Remote Identity Proofing: Definition & Potential Threats
Remote identity proofing (RIDP) is a procedure that allows a person to digitally prove that he/she is who they claim to be ("natural person" in liveness classification) via a specific online service. Such a proofing can be performed with the help of a mobile gadget or web camera.
For identity proofing, a person needs to present their face and a document used as a proof of identity. Remote identity verification is widely used by many enterprises, including online banking, retail, legal services etc.
Remote identity proofing is a requirement of protocols such as Anti Money Laundering (AML) and Know Your Client (KYC). AML seeks to prevent tax evasion and other money-related criminal activities, while KYC helps to mitigate online fraud, identity theft, false chargebacks, and terrorism sponsoring.
Remote identity proofing provides numerous benefits to the companies, as it boosts digital onboarding enhanced with biometric antispoofing. Its biggest advantage is reduced or almost no service times.
At the same time, remote identity proofing is also exposed to threats. Malicious actors can bypass identity verification with the help of various techniques collectively known as presentation attacks (PAs). PAs range from primitive tools, such as printed photos, to more sophisticated techniques, according to facial Antispoofing Wiki.
Generic Identity Proofing System
A typical identity proofing system suggests two steps according to a report by ENISA.
- Facial verification. At this stage a person provides their facial features for further analysis. The system extracts them from the video or image to identify the applicant and make sure that they are a living person.
- Legal verification. This step is necessary for creating a reference image. A photo will be extracted from a valid, government-issued document like driver’s license, ID, passport, birth certificate etc. and used as a reference image.
Usually, this two-step procedure is done via a mobile application or a browser extension. The captured data will be either transmitted via an encrypted channel or analyzed directly on a person’s smart gizmo. Opinions vary on whether images or videos should be submitted for facial verification.
On one hand, static images have a small size (few kilobytes) and allow storing and processing huge amounts of data. Moreover, photo-based proofing minimizes the so-called customer friction.
On the other hand, videos help to mitigate fraud attempts more effectively as more data is provided (up to 100 frames and more). However, processing of video samples incurs higher cost and storage, resulting in increased customer friction.
Video-based antispoofing solutions can be just as vulnerable to the PAs, as photo-based approaches. Fraudsters are now known to use techniques like Generative Adversarial Networks (GANs) and face swapping etc. to create a realistic forgery to fool the system.
Remote Identity Proofing: Methods & Solutions
Remote Identity Proofing (RIDP) involves a vast repertoire of methods and solutions.
General Methods
General RIDP methods include the following steps:
Liveness check
Liveness check is essential, as it aims at verifying that a person presented is alive. Fraudsters often use silicone masks, printed photos or deepfakes produced using apps like Face2Face. There are two types of liveness detection: active and passive.
Active method is challenge-based and requires a person to perform an action to get verified. Passive method works in the background and is more preferable: it decreases customer friction and stays immune to reverse engineering.
Document authentication
This step is responsible for authenticating documents that confirm a person’s identity. According to ENISA, techniques such as machine-readable lines (MRZ) and e-passports with microprocessor chips containing biometric info can successfully assist this step. For instance, such a document can be scanned with an NFC module for remote identity check.
However, a serious barrier to the use of chip-enhanced passports and IDs is their limited use compared to traditional paper based documents. Currently, there are only about 2 billion smartphones with NFC in the world, which further hinders the potential of this idea.
An alternative solution includes two stages: a) Tilting a document to make sure that it is present in a physical form b) Analyzing security features and unique details — such as a country’s coat of arms — to exclude a forgery.
Another promising technique is the Public Key Infrastructure (PKI). It includes a Private key, used by the government for signing the document and a Public key, which confirms that the document is authentic.
GANT
GANT, which stands for Gaze Analysis Technique, is a liveness detection technique. Its concept is focused on oculomotor plant, gaze direction, and even mental/emotional state analysis. The method takes into consideration pupil position and corneal-reflections that indicate the gaze and fixation points.
For the research a Tobii eye tracker, near infra-red light emitting diodes and ClearView software were used. The results revealed that gaze is a characteristic that is unique to every human. Therefore, it can be used as part of soft biometrics in minimizing the need for passwords.
TRUST
Unified Structural Touch-Display or TRUST is a fingerprint-based authentication method. It is used to exclude replay attacks that can possibly compromise remote identity verification.
A number of novelty and common techniques are used for TRUST. One of them is FLock — a touch display module capable of collecting and analyzing distribution of touches from the phone owner.
According to the paper, smartphone and the server can exchange security data: Message Authentication Code, fingerprint authentication template, frame hash, and so on. Moreover, this method does not rely on cookies for constant verification of the user’s identity.
Double Compression Detection Method
The idea behind this approach is that video tampering leaves easy-to-detect clues due to double compression. To alter a video, three steps are commonly taken:
- Decompressing the original file.
- Altering its content.
- Recompressing it before it reaches the destination server.
Detecting double H.264 compression through such means as macroblock prediction, can easily reveal a forgery, including tampered mobile videos.
