WG3 report on Biometric Data Format and Related Standards Christoph Busch - ISO/IEC JTC1/SC37 WG3 Convenor - Martigny 2016-01-18 Meetings Gjovik • 2015-06-22 to 2015-06-26 Martigny • 2016-01-11 to 2016-01-15 • THANKS to Sebastien Marcel for hosting us Christoph Busch 2 Biometric Data Interchange Formats Christoph Busch 19 Generation 2 of ISO/IEC 19794 G1 19794-1:2006 -2: 2005 -3: 2006 -4: 2005 -5: 2005 -6: 2005 -7: 2007 -8: 2006 -9: 2007 All parts binary encoding -10: 2007 G2 19794-1:2011 19794-1 AMD2 XML Framework 19794-1 AMD1 Conformance testing methodology -2: 2011 -4: 2011 -5: 2011 -6: 2011 -7: 201x -2: 2015 -4: 2015 -5: 2016 -6: 2016 -7: 2015 -8: 2011 -9: 2011 -11: 2013 -13: 201x -14: 2013 -15: 201x -9: 2015 the semantic (i.e. general header / structure of representation header) equivalent for binary encoded and XML encoded parts in G2 Christoph Busch 21 Consolidated Documents Consolidated Document for 19794-4:2005 • COR1 integrated Consolidated Document for 19794-5:2005 • AMD1,AMD2, COR1, COR2, COR3, COR4 integrated • Special group spotted defects - DCOR5: ‣ Defect 1: length of image data block was introduced ‣ Defect 2: inconsistency in version number “010” vs. “020” ‣ Defect 3: Table 16/31 inconsistent numbers for W Christoph Busch 29 Consolidated Documents Martigny options to publish consolidated documents • 6.) ask again TMB via JTC1 to publish the cons-doc as reprint as “19794-5:2005” (according ISO directive 2.10.2) with reference to the precedence from the SC27 project ‣ see: ISO/IEC JTC 1 Standing Document N 8 Maintenance of International Standards: Clause 3.2.1: A published IS may subsequently be modified by the publication of a technical corrigendum (or corrected version of the current edition). Technical corrigenda are normally published as separate documents, the edition of the IS affected remaining in print. However, the ITTF shall decide, in consultation with the Secretariat of JTC 1 or SC, and bearing in mind both the financial consequences to the organisation and the interests of users of the IS, whether to publish a technical corrigendum or a corrected version of the existing edition of the IS. ‣ precedence case: ISO/IEC 15408-1, -2 and -3 are published in 2011/2014 as corrected versions and third editions of the 2008/2009 standards. ‣ Christoph Busch 31 Consolidated Documents Martigny action for YOU - RESOLUTION 3.19 ‣ All SC37 heads of delegation are requested to inform their JTC 1 representatives about the crucial importance of the Resolution 3.18 and the JTC 1 ballot as a prerequisite for achieving this goal. ‣ WG 3 asks the following National Body representatives to approach the National TMB (Technical Management Board) members to ask for support when the TMB ballot regarding the ISO/IEC 19794-5:2005 reprint is started: ‣ AFNOR France - Pierre Gacon, ANSI USA – Michaela Miller BSI United Kingdom – Peter Waggett, DIN Germany – Ulrike Pöhlmann DSM Malaysia – Salwa Denan, GOST RF – Igor Spiridonov JISC Japan – Asahiko Yamada, KATS RK – Young-Bin Kwon SA Australia – Michael Matheson, SABS SA – Bill Perry / Llewellyn Louw SAC China – Jian Gao, SIS Sweden – Knut Lindelien SFS Finland – Lauri Toivio, Switzerland - Sébastien Marcel • The WG 3 secretary will inform the National Body representatives when the resolution is approved at the SC 37 plenary and also when the TMB ballot is started. Christoph Busch 32 G3 development Martigny: Decision on project organization - G1-cons • Independent form the TMB decision we will initiate to change the JTC1 directives - to allow explicitly reprint of standards that are older than 3 years (according ISO directive 2.10.2) - then publish the cons-doc as reprint • Fallback plan ‣ If TMB approves our request for a reprint - we do nothing ‣ if TMB decision is negative and JTC1 has NOT changed the directives by Nov 2016: - we will publish the cons-doc as Standing Document (i.e. SC37-WG3-SD1) in livelink Christoph Busch 36 Part 13: voice data ISO/IEC 19794-13 Martigny status • Consolidation of XML schema & description with 19794-1 AMD 2 and other G2 projects ( e.g., 19794-4) • Removal of incomplete & unattended annex B (guidelines for