft International Standard

FDIS Final DIS

⇒ publication =⇒ revisions every 5 years



SC 37: Biometrics – Working Groups & Onion Layers

WG1 Harmonized BiometricVocabularyconvenor:Steve Clark (Australia)

WG2 Biometric TechnicalInterfacesYoung Bin Kwon (Korea)

WG3 Biometric Data InterchangeChristoph Busch (Germany)

WG4 Technical Implementationof Biometric SystemsMichael Hogan (USA)

WG5 Biometric Testing andReportingNigel Gordon (UK)

WG6 Cross-Jurisdictional andSocietal AspectsMario Savastano (Italy)


Data Interchange


Data Interchange



Conclusion


Data Interchange

Generations of Biometric Data Interchange Formats


Data Interchange

Generations of Biometric Data Interchange Formats


Data Interchange

DIS 19794 Part 13: Voice Data (XML)

BDIR Biometric Data Information Record

VRs Voice Representations: single audios ⇔ prompted dialog speech

I Headers: meta data for processing (encoding, language, . . . )I Quality score field (optional)I Data as base64 BLOB or URL path

I Status: DIS approved 7→ disposition of notes 7→ FDIS

source: ISO/IEC CD 5 19794-13, editor: A. Nautsch (h da)Andreas Nautsch Voice Biometrics in Standardization / Florence, 27.06.2017 10/25



Data Interchange



Conclusion



19795 Part 1: Framework

I Based on speaker recognition concepts as of 2001

Published in 2006, confirmed in 2011 & 2016 7→ currently under revision

I Assessment of general biometric systemFTA, FTE failure to acquire, to enrol

FMR, FNMR false match rate, non-match rate domain: algorithm

FAR, FRR false accept rate, reject rate incl. FTA, FTE ⇒ system domain

I Verification ⇔ identification metrics note: unawareness to diarization

I Visualizations: DETs and CMCs note: ROCs will be deprecated after revision

I Informative annexes, inter alia:I Technology ⇔ scenario ⇔ operational evaluationsI Test size & uncertainty e.g., Rule of 3, Rule of 30I Factors influencing performanceI Pre-selection / binning performance e.g., gender-dependent

Editor: T. Mansfield (National Physics Laboratory)




I Based on speaker recognition concepts as of 2001

Published in 2006, confirmed in 2011 & 2016 7→ currently under revision

I Assessment of general biometric systemFTA, FTE failure to acquire, to enrol

FMR, FNMR false match rate, non-match rate domain: algorithm

FAR, FRR false accept rate, reject rate incl. FTA, FTE ⇒ system domain

I Verification ⇔ identification metrics note: unawareness to diarization

I Visualizations: DETs and CMCs note: ROCs will be deprecated after revision

I Informative annexes, inter alia:I Technology ⇔ scenario ⇔ operational evaluationsI Test size & uncertainty e.g., Rule of 3, Rule of 30I Factors influencing performanceI Pre-selection / binning performance e.g., gender-dependent

Editor: T. Mansfield (National Physics Laboratory)



19795 Part 8: Validation of Methods in BiometricForensics

I Scope: likelihood ratio based methods

I Forensics in standardization17020 crime-scene

17025 analysis & human-based evaluation

=⇒ ? computer-based evaluation & reporting

I Validation on performance characteristicsPrimary accuracy, discriminating power, calibration

Secondary robustness, coherence, generalization

I Status: project approved / registered: 2016-12-09 7→ WD1

Editors: D. Meuwly (NFI), A. Nautsch (h da),

A. Suman (UK Home Office CAST), E. Tabassi (NIST)

https://www.nist.gov/news-events/events/2017/06/technical-colloquium-weight-evidence


https://www.nist.gov/news-events/events/2017/06/technical-colloquium-weight-evidence



Data Interchange



Conclusion



30107 series: assessing Anti-Spoofing Evaluations

source: ISO/IEC 30107-1, inspired by Ratha et al.: Enhancing security and privacy in biometrics-based authentivationsystems, IBM Systems Journal, 40 (3), 2001.



30107 series: Presentation Attack Detection

I Part 1: Framework published: 2016-01-14

Editor: E. Newton (Oracle)

I Part 2: Data formats DIS 2: 2017-03-22

Editor: O. Henniger (Fraunhofer IGD)

I Part 3: Testing and reporting FDIS: 2017-04-06

Editor: M. Thieme (Novetta)

I Part 4: Profile for evaluation of mobile devices proposed: 2017-03-13

Editors: M. Thieme, P. Gacon (Morpho), E. Newton, M. Olsen (Fingerprint Cards)

online: http://standards.iso.org/ittf/PubliclyAvailableStandards/c053227_ISO_IEC_30107-1_2016.zip


http://standards.iso.org/ittf/PubliclyAvailableStandards/c053227_ISO_IEC_30107-1_2016.zip



I Harmonized definitions ISO/IEC 2382-37: Vocabulary

30107-1 presentation attackpresentation to the biometric capture subsystem with the goal of interfering with

the operation of the biometric system

30107-1 presentation attack detection (PAD)automated determination of a presentation attack

2382-37 impostorsubversive biometric capture subject who attempts to being matched to someone

else’s biometric reference

2382-37 identity concealersubversive biometric capture subject who attempts to avoid being matched to

their own biometric reference

online: http://standards.iso.org/ittf/PubliclyAvailableStandards/c066693_ISO_IEC_2382-37_2017.zip


http://standards.iso.org/ittf/PubliclyAvailableStandards/c066693_ISO_IEC_2382-37_2017.zip


Types of Presentation Attacks

30107-1 presentation attack instrument (PAI)biometric characteristic or object used in a presentation attack

30107-1 artefactartificial object or representation presenting a copy of biometric characteristics or

synthetic biometric patterns

I Types of presentation attacks

source: ISO/IEC 30107-1



FDIS 30107 Part 3: Testing and Reporting

30107-3 Impostor Attack Presentation Match Rate (IAPMR)in a full-system evaluation of a verification system, the proportion of impostor attack

presentations using the same PAI species in which the target reference is matched

30107-3 Concealer Attach Presentation Match Rate (CAPNMR)in a full-system evaluation of a verification system, the proportion of concealer attack

presentations using the same PAI species in which the target reference is not matched

outdated CD: http://isotc.iso.org/livelink/livelink?func=ll&objId=17578675&objAction=Open&viewType=1


http://isotc.iso.org/livelink/livelink?func=ll&objId=17578675&objAction=Open&viewType=1


FDIS 30107 Part 3: Testing the PAD subsystem

I Attack presentation non-response rate (APNRR)

I Bona fide presentation non-response rate (BPNRR)

I Attack presentation classification error rate (APCER)

I Same PAI species: APCERPAIS = 1− 1NPAIS

NPAIS∑ {1, if attack prediction,

0, if bona fide prediction.

}I Different species: APCERat attack potential AP = max

PAIS∈AAP

APCERPAIS,

with AAP: subset of PAI species with attack potential at or below AP

I Bonda fide presentation classification error rate (BPCER)

BPCER = 1NBF

NBF∑ {1, if attack prediction,

0, if bona fide prediction.

}



FDIS 30107 Part 3: Testing the PAD subsystem

⇒ One may report BPCER when APCERAP is 5% BPCER20

I PAI speciesclass of presentation attack instruments created using a common production method

and based on different biometric characteristic

I Attack potentialmeasure of the capability to attack a TOE given the attacker’s knowledge, proficiency,

resources and motivation

I Target of evaluation (TOE)within Common Criteria, the IT product that is the subject of the evaluation


Conclusion


Data Interchange



Conclusion


Conclusion

Summary

I Motivation: ISO/IEC JTC 1/SC 37: BiometricsI Relevance of Standards to Voice Biometrics:

I Harmonized Biometric Vocabulary 2382-37

I Data Interchange Format (XML header structure) 19794-13

I Performance reporting 19795-1

I Validation in Biometric Forensics 19795-8

I Presentation Attack Detection 30107-1 – 4

⇒ Preventing vendor lock by providing interchangeability

⇒ Harmonization of performance characteristics

⇒ Motivation: reaching out for multi-stakeholder discussions

This work has been funded by the Center for Research in Security and Privacy (CRISP), andthe Hesse government (project no. 518/16-30, BioMobile II).


Conclusion

European Association for Biometrics (eab)

I Non-profit multi-stakeholder platform

I Engages European stakeholders: pan European networkcommunity building, training & education, research and programme development

I Advance proper and beneficial use of biometrics in Europe

I Currently > 200 membersI Target audience: policy, industry, research & academia and citizensI also members from US or JP, most European-basedI Key players from over 10 years of European projects

BioSecure, Mobio, TURBINE, FIDELITY, BEAT, TABULA RASA, etc.

I EventsI EAB Research Projects ConferenceI EAB Biometrics Research and Industry Awards 2017I IAPR/Eurasip Summer School on BiometricsI Biometrics in Banking and Payments

www.eab.org/events/upcoming_events.html

www.eab.org


www.eab.org/events/upcoming_events.html

www.eab.org

Conclusion

Discussion

— Q&A —


Round-trip Binary ⇔ XML

Roadmap: Generation 3

I Continue common semantics

I ASN.1 encoding

⇒ convertible to binary & XML⇒ easy extensible


Round-trip Binary ⇔ XML

Encoding in Abstract Syntax Notation (ASN.1)


Common Criteria

WD 19989: Common Criteria testing of Biometric Sensors

I Target of Evaluation (TOE)

I Protection Profile (PP)Performance features, environmental assumptions, security properties

I Security Targets (ST)validation of IT-security requirements, specification of security mechanisms

I Evaluation Assurance Levels (EALs) ISO/IEC 18045

EAL 1 – 7: functionally tested to formally verified, designed & tested

I ScopeI Extend security functional component ISO/IEC 15408-2

I Extend vulnerability assessment (AVA) ISO/IEC 15408-3

I Complements to EAL methodology ISO/IEC 18045

Editors of SC 27 IT-Security Techniques, in liaison to SC 37 BiometricsAndreas Nautsch Voice Biometrics in Standardization / Florence, 27.06.2017 3/8

Common Criteria

WD 19989: Rating Attack Potential

I FactorsI elapsed time few seconds, < 1 day, 1 week, 1 month, months

I expertise layman, proficient, expert, multiple experts

I knowledge of TOE public, restricted, confidential, critical information

I window of opportunity to TOE easy, moderate, difficult

I window of opportunity to biom. immediate, easy, moderate, difficult

I equipment standard, specialized, bespoke

I PhasesI Identification define the method

I Exploitation generate a PAI

⇒ numeric value for each factor / phase 7→ score by sum 0, 1, 2, 4, 8, . . .


Common Criteria

WD 19989: from APs to Assurance Components


Common Criteria

Common Criteria: History


Common Criteria

Common Criteria: ISO/IEC Structure


Common Criteria

Common Criteria: Target of Evaluation (TOE)


Documents

Technical Standardization Activities related to Voice Biometrics · 2017. 7. 9. · Technical Standardization Activities related to Voice Biometrics Andreas Nautsch Hochschule Darmstadt,