As attack vectors increase with the burgeoning of the Internet of Things (IoT), the Defense sector is exposed to different risks that require increasingly advanced authentication techniques. Today’s threat players are using more sophisticated social engineering tactics, credential-stuffing botnets, and account takeover tactics to pull off all sorts of attacks. According to the IBM Security’s Future of Identity Report, identity fraudsters have stolen USD 112 billion over the past six years – that’s approximately USD 35,600 every minute. Advanced authentication methods in Defense can help identify malicious actions while reducing unwanted speed bumps in the online experience.
Biometric solutions are typically used for security and access control across businesses and government organizations. Voiceprint, facial recognition and fingerprinting as biometrics have become commonplace in identity assurance. Recently Cardiac, Iris and gait recognition are also gaining acceptance.
Biometric verification is any means by which a person can be uniquely identified by evaluating one or more distinguishing biological traits. There are two categories of biometric identification and recognition solutions: Physical and behavioral. Physical biometric solutions use distinctive and measurable characteristics of particular parts of the human body, such as a person’s face, iris, DNA, vein, fingerprints, etc., and transform this information into a code understandable by the AI system. Behavioral biometric solutions operate in a similar way, except they use unique behavioral characteristics, such as a person’s typing rhythm, way of interaction with devices, gait, voice, etc.
This encoded biometric information is stored in a database and digitally sampled during authentication and verification. A record of a person’s unique characteristic is captured and kept in a database. Later on, when identification verification is required, a new record is captured and compared with the previous record in the database. If the software matches the data in the new record with that in the database record, the person’s identity is confirmed, it then grants the appropriate level of access.
Fingerprint recognition is one of the oldest, simple to install, and low-cost technology; therefore, it finds numerous applications and is widely adopted by many industries. In travel and immigration, fingerprint recognition technology is used in e-passports, e-visas, and driving licenses to authenticate an individual. In the consumer electronics industry, fingerprint recognition technology is used in laptops, computers, and smartphones, among others. Biometric scanners are useful tools to manage relief distributions and cash grants, find and reconnect separated families, and restore lost documentation.
Armies around the world now use biometrics as a way to intensify battlefield awareness and handle encounters with mala fide members which may be hidden in civilian populations. The U.S. military pioneered the usage of biometrics in Iraq and Afghanistan, where biometric indicators such as irises, fingerprints, and facial images were gathered from captured prisoners and other people in the field. Since then, the application of biometrics in military applications has extended significantly. Biometrics are now used to know pirates in the Indian Ocean, trace terrorist travel around the world, and map the relationships between criminal networks that pose military intimidation.
Military and Security require more technologically advanced methods of ensuring security against terrorist activities and Illegal immigration. One of the most effective methods of curbing the same is by creating biometric authentication across borders and airports. “Biometric identification (perhaps at range) may strip away the anonymity that enables insurgents to blend into a society –or will allow future adversaries to identify, track, isolate, and target individual U.S. political or military leaders,” writes DOD report.
Advanced authentication is an approach to authentication which requires the presentation of two or more of the three authentication factors: a knowledge factor – something the user knows, a possession factor – something the user has, and an inherence factor – something the user is. Advanced authentication gives a central place for all authentication systems to be managed. This is critical because companies are usually made to operate and maintain various infrastructures.
Biometrics Enabled Intelligence (BEI) is playing a larger and essential role in U.S. Army intelligence, as described in the latest Army Doctrine Publication (ADP 2-0) for Army intelligence activities. These methods include recognizing an individual based on measurable anatomical, physiological, and behavioral characteristics, as well as intelligence resulting from the combination of biometric information with other intelligence, threat information, or information relating to other aspects.
Specifically, biometrics is being exploited pursuant to the U.S. Army’s new intelligence doctrine for two categories: All-Source and Identity Activities, and Complementary Intelligence Activities. These all-source activities result in the discovery of true identities; linking identities to events, locations, and networks, and revealing hostile intent, thus “enabling tasks, missions, and actions that span the range of military operations.”
However, the current state of biometrics is still facing challenges to successfully mitigate terrorist activities and other digital based financial theft crimes. To turn-over the situation, the market observes a range of research and development activities to integrate biometrics with artificial intelligence. The advanced software algorithm platform of the artificial intelligence (AI) processes information provided by biometric technology to detect and prevent suspicious activities in a bid to counterfeit cyber and physical threats in the community.
US Military and Security Requirements
Biometrics analyze and verify/authenticate individuals based on human physical characteristics such as fingerprints, retinas and irises, palm, speech, and voice, among others. This method of authentication has been extensively adopted, owing to the fundamental advantages it grants because of its non-transferable, non-repudiation, and not-identifiable nature, thus providing a great level of protection against deception and fraud.
“In the initial aftermath of 9/11, government officials immediately recognized the need for improved border control and automated systems for identifying individuals trying to enter the country. New biometrics technologies offered one means of verifying identities and comparing these records against watchlists of potential threats gathered by DoD and other government agencies,” writes COL Glenn Voelz, USA.
“As the United States shifted towards a counterinsurgency strategy, it required population-centric information and refined targeting intelligence for identifying, isolating, and eliminating insurgents from the battlefield. These operational challenges demanded new technologies to enable U.S. forces to detect and identify individual actors, characterize and geo-locate their activities, and understand the structure and function of their networks. This presented an enormous tactical dilemma for soldiers fighting on an irregular battlefield against adversaries who did not wear uniforms and could not easily be distinguished from the local population. As such, identity verification emerged as one of the major technical challenges of the campaigns in Iraq and Afghanistan,”writes COL Glenn Voelz, USA.
In early 2002, a BAT prototype was fielded to Joint Special Operations Command in Afghanistan and first used for enrolling persons of interest detained on the battlefield. By 2003, similar systems were deployed at detention facilities in Iraq for detainee management and later as a tool for generating biometrically enhanced interrogation reporting (Iasso, 2013). By 2004, DoD directed that all U.S. military units worldwide would collect biometric data from detainees (DoD, 2004). One vivid demonstration of the value of this data came in 2011 when 500 Taliban prisoners escaped from Kandahar’s Sarposa prison. All detainees had previously undergone biometric enrollment, and within 1 month 30 individuals were recaptured in the local area as a result of random biometric checks.
The system is fairly good at collecting fingerprints and iris characteristics, which are unique for every individual, but it is less adept at collecting other facial features, said William Graves, the chief engineer for Program Executive Office Intelligence, Electronic Warfare & Sensors noted. A newer system, known as Next Generation Biometric Collection, is currently in the acquisition cycle after having navigated a successful material development decision. Following Soldier feedback, the newer system will be smaller and more lightweight, as well as more rugged and user friendly than what exists now. It will also be more accurate in collecting facial features and should process information in a timelier manner, Graves said.
The new system also takes a multimodal approach to biometric data collection, said Graves. The advantage of multimodal is that if fingerprint or voice recognition fails, an iris scan could still produce a match. The lab, which is only four months old, is moving quickly to develop other modes as well, he said. For example, voice and DNA modes of biometrics identification are in intense development as there is an urgent requirement to get that capability to Iraq by as early as this summer, he said.
For instance, the US Department of Defense (DOD) said the Government Accountability Office (GAO) it intends to have its Identity Matching Engine for Security and Analysis (IMESA) system connected to its Automated Biometric Identification System (ABIS) for vetting individuals for access to all domestic DOD installations and facilities.
The technology found successful implementation across various end-users, such as forensics and governments, among others. Moreover, the widespread availability of fingerprint sensors in affordable mobile devices and government national ID programs have been instrumental in increasing the awareness and adoption of this technology. Biometric identification services serve to protect, through its Office of Biometric Identity Management (OBIM), which supplies the technology for matching, storing, and sharing biometric data.