assembling a database) • Disassembling of field "SubjectRepresentation", sub-fields to other fields • Excluding implementation details from data format: ‣ signal enhancement and conversational type as simple strings or (new) complex structures Christoph Busch 46 Part 13: voice data ISO/IEC 19794-13 Gjøvik status • clarification of utterance versus representation • which data fields are data privacy sensitive Christoph Busch 47 Part 15: Palm crease image data ISO/IEC 19794-15 • A standard image interchange format for biometric systems that utilize human palm crease pattern images (alias palm lines) • The format will contain detailed pixel information, units of measurement, description of imaging area of body, and imaging methods such as transparency or reflectance image Christoph Busch 49 Part 15: Palm crease image data Martigny Decisions • No major comments • Draft must be aligned with 19794-1 and 4 • Inclusion of XML sample file Christoph Busch 50 Related Standards and Trends Christoph Busch 60 Biometric Sample Quality G2-version completed for • ISO/IEC 29794 Part 1: framework • ISO/IEC 29794 Part 6: iris image data Revision running for • ISO/IEC 29794 Part 4: finger image data ‣ upgrade from TR to IS to incorporate NFIQ2.0 findings see: http://www.nist.gov/itl/iad/ig/development_nfiq_2.cfm Christoph Busch 61 Biometric Sample Quality Revision ISO/IEC 29794-1:2016 Definitions • Same as before, but allow for a vector of quality blocks Goal: • Actionable quality • Each quality score is in the range 0 to 100. Source: ISO/IEC 29794-1 Christoph Busch 63 Biometric Sample Quality - Finger Revision ISO/IEC 29794-1:2016 Martigny Decisions • 100 % approval on FDIS ballot • QAID values 1 - 32767 are reserved for SC37 defined metrics. This is a normative requirement • The IDs 32768 - 65535 can be used by vendors • The schema in Clause 7.2 must be harmonized with the schema published with ISO/IEC 19794-1 AMD2 • do progress: publication Christoph Busch 64 Biometric Sample Quality - Finger Revision ISO/IEC 29794-1:2016 Gjøvik Decisions • QAID overview Christoph Busch 66 Biometric Sample Quality - Finger Revision ISO/IEC 29794-4:201x Martigny Decisions • As for the iris standard a distinction between normative and non-normative features will be introduced • Histogram based approach has changed the global metrics (Histogram instead of mean-over-blocks) ‣ each histogram suited metric will have a sub-clause describing the bin-boundaries used in NFIQ2.0 ‣ arithmetic mean and standard deviation will remain ‣ which individual feature shall be reported? Best would be those that are human understandable and can impact an action. • New features: ‣ ROI mean, ROI Orientation Map Coherence Sum • do not progress: 3rd CD - CRM on 2016-05-11 Christoph Busch 69 Biometric Sample Quality - Finger Revision ISO/IEC 29794-4:201x Martigny Decisions • Features that should be reported or not ‣ non-histogram features (mean, std-dev, global) will be reported. Table 2 (as in 29794-6) will be included • US contribution WG3N296 on Minutiae count and minutia quality will be included • The NFIQ2.0 report was made available to SC37WG for comments (Livelink Drop-in-box) • NFIQ2.0 will be presented at IBPC-2016 on May 3 to 5 Christoph Busch 70 Biometric Sample Quality - Iris ISO/IEC 29794-6:2015 Iris image data • Scope: ‣ methods used to quantify the quality of iris images, ‣ normative requirements on software and hardware producing iris images, ‣ normative requirements on software and hardware measuring the utility of iris images, ‣ terms and definitions for quantifying iris image quality, and ‣ a standardized encoded iris image quality data record. Christoph Busch 75 Biometric Sample Quality - Iris ISO/IEC 29794-6:2015 Iris image data • Metrics based on an empirical study Iris Quality Calibration and Evaluation (IQCE): E. Tabassi, P. Grother, and W. Salamon, “Performance of Iris Image Quality Assessment Algorithms”, NIST Interagency Report 7820, September 30, 2011 • 14 elements proposed for quality vector ‣ Metrics: Usable iris area, Iris-sclera contrast, Iris-pupil contrast, Pupil boundary circularity, Grey scale utilisation, Iris radius, Pