Definition & Overview
In biometric security, an injection attack is a type of indirect attack, in which a bona fide biometric trait is digitally replicated and presented to a security system on the internal, software level. This in turn tricks a recognition system into making a specific decision. (Although hardware-level attacks are also possible.) Among all else, it can be used for biometric spoofing.
Video injection attacks follow a similar algorithm. The only distinction is that they employ photos or video footage as a replica of a targeted person. This media is covertly presented to the authentication system — hence the term injection — which then makes a decision to authorize or reject the subject. Injection attacks are not classified Presentation Attacks (PAs) as footage is not physically presented to the camera.
As noticed by Antispoofing.org, video injection attacks have become more common since the advent of smart devices. Remote identity proofing (RIDP) and onboarding greatly rely on user verification conducted with the help of smartphone cameras. Additionally, the onset of the deepfake technology has made this injection attacks highly insidious.
in liveness taxonomy, it is suggested that liveness taxonomy challenge-based systems are at a higher risk since digital face manipulations can effectively bypass them. For example, a technology akin to Face2Face, based on a Recurrent Neural Network (RNN), enables a perpetrator to copy a target’s face and literally use it as a digital mask — the so-called face re-enactment. This solution copies head rotation, movement and facial expressions in real time, which can subvert a challenge-based system.
Availability of deepfake tools — such as Generative Adversarial Networks stockpiled on GitHub — further aggravates the seriousness of the issue. As reported by Sensity, the overall amount of deepfakes produced and circulated has shown a nearly exponential growth since at least 2019.
General Scheme of Biometric Systems & Types of Injection Attacks
As summarized by the ISO/IEC 30107-1 standard, a biometric system typically has 9 attack points (or vulnerability points). In turn, they serve to classify attack types that are separated into Direct and Indirect.
General Biometric System Scheme
The following attack points are outlined according to ISO/IEC 30107 standard:
Type 1 — Sensor attack
Type 1 is classified as the only Direct attack. In this scenario, a replicated biometric feature known as Presentation Attack Instrument (PAI) — facial mask, falsified fingerprint, fake iris — is presented to a system’s sensor physically. If the targeted biometric system is not equipped with a liveness detection component, it cannot prevent this attack.
Type 2 — Communication channel attack
Starting with type 2, attacks are classified as indirect. At this stage the communication channel connecting the sensor and feature extraction components is threatened.
Type 3 — Feature extraction module attack
This type of attack is aimed at the feature extraction module to manipulate the biometric feature values (biometric template) and fool the system.
Type 4 — Feature value theft
This attack type implies that a culprit can steal a bona fide person’s biometric feature values when they are transferred from the feature extractor to the matcher.
Type 5 — Matcher attack
In this case a matching algorithm can be sabotaged to make it deliver a specific matching score: a high one for an impostor attack or a low one for a concealment attack.
Type 6 — Biometric template attack
In this attack, a perpetrator attempts to intercept the biometric template transferred from the system database to the matcher. The template can then be stolen, replaced or tampered with.
Type 7 — Database attack
A Type 7 attack indicates that the content of the system’s database can be tampered by modifying or deleting the existing models or adding new ones.
Type 8 — The match score attack
To affect the decision-making algorithm, an attacker will tamper the match score. It is set between 0 and 100% and transmitted between the matcher and the decision module. Thus, an attacker can get a decision in their favor.
Type 9 — Decision attack
Finally, an attacker can affect the verdict reached by the decision module. This is done by tampering the correspondence transferred between the decision module and the application device. This attack scenario is considered the most critical due to the binary nature of the match decision process.
Injection Attack Types
Injection video attacks are separated into Software-level and Hardware-level.
Then, a culprit can make a hook aimed at the camera of a gadget and overwrite the video stream by injecting photos or videos, including deepfakes prepared in advance. This step is especially vital if the perpetrator needs to bypass a challenge-based system.
This approach has two central steps:
- Using a module that converts HDMI stream to MIPI CSI.
- Connecting the mentioned module to an LCD controller board to finalize the attack device.
After the device is ready, it can be used to masquerade the HDMI output coming from a PC as a native video stream of an attacked device.
As reported, hardware-level approach is superior compared to software-level: it provides lower latency, helps to avoid focus blur and HSL space color loss, mitigates frequency response distortion, remains compatible with multiple applications, ensures fake media import in real time, and so on.
Protection Against Video Injection Attacks
A proposed solution employed a modified version of the WebAuthn protocol of attestation and authentication supported in web browsers. (The GitHub page.) The core idea of the solution implies usage of public and private keys. Further algorithm includes these steps:
- Once the media has been captured, its hash will be signed with a private key.
- When the media is submitted, its hash will be computed again on the server side with the same hash function and then signed with a public key.
- If the signed hash matches the hash of the received media, then the media will be considered authentic and will be cleared of tampering.
Remote Image Attestation serves to further validate authenticity of the media submitted by confirming the website identity, its Trusted Computing Base (TCB) level, and so on.
An experiment was hosted, in which doctored photos, a few deepfake types and a morphed video were used as injection attack tools. The experiment focused on bypassing both passive and active security systems. Interestingly, the tested system was enhanced with additional security layers dedicated to injection attacks.
Experiment results are presented below:
It appears that even specialized security solutions can at least be partly vulnerable to the video injection attacks. In the case of regular systems that do not have such elements, the success rate of injection attacks will be much higher.
Other Cases of Injection Attacks
Video injection attacks are observed in some other fields as well.
False Image Injection Prevention in Medicine
A peculiar example shows a visual injection attack, in which one of the wisdom teeth was hidden on purpose. It is noted that consequences can be far more detrimental if scans of vital organs will be modified and replaced with malicious intentions. Various examples of falsified medical data further prove how vital anti-spoofing for IoT is.
Injection Attacks in Automotive Ethernet-Based Networks
Autonomous vehicles and in-vehicle networks (IVNs) are also vulnerable to injection attacks, among which are Content-addressable memory (CAM) table overflow, fuzzing, replay attack, command injection, and other scenarios. To prevent the potential threat, authors suggest IDS monitoring of the AVTP streams to exclude injections, collecting automotive Ethernet packets, and other techniques.
- Face2Face: Real-time Face Capture and Reenactment of RGB Videos
- Awesome-GANS-and-Deepfakes on GitHub
- Report 2019: The State Of Deepfakes
- ISO/IEC 30107-1:2016 Information technology — Biometric presentation attack detection — Part 1: Framework
- Animaze by FaceRig
- Video injection attacks on remote digital identity verification solution using face recognition
- Frida Tutorial 1
- Video injection attack algorithm aimed at bypassing a liveness detection system
- Biometric Authentication Under Threat: Liveness Detection Hacking
- Example of an LCD controller board
- Ensuring the Authenticity and Fidelity of Camera data
- WebAuthn protocol
- Webauthn.io on GitHub
- False image injection prevention using iChain
- Convolutional Neural Network-based Intrusion Detection System for AVTP Streams in Automotive Ethernet-based Networks