Also, the lab is exploring ways to integrate biometrics into existing sensors and platforms, he said. Another aspect of improvement that the lab is striving for is making biometrics completely contactless, he said, meaning no operator is needed to collect information from the person. The lab had a demonstration area set up to showcase this new technology. Personnel walked through a screening area. They touched a pad for fingerprints and cameras captured iris and face scans in a matter of seconds without an operator present. The system was able to identify everyone in a matter of seconds.
The lab is also developing biometric processes for capturing video images of persons of interest on the dark web. Graves said the technology for still photos can capture that, but now the algorithms are being developed for video as well.
Researchers improving facial recognition performance
Chinese police have used facial recognition technology to catch criminals at a beer festival. Those caught included one man who had been on the run for 10 years. Eighteen cameras installed at four entrances to the festival identified each of the suspects in under one second, Qingdao police said.
Dozens of other people with criminal records or a history of drug abuse were refused entrance after computers spotted them. According to Qingdao authorities, the system has a 98.1% accuracy rate and sounds an alarm if a subject’s face is found in the police database. Six officers were stationed at each entrance to verify the matches.
China is racing ahead in its use of facial recognition technology, despite widespread concerns about its impact on privacy and civil liberties. It has been installed at Beijing’s historic Temple of Heaven to stop people stealing rolls of toilet paper, and this year China Southern Airlines used facial recognition in place of boarding passes for the first time.
A team of researchers from Maryland’s U.S. Army Research Laboratory have developed a new technique exploiting thermal-imaging that potentially could help improve facial-recognition performance that is otherwise hindered by makeup. Developed by Doctors Nathaniel Short, Alex Yuffa, Gorden Videen, and Shuowen Hu, the new method compares visible, conventional thermal and polarimetric-thermal images of faces before and after the application of face paint.
The researchers have been using polarimetric-thermal imaging, a maturing thermal mode that records the polarization-state information of thermal infrared emission, to collect geometric facial data from thermal imagery. This method could provide several advantages over conventional thermal imaging when matching faces with paints or cosmetics, said Short.The research team describe their findings in The Optical Society (OSA) journal, Applied Optics.
Traditional facial-recognition systems are based on matching clear and well-lit photos captured in the broad light. Recognizing faces using visible-light imaging depends on capturing the reflected light from the edges of facial features. This can be difficult when faces are covered with cosmetics as they tend to distort the perceived shape of the face and degrade the face-recognition accuracy of visual imaging due to the different spectral properties of color pigmentation. In comparison, infrared, thermal signature is naturally emitted from the human face and can be attained passively in low-illumination conditions and even if face paints or cosmetics cover the skin’s surface.
Despite this promising research, Short emphasizes that the development of the new facial-recognition technique is still in its initial stages and that many challenges still exist. “One of the major challenges is the limitation of the existing polarimetric-thermal facial database,” said Short. “Large sample pools are needed to develop and train complex machine-learning techniques such as neural networks computer programs that attempt to imitate the human brain to make connections and draw conclusions.” Another key challenge is in developing algorithms that bridge the large modality gap between visible imaging and polarimetric-thermal imaging for cross-spectrum recognition.
The Intelligence Advanced Research Projects Activity (IARPA), a U.S. government organization that funds academy and industry research, announced the launch of the Odin program in October 2017. Odin aims to develop biometric presentation attack detection technologies to better identify unauthorized user attempts and imposters. IARPA’s other programs such as Biometrics Exploitation Science & Technology and Janus also aim to “significantly advance biometric technologies.”
Iris ID Tech Adopted for Military Communications
The company has announced that its iris recognition technology has been incorporated into Ultra Electronics’ military-focused product portfolio, with integrations into the latest Combat Apps Tactical System (CATS) tablets.
The tablets are designed to offer encrypted, high-speed communications between troops in the field and administrators at headquarters, and will now use Iris ID’s R-100 camera and IrisAccelerator matching software to authenticate soldiers’ identities, matching their iris biometrics against databases stored at military bases.
Iris ID business development and sales VP Mohammed Murad suggested that the technology’s track record points to military applications, asserting that “Iris ID technology has been proven effective worldwide in remote locations and during extreme weather conditions for national ID and other programs.
The Pentagon has a laser that can identify people from a distance—by their heartbeat
The use of biometric technology to identify known enemy combatants is a major theme in military circles right now, and there are multiple tests and trials running to evaluate what works best under different conditions. Challenges include enrollment and identification at a distance, from vehicles, from covert deployments and on the move—and so all kinds of innovative thinking are being applied. Now, the MIT Technology Review has reported that this includes a laser developed for the U.S. military to “identify people from a distance by their heartbeat.”
A new device, developed for the Pentagon after US Special Forces requested it, can identify people without seeing their face: instead it detects their unique cardiac signature with an infrared laser. While it works at 200 meters (219 yards), longer distances could be possible with a better laser. “I don’t want to say you could do it from space,” says Steward Remaly, of the Pentagon’s Combatting Terrorism Technical Support Office, “but longer ranges should be possible.”
Contact infrared sensors are often used to automatically record a patient’s pulse. They work by detecting the changes in reflection of infrared light caused by blood flow. By contrast, the new device, called Jetson, uses a technique known as laser vibrometry to detect the surface movement caused by the heartbeat. This works though typical clothing like a shirt and a jacket (though not thicker clothing such as a winter coat).
The focus for these technologies within the military is the recognition of known threats at distance. The most prevalent solution for standoff biometric detection is facial recognition, but that technology clearly requires visibility of a subject’s face and can be hampered by poor lighting and enrollment imagery.
Jetson, the Pentagon’s new device, “uses a technique known as laser vibrometry to detect the surface movement caused by the heartbeat,” and can reportedly “identify people without seeing their faces… detecting unique cardiac signatures with an infrared laser.” Albeit, it currently only works out to distances of 200 meters, has an accuracy rate of around 95%, and needs a pre-enrolled database of cardiac signatures.
The most common way of carrying out remote biometric identification is by face recognition. But this needs good, frontal view of the face, which can be hard to obtain, especially from a drone. Face recognition may also be confused by beards, sunglasses, or headscarves. Cardiac signatures are already used for security identification. The Canadian company Nymi has developed a wrist-worn pulse sensor as an alternative to fingerprint identification. The technology has been trialed by the Halifax building society in the UK.
Jetson extends this approach by adapting an off-the shelf device that is usually used to check vibration from a distance in structures such as wind turbines. For Jetson, a special gimbal was added so that an invisible, quarter-size laser spot could be kept on a target. It takes about 30 seconds to get a good return, so at present the device is only effective where the subject is sitting or standing.
Remaly’s team then developed algorithms capable of extracting a cardiac signature from the laser signals. He claims that Jetson can achieve over 95% accuracy under good conditions, and this might be further improved. In practice, it’s likely that Jetson would be used alongside facial recognition or other identification methods.
Wenyao Xu of the State University of New York at Buffalo has also developed a remote cardiac sensor, although it works only up to 20 meters away and uses radar. He believes the cardiac approach is far more robust than facial recognition. “Compared with face, cardiac biometrics are more stable and can reach more than 98% accuracy,” he says.
One glaring limitation is the need for a database of cardiac signatures, but even without this the system has its uses. For example, an insurgent seen in a group planting an IED could later be positively identified from a cardiac signature, even if the person’s name and face are unknown. Biometric data is also routinely collected by US armed forces in Iraq and Afghanistan, so cardiac data could be added to that library.
Collecting data is just one of two focuses, Graves said. The other focus is querying the database. Once information from the person is captured, it is transmitted to the Automated Biometric Identification System in West Virginia, he said. The lab is developing deployable ABIS sets for the U.S. European Command, specifically for the upcoming Unified Vision 18 NATO exercise, he said. The portable ABIS system will be deployed in transit cases and can be plugged into existing network architecture, he added. An improved version of ABIS is getting ready for an Army Requirements Oversight Council decision for a new build out of the next increment in April, he said. Graves said that improvements in biometrics are a big deal: “Demand signal from the stakeholder community is high and continues to increase. Foreign military sales are exploding in NATO and elsewhere.”
The U.S. Army Special Operations Command (SOCOM) (www.soc.mil) has posted a request for information (RFT) to evaluate selected exploitation technologies. It seeks technologies including collection, segregation and matching of voice from media or live capture. Rapid DNA hand-held collection, processing, and matching technologies; facial recognition up to one kilometer and dustless fingerprint collection.
According to the report, several government agencies are using biometric technologies for local, state, and federal criminal investigations. In January 2016, the FBI of the US opened a Biometrics Technology Center in North Central West Virginia. The new facility has advanced biometric identification and recognition technology, using human characteristics that provide identification of criminal and national security suspects to law enforcement and military personnel. In March 2016, Northrop Grumman received a contract from the US Army to supply biometric technology to manage investigations, threat inquiries, and other activities associated with the complaints registered and inquiries about any illegal leaks of confidential national security information.
IDENT is central to the Department of Homeland Security’s Biometric Identification Management (OBIM) system, a continually growing database that holds biometric information and other personal data on over 200 million people who have entered, attempted to enter, and exited the US. It’s built around the Automated Fingerprint Identification System (AFIS) supplied by Cogent Systems, now part of Gemalto.
AI in Biometrics and Security
In April 2017, IARPA awarded AI biometric solutions provider Crossmatch a contract of $5.8 million to “develop next-gen biometric presentation attack detection technologies.” In June 2017, it funded a four-year $12.5 million contract to SRI International, an independent, nonprofit research center to “address vulnerabilities in the current biometric security systems,” specifically, fingerprint, iris and face scanners.
Advanced Authentication Market in Defense Industry
The Advanced Authentication Market in Defense Industry is a highly fragmented market. In terms of market share, several major players continue to hold a considerable share in the overall market, especially across developed economies in regions such as North America and Europe. The leaders constantly keep innovating for the new technology and investing in research and development. These companies are leveraging collaborative initiatives to increase their market share and increase their profitability.
The increasing digitization of the defense industry is likely to create new avenues for cyber-criminal activities, and the risk is high as compared to any other sector. The defense industry is investing rigorously in software application and is expected to grow at a fast pace, owing to the increasing integration of digitization and connected devices. Hence, the increasing number of attacks with the rapid adoption of technologies, such as IoT, is driving the growth of the market. The defense industry contains information related to equipment and relevant data, which can be illegally utilized to vandalize a country. In addition, the companies involved in the transfer of enormous amounts of data associated with flight monitoring are the major adopters of advanced authentication.
Gemalto launched its first biometric EMV card into the market. The company highlighted the features of on-card storage technology used to store sensitive biometric information with maximum security. The launch is expected to increase the company’s presence in the contactless payments market.
North America contains a significant share in the market, with the United States governing the advanced authentication market in defense, followed by Canada. The refinement level of professional identity thieves involved in organized crime in the country continues to progress, along with the counter methods firms used to develop. The US military supply chains well-documented obstacle is counterfeit electronics, with about 1800 estimated cases inside the military system. Counterfeits threaten national security and the stories of servicemen. These factors are spurring the need for advanced authentication solutions in this area. Also, growing ransomware attacks are supporting market growth.
The North American advanced authentication segment is registering rapid growth, due to technological advancements and an established infrastructure. Key organizations in the region are adopting advanced authentication tools, to ensure data security. Identity theft is the fastest-growing threat in the region. According to CNBC, 53% of thefts of consumers’ identity data are non-digital, meaning they don’t involve – or at least, don’t start with – the thief exploiting some cyber vulnerability in 2018. Furthermore, North America has established and secure governments, which significantly rely on data security. Identity verification at online checkout systems is widespread in the region.