Gait Analysis & Face Recognition
Gait analysis focuses on identifying a walking person. Among all else, it observes the ground reaction force (GRF) variation, as it is distinctive and relatively easy to measure. This is done using an SVM (support vector machine) classifier.
This concept uses face recognition combined with a decision-making algorithm and is designed for monitoring security areas such as airports, campuses, banks, and so on.
AuthentiScan
AuthenticScan (AS) is a service which provides identity verification. Its mechanism includes presenting an ID together with a selfie/video of a person in question. After that, AS checks the data against the global ID database, conducts a liveness scan and runs the data through PEP and Sanction lists, to exclude possible fraud attempts. It employs ultraviolet optical dullness response, Machine Readable Zone check, etc.
Countermeasures Against Remote Identity Proofing Attacks
The ENISA report suggests a few remedies to prevent RIDP attacks:
Environment control
This implies that hardware, applications and communication channels must be under control of the concerned authorities. Monitoring quality of photos and videos, their metadata, as well as detecting possible attack patterns is crucial to excluding malicious attempts.
ID control
Using UV prints, machine-readable lines, holograms, microchips and other authenticity indicators helps to make sure that a document has not been lost, expired, fabricated or stolen.
Presentation attack detection (PAD)
Detecting liveness is the key to detecting and averting a PAD. Techniques like blinking and pupil dilation analysis, illumination-based analysis, fingerprint and blood pulse scanning etc. have proven to be accurate in this regard.
Organizational control
This step implies following the standards in biometric security: ISO/IEC 30107, ISO/IEC 27001, FIDO certification, and others.
Process control
Finally, extra countermeasures and their usage should be discussed. This includes presenting additional documents for identity verification, checking behavioral patterns (especially if they seem suspicious), setting requirements for real-time and asynchronous identity verification, and so on.
Standardization
Typically, standardization of RIDP includes 4 stages:
Identification data acquisition
This step requires video of the user's face and their ID. They can be acquired as a single video or two separate samples. The terminal for collecting data can belong to the service provider, client or user. Besides, data confidentiality must be guaranteed.
Data verification
Previously obtained data should undergo liveness check, document verification and comparison of the person’s face with their ID photo.
Evidence file production
In this step, an evidence file is created. It contains the collected identification data, verification dossier, as well as verification results.
Results sharing
Finally, results are shared with the business or entity requesting identity verification. Their details specify the outcome of the verification, success or failure and provide additional findings if necessary.
Social & Ethical Issues of Remote Identification
Handbook of Digital Face Manipulation and Detection mentions that remote identity proofing raises a few serious concerns. One of them is collecting a vast amount of biometrical data, which is "irreversible" and highly sensitive.
In case this data gets leaked and is used for malicious intents by another party, the original owner of that data will be unable to prove their innocence in the attempted fraud or data misuse.
Another threat of the "false negatives" is highlighted by Kloppenburg and Van der Ploeg. It implies that certain ethnical or age groups, such as American Indians or senior people, are subject to false negatives when a system declines to verify them by mistake. This can lead to unwanted consequences: problems with departure and travelling, getting placed on a watch list, treated with undeserved suspicion, and so on.
FAQ
Remote identity proofing (RIDP) definition
Remote identity proofing is a method to validate information regarding a user’s identity online.
Remote Identity Proofing (RIDP) allows authenticating the identity of a person who tries to access a system remotely. A number of techniques are used for RIDP. Mostly techniques focus on checking the liveness of a user by employing sensors of a smart deivce: camera, fingerprint scanner or a microphone.
Liveness detection is often coupled with document authentication, which extends the effectiveness of RIDP even further. Both paper and chip-enhanced documents — like an e-Passport — can be used for this purpose. RIDP is widely used in e-KYC and AML to protect banking, online commerce, telehealth, and other transactions.
Is it possible to identify a person online?
A natural person can be identified online with a number of existing tools.
The Remote Identity Proofing (RIDP) concept suggests that a user can be authenticated online without requiring their physical presence. This is possible due to a) Enrollment stage b) Liveness check.
The enrollment stage collects data regarding a user’s identity: name, address, contact details, and other similar information. Additionally, biometric parameters are added as an extra security measure: fingerprints, eye retina scans, voice samples, or face images.
Next, a system matches the stored and presented biometric signals, while also checking a person’s liveness to exclude spoofing attacks via Gaze Analysis Technique, minutia analysis, etc.
How to identify a person remotely?
Remote identification of a person is done using techniques such as liveness detection.
First envisioned by ENISA, Identity Remote Proofing (RIDP) implies that a user can be verified without their physical presence. For that purpose, two essential steps are required: document authentication and liveness detection.
Document authentication helps to verify the person through the government-issued documents: IDs, driver’s licenses, and others. Liveness check helps guarantee that a person is alive and that their biometric components — eye retina, fingerprints, voice — are not counterfeit and truly belong to them. RIDP typically relies on smart gadgets and web cameras as its 'sensors'. As an added measure, social media of a user in question can also be used as a proof.
How does remote identification of a person happen?
Remote identity proofing usually includes three stages.
As proposed by ENISA, remote identity proofing (RIDP) must include three stages:
- Attribute/evidence collection. Information from legal documents, databases, ID providers, and other sources is collected.
- Attribute/evidence validation. At this stage, authenticity of the provided data is confirmed or disproved.
- Identity attributes + application binding. Finally, it must be confirmed that relation between identity attributes and evidence belongs to the user, and they are genuinely who they claim to be.
Despite the detailed methodology, the RIDP algorithm is impossible to orchestrate without proper liveness detection.
What are the main methods of remote identification?
Remote identification employs four primary methods.
Remote Identification relies on 4 chief methods:
- Video with operator. It can include a simple video call or usage of a state-of-the-art system for identifying a person.
- Remote automatic. It relies on low-cost face recognition, liveness detection and identity card assessment solutions.
- Electronic identification means. It links electronic ID (eID) to a person’s documents.
- Certificate based. This method employs electronic qualified signatures and seals.
These methods must be assisted with liveness detection techniques to prevent fraud, especially in light of the common use of deepfake nowadays.
How to prevent remote identity proofing attacks?
Liveness detection is the primary preventive measure when it comes to identity spoofing.
Remote identity proofing is quite vulnerable as modern crime tools allow producing high-quality counterfeits. Liveness detection helps reveal these attacks by checking whether a physiological characteristic is real or not. These identifiers include face, fingerprints and finger geometry, voice, eye retina, face, handwriting used in signatures, and others.
All of them can be stolen at least digitally and later replicated with deep learning, 3D printing, etc. But if access is attempted with an artificial physiological characteristic, the system will discard it as a spoofing attack.
Are there any attempts to standardize the procedure of verifying a person online?
Remote idntity verification is essential to KYC and AML mechanisms.
Remote identity proofing or RIDP is mandatory in such protocols as Know Your Client (KYC) and Anti-Money Laundering (AML). Both are avidly utilized throughout the world by financial institutions, electronic commerce, and other entities.
RIDP methods follow some facial antispoofing standards. Plus, more local legislations and international guidelines have been proposed in the recent past. France suggests a certification by the National Cybersecurity Agency of France (ANSSI). The European Union Agency for Cybersecurity (ENISA) sets general requirements for remote identity proofing and anti-spoofing.
Can biometrics be used for identity proofing?
Biometrics are essential for successful identity proofing.
Identity proofing allows verifying the identity of someone without their physical presence. However, it opens a broad leeway for scammers who try to get authorized as bona fide users. They employ a rich arsenal of Presentation Attack Instruments (PAIs) to fool an identification system.
Liveness detection can help mitigate the threat by analyzing the biometric signals or cues of the user. These signals are nonexistent in PAIs — deepfake videos, paper masks, photographic paper cutouts, or audios replayed on the high definition speakers. Consequently, liveness detection can lead to successful antispoofing.
What are the main attacks in remote identity proofing?
There are three main attacks aimed at remote identity proofing and are classified as video, audio, and fingerprint based attacks. Attack types can be further classified based on sophistication and applied techniques.
Spoofing attacks that target Remote Identity Proofing (RIDP) vary in finesse and technical nuances. Some start at a rudimentary level, such as photo cutouts while others are rather advanced and rely on deep learning and artificial intelligence.
They can be separated into:
- Video attacks. Targeting smartphone and web cameras, they involve physical masks, printed photos, as well as digital face manipulations.
- Audio attacks. Impersonation, voice conversion and cloning are used to "hijack" a target’s voice.
- Fingerprint attacks. Fake fingerprints made from a material like gelatin are aimed at finger scanners.
Other attacks can target a victim's handwriting, eye properties, etc.
What are the main countermeasures against deepfake attacks in remote identity proofing systems?
Liveness detection is highlighted by experts as the main countermeasure against deepfakes in remote identity proofing systems.
Remote Identity Proofing can be protected with liveness detection, which is acknowledged as the best anti-deepfake tool. Liveness detection includes a wide repertoire of effective techniques.
Facial deepfakes can be spotted with the Gaze Analysis Technique, which focuses on oculomotor plant. Double Compression Detection allows spotting artifacts — often invisible to a human — in the video stream left by tampering.
Inconsistency analysis can detect mismatches between speech sound and lip movements that are often observed in deepfakes. POCO method can detect synthesized or pre-recorded voice, by exploring pop noises, etc.
References
- Legal Definition of natural person
- Anti Money Laundering
- Know Your Client
- Remote Identity Proofing - Attacks & Countermeasures
- What is Customer Friction and Why is it Important?
- Worldwide mobile data pricing 2021
- Nepalese E-passport with a microchip
- Machine-readable lines in a Hungarian ID
- A guide to getting remote identity verification right
- GANT: Gaze analysis technique for human identification
- Continuous Remote Mobile Identity Management Using Biometric Integrated Touch-Display
- Statistical H.264 Double Compression Detection Method Based on DCT Coefficients
- Remote Identity Verification Using Gait Analysis and Face Recognition
- AuthenticScan (AS)
- Remote identity verification service providers