In recent years we’ve seen face, voice and fingerprint identification software move from Sci-Fi films into real life affordable devices, such as smartphones and tablets. The TABULA RASA consortium, which is supported by EU research and innovation investment, has set out to identify just how well this new software works, in particular against the growing phenomenon of “spoofing ” i.e. using everyday materials such as make-up, photographs and voice recordings to subvert or directly attack biometric systems.
Biometric systems have proven to be one of the most efficient security solutions available today. However, some biometric sensor vulnerabilities still exist, including some which have been well publicised in the International media. The TABULA RASA consortium comprises 12 different organisations across seven countries that have worked together over a period of three years to research as many vulnerabilities as possible, to develop countermeasures accordingly and ultimately a new breed of safer biometric systems.
In the course of its research, TABULA RASA hosted a “Spoofing Challenge,” which invited researchers from around the world to develop attack plans and to attempt to deceive various biometric systems. Participants showed that there are many different and creative ways to attack the systems. The most innovative attack proposed during this challenge used make-up to spoof a 2D face recognition system and succeeded in being recognised as the victim. Other contestants used well-known attacks such as photographs, masks or fake fingerprints (“gummy fingers”) to successfully spoof the systems.
Dr Sébastien Marcel, Coordinator of the TABULA RASA project, said: “It would have been impossible to conduct such large scale research and to collaborate with so many EU partners without the investment from the European Union. As well as more secure devices and information, the improved software will offer quicker log-ins to IT equipment and faster more accurate border control and passport verification. We believe that many different organisations will be interested in our research including technology companies, post offices, banks, manufacturers of mobile devices or online service providers.”
The EU invested €4.4 million in the TABULA RASA project, which was used alongside a €1.6 million investment by the Consortium to carry out the extensive research and testing involved.
The TABULA RASA research project has made an extensive list of possible spoofing attacks, evaluated the vulnerability of biometric systems to such attacks, and developed countermeasures that for instance detect signs of “liveness” (e.g. blinking, perspiration) and improve security of biometric systems. TABULA RASA has already transferred five of these countermeasures to companies. This in-depth knowledge about spoofing attacks allows European industries to maintain their leadership by improving conception of future spoofing-proof biometric sensors, thus opening up the huge potential of biometric technology.
The project is expected to create jobs within the European SME sector as the results are integrated into commercialised solutions. For example, KeyLemon, a Swiss based start-up, has integrated a face recognition software countermeasure, developed by TABULA RASA, into a final product. The expertise developed in the TABULA RASA project helped KeyLemon to secure a series A investment of $1.5M, creating jobs within the company. Morpho (Safran), the world leader in biometric solutions, is also deeply involved, bringing its invaluable expertise and market vision to the consortium.
Ryan Heath European Commission spokesman responsible for the Digital Agenda and digital technologies said; “Many of us keep personal and confidential information on our smartphones and tablets, so we need to have confidence that we can fully rely on these biometric tools. The European Commission is pleased with TABULA RASA’s success so far. No other research group has achieved such advanced results in biometrics to date.”
About the TABULA RASA Consortium
The TABULA RASA project brings together 12 research and industry partners from 5 Member States, Switzerland and China. It is led by the Idiap Research Institute (Switzerland) and also involves the University of Southampton (UK), University of Cagliari (Italy), University of Oulu (Finland), Universidad Autonoma de Madrid (Spain), EURECOM (France), a Graduate school and research centre in communication systems, Morpho (Safran) (France), the world leader in biometric solutions, Starlab Barcelona (Spain), a company that turns science into technologies, the Chinese Academy of Sciences (China), KeyLemon (Switzerland), a company providing convenient and secure access solutions based on face and speaker recognition, BIOMETRY (Switzerland), a company providing multimodal simultaneous biometrics with random challenge response, and the Centre for Science, Society and Citizenship (Italy).
About EU-funded research in this field
The European Commission currently supports research in cyber security and online privacy through the Framework Programmes (currently FP7) and the Competitiveness and Innovation Programme ICT Policy Support Programme. For the period 2007-2013, €350 million were invested in this field and at least €500 million are likely to be available under Horizon 2020.
With this research, the Commission wants to develop trustworthy ICT solutions ensuring a secure and reliable digital environment in Europe. This research addresses security, trust and privacy coherently from technological, economic, legal, social perspectives, helping to promote innovation and economic growth in the EU, while protecting Europe’s society, economy, assets and fundamental rights.
The European Parliament and Council are currently discussing the Cybersecurity Strategy for the European Union and a Directive on Network and Information Security presented by the European Commission in February 2013 to make the EU’s online environment the most secure in the world.
For more information about Cybersecurity and Online Privacy go to
Brochure on ICT Trust & Security Research in FP7 and on Digital Agenda for Europe website