Keynote Talks


Lars EricsonProgram Manager, Intelligence Advanced Research Projects Activity (IARPA)
Ph.D., Rice University, Applied Physics

Dr. Lars Ericson is a Program Manager at the Intelligence Advanced Research Project Activity (IARPA), within the Office of the Director of National Intelligence. His areas of interest include biometrics, computer vision, sensors, and nanotechnology. 

Dr. Ericson has over fifteen years of research, development, test, and evaluation experience in the application of advanced technologies to help solve national security, defense, and criminal justice problems.

Prior to joining the US Federal Government, Dr. Ericson was with SAIC where he supported IARPA as a subject matter expert in the field of biometrics. In addition, he was formerly with ManTech International Corporation where he served as the Director of the National Institute of Justice Sensors, Surveillance, and Biometric Technologies Center of Excellence. In his early research career, Dr. Ericson pursued basic and applied research in the field of nanotechnology, exploring novel materials and sensors at Rice University and the Naval Research Laboratory.

He has a Bachelor’s degree in physics from Gustavus Adolphus College and a Doctoral degree in Applied Physics from Rice University.

Abstract

IARPA Odin: Detecting Presentation Attack for face, iris and fingerprint biometrics

The US Government uses biometrics to identify persons of interest, but biometric presentation attacks can prevent correct identification. The goal of the Odin program is to develop biometric presentation attack detection technologies to ensure biometric security systems can detect when someone is attempting to disguise their biometric identity.  This talk will provide a summary of the first government controlled test for the Odin program.

Shantanu Rane
Research Area Manager, Palo Alto Research Center (PARC)
Ph.D. Stanford University, Electrical Engineering

Shantanu Rane conducts research at the intersection of signal processing and applied cryptography. His recent work has focused on privacy-aware computation and cyber-physical systems security. Before joining the Palo Alto Research Center (PARC), Rane was a principal researcher at Mitsubishi Electric Research Laboratories (MERL), where he conducted fundamental and applied research on various topics, including secure multiparty computation, visual inference, secure biometrics, distributed source coding, and information hiding.

Rane has participated in standardization activity for the H.264/AVC video coding standard, and the ISO/IEC SC37 Subcommittee on Biometrics. He currently serves as an associate editor for the IEEE Transactions on Information Forensics and Security and the IEEE Signal Processing Letters. From 2011-2013, he served as an elected member of the IEEE Signal Processing Society's Information Forensics and Security Technical Committee (IFS-TC).

Abstract

A Cyber-Physical Systems Perspective on Biometric Security and Privacy

The wide adoption of fingerprint and face recognition on mobile phones has brought biometric recognition firmly into the mainstream. Many of the usability concerns that plagued biometric recognition systems in the past have been addressed. As we let applications use our biometrics to conveniently authorize logins, make payments, and access locked phones, it is easy to ignore the security and privacy risks inherent in biometric system implementation. When we take a look at these risks from a cyber-physical systems (CPSS) perspective, we find that some of these risks fall naturally within the purview of traditional biometrics research, but there are other risks that have nothing to do with biometrics. 

The biometric recognition systems on today’s mobile devices have generally proved successful in preventing adversaries from exfiltrating the enrolled biometric features. However, to enable quick, convenient authentication with a very low false reject rate, these systems take shortcuts that make them vulnerable to a variety of spoofing attacks. Spoofing is less successful in the comprehensive biometric recognition systems that have been developed by governments for civilian and law enforcement applications. Today, these systems maintain massive biometric databases that are, in turn, parts of much larger cyber-physical infrastructure. To assure the security and privacy of these databases, it is necessary not only to harden the protocols used for biometric recognition, but to securely configure the entirety of the system. The biometrics community has worked hard to address the former problem, but the latter problem remains unsolved. Industrial security offerings currently lack the ability to derive system-wide configurations that optimize security and functionality. This can put sensitive biometric data in these systems at risk. 

The past two decades have seen impressive and stimulating research in biometric template protection, which seeks to avoid the privacy risks to biometric databases, by not needing to store biometric features in the clear. However, several thorny problems remain to be solved before template protection systems can be widely deployed. The main issues that the biometrics community has focused on pertaining to preventing loss of performance w.r.t. conventional biometric systems. However, there are other extremely important questions that pertain to the difficulty of key management and key exchange, especially in systems that leverage encrypted-domain computation. As the standardization community will attest, there are several practical difficulties related to performance evaluation, which are made worse by our inability to assign common metrics by which to judge different flavors of template protection.

My hope is that this cyber-physical systems security perspective will help us re-prioritize the problems that are most worth solving in the design of biometric recognition systems.

 

Groups: