Android Gets New Anti-Spoofing Feature to Make Biometric More Secure

Biometric authentications, like the fingerprint, IRIS, or face recognition technologies, smoothen the process of unlocking devices and applications by making it notably faster and secure.

.

New Biometric Metrics to Identify Spoofing and Imposter Attacks

In brief, ‘False Accept Rate’ defines how often the biometric model accidentally classifies an incorrect input as belonging to the targeted user, while ‘False Reject Rate’ records how often a biometric model accidentally classifies the user’s biometric as incorrect.

Google says none of the given metrics is capable enough to precisely identify if biometric data entered by a user is an attempt by an attacker to make unauthorized access using any spoofing or impostor attack.

In an attempt to resolve this issue, in addition to FAR and FRR, Google has now introduced two new metrics—Spoof Accept Rate (SAR) and Imposter Accept Rate (IAR)—that explicitly account for an attacker in the threat model.

“As their names suggest, these metrics measure how easily an attacker can bypass a biometric authentication scheme,” Vishwath Mohan, a security engineer with Google Android team, says.

“Spoofing refers to the use of a known-good recording (e.g., replaying a voice recording or using a face or fingerprint picture), while impostor acceptance means a successful mimicking of another user’s biometric (e.g., trying to sound or look like a target user).”

Google to Enforce Strong Biometric Authentication Policies

  • It will prompt the user to re-enter their primary PIN, pattern, password or a strong biometric if the device is inactive for at least 4 hours (such as when left at a desk or charging).
  • In case, you left your device unattended for 72-hours, the system will enforce policy mentioned above for both weak and strong biometrics.
  • For additional safety, users authenticated with weak biometric would not be able to make payments or participate in other transactions that involve a KeyStore auth-bound key

.

credits: TheHackerNews

CEH Course In pune | Slink

 

 

Ashwini Gurne

Ashwini Gurne is a software developer and also a contributor for Security leaks. As a contributor, her aim is to work on latest technologies and to spread cyber awareness among general public.

Leave a Reply

Your email address will not be published. Required fields are marked *