Remote Identity Proofing Methods

From Antispoofing Wiki

Remote Identity Proofing: Definition & Potential Threats

Remote identity proofing (RIDP) is a procedure that allows a person to digitally prove that he/she is who they claim to be ("natural person") via a specific online service. Such a proofing can be performed with the help of a mobile gadget or web camera.

For identity proofing, a person needs to present their face and a document used as a proof of identity. Remote identity verification is widely used by many enterprises, including online banking, retail, legal services etc.

Remote identity proofing is a requirement of protocols such as Anti Money Laundering (AML) and Know Your Client (KYC). AML seeks to prevent tax evasion and other money-related criminal activities, while KYC helps to mitigate online fraud, identity theft, false chargebacks, and terrorism sponsoring.



Remote identity proofing provides numerous benefits to the companies, as it boosts digital onboarding. Its biggest advantage is reduced or almost no service times.

At the same time, remote identity proofing is also exposed to threats. Malicious actors can bypass identity verification with the help of various techniques collectively known as presentation attacks (PAs). PAs range from primitive tools, such as printed photos, to sophisticated techniques like digital face manipulations.

Generic Identity Proofing System

A typical identity proofing system suggests two steps according to a report by ENISA.

  1. Facial verification. At this stage a person provides their facial features for further analysis. The system extracts them from the video or image to identify the applicant and make sure that they are a living person.
  2. Legal verification. This step is necessary for creating a reference image. A photo will be extracted from a valid, government-issued document like driver’s license, ID, passport, birth certificate etc. and used as a reference image.

Usually, this two-step procedure is done via a mobile application or a browser extension. The captured data will be either transmitted via an encrypted channel or analyzed directly on a person’s smart gizmo. Opinions vary on whether images or videos should be submitted for facial verification.

On one hand, static images have a small size (few kilobytes) and allow storing and processing huge amounts of data. Moreover, photo-based proofing minimizes the so-called customer friction.

On the other hand, videos help to mitigate fraud attempts more effectively as more data is provided (up to 100 frames and more). However, processing of video samples incurs higher cost and storage, resulting in increased customer friction.



Video-based solutions can be just as vulnerable to the PAs, as photo-based approaches. Fraudsters are now known to use techniques like Generative Adversarial Networks (GANs) and face swapping etc. to create a realistic forgery to fool the system.

Remote Identity Proofing: Methods & Solutions

Remote Identity Proofing (RIDP) involves a vast repertoire of methods and solutions.

General Methods

General RIDP methods include the following steps:

Liveness check

Liveness check is essential, as it aims at verifying that a person presented is alive. Fraudsters often use silicone masks, printed photos or deepfakes produced using apps like Face2Face. There are two types of liveness detection: active and passive.

Active method is challenge-based and requires a person to perform an action to get verified. Passive method works in the background and is more preferable: it decreases customer friction and stays immune to reverse engineering.

Document authentication

This step is responsible for authenticating documents that confirm a person’s identity. According to ENISA, techniques such as machine-readable lines (MRZ) and e-passports with microprocessor chips containing biometric info can successfully assist this step. For instance, such a document can be scanned with an NFC module for remote identity check.



However, a serious barrier to the use of chip-enhanced passports and IDs is their limited use compared to traditional paper based documents. Currently, there are only about 2 billion smartphones with NFC in the world, which further hinders the potential of this idea.



An alternative solution includes two stages: a) Tilting a document to make sure that it is present in a physical form b) Analyzing security features and unique details — such as a country’s coat of arms — to exclude a forgery.



Another promising technique is the Public Key Infrastructure (PKI). It includes a Private key, used by the government for signing the document and a Public key, which confirms that the document is authentic.


GANT

GANT, which stands for Gaze Analysis Technique, is a liveness detection technique. Its concept is focused on oculomotor plant, gaze direction, and even mental/emotional state analysis. The method takes into consideration pupil position and corneal-reflections that indicate the gaze and fixation points.

For the research a Tobii eye tracker, near infra-red light emitting diodes and ClearView software were used. The results revealed that gaze is a characteristic that is unique to every human. Therefore, it can be used as part of soft biometrics in minimizing the need for passwords.


TRUST

Unified Structural Touch-Display or TRUST is a fingerprint-based authentication method. It is used to exclude replay attacks that can possibly compromise remote identity verification.

A number of novelty and common techniques are used for TRUST. One of them is FLock — a touch display module capable of collecting and analyzing distribution of touches from the phone owner.

According to the paper, smartphone and the server can exchange security data: Message Authentication Code, fingerprint authentication template, frame hash, and so on. Moreover, this method does not rely on cookies for constant verification of the user’s identity.

Double Compression Detection Method

The idea behind this approach is that video tampering leaves easy-to-detect clues due to double compression. To alter a video, three steps are commonly taken:

  • Decompressing the original file.
  • Altering its content.
  • Recompressing it before it reaches the destination server.

Detecting double H.264 compression through such means as macroblock prediction, can easily reveal a forgery, including tampered mobile videos.

Gait Analysis & Face Recognition

Gait analysis focuses on identifying a walking person. Among all else, it observes the ground reaction force (GRF) variation, as it is distinctive and relatively easy to measure. This is done using an SVM (support vector machine) classifier.

This concept uses face recognition combined with a decision-making algorithm and is designed for monitoring security areas such as airports, campuses, banks, and so on.



AuthentiScan

AuthenticScan (AS) is a service which provides identity verification. Its mechanism includes presenting an ID together with a selfie/video of a person in question. After that, AS checks the data against the global ID database, conducts a liveness scan and runs the data through PEP and Sanction lists, to exclude possible fraud attempts. It employs ultraviolet optical dullness response, Machine Readable Zone check, etc.

Countermeasures Against Remote Identity Proofing Attacks

The ENISA report suggests a few remedies to prevent RIDP attacks:

Environment control

This implies that hardware, applications and communication channels must be under control of the concerned authorities. Monitoring quality of photos and videos, their metadata, as well as detecting possible attack patterns is crucial to excluding malicious attempts.

ID control

Using UV prints, machine-readable lines, holograms, microchips and other authenticity indicators helps to make sure that a document has not been lost, expired, fabricated or stolen.

Presentation attack detection (PAD)

Detecting liveness is the key to detecting and averting a PAD. Techniques like blinking and pupil dilation analysis, illumination-based analysis, fingerprint and blood pulse scanning etc. have proven to be accurate in this regard.


Organizational control

This step implies following the standards in biometric security: ISO/IEC 30107, ISO/IEC 27001, FIDO certification, and others.

Process control

Finally, extra countermeasures and their usage should be discussed. This includes presenting additional documents for identity verification, checking behavioral patterns (especially if they seem suspicious), setting requirements for real-time and asynchronous identity verification, and so on.

Standardization

Typically, standardization of RIDP includes 4 stages:

Identification data acquisition

This step requires video of the user's face and their ID. They can be acquired as a single video or two separate samples. The terminal for collecting data can belong to the service provider, client or user. Besides, data confidentiality must be guaranteed.


Data verification

Previously obtained data should undergo liveness check, document verification and comparison of the person’s face with their ID photo.

Evidence file production

In this step, an evidence file is created. It contains the collected identification data, verification dossier, as well as verification results.

Results sharing

Finally, results are shared with the business or entity requesting identity verification. Their details specify the outcome of the verification, success or failure and provide additional findings if necessary.

Social & Ethical Issues of Remote Identification

Handbook of Digital Face Manipulation and Detection mentions that remote identity proofing raises a few serious concerns. One of them is collecting a vast amount of biometrical data, which is "irreversible" and highly sensitive.

In case this data gets leaked and is used for malicious intents by another party, the original owner of that data will be unable to prove their innocence in the attempted fraud or data misuse.

Another threat of the "false negatives" is highlighted by Kloppenburg and Van der Ploeg. It implies that certain ethnical or age groups, such as American Indians or senior people, are subject to false negatives when a system declines to verify them by mistake. This can lead to unwanted consequences: problems with departure and travelling, getting placed on a watch list, treated with undeserved suspicion, and so on.

References

  1. Legal Definition of natural person
  2. Anti Money Laundering
  3. Know Your Client
  4. Remote Identity Proofing - Attacks & Countermeasures
  5. What is Customer Friction and Why is it Important?
  6. Worldwide mobile data pricing 2021
  7. Nepalese E-passport with a microchip
  8. The State of NFC in 2021
  9. Machine-readable lines in a Hungarian ID
  10. A guide to getting remote identity verification right
  11. GANT: Gaze analysis technique for human identification
  12. Continuous Remote Mobile Identity Management Using Biometric Integrated Touch-Display
  13. Statistical H.264 Double Compression Detection Method Based on DCT Coefficients
  14. Remote Identity Verification Using Gait Analysis and Face Recognition
  15. AuthenticScan (AS)
  16. Remote identity verification service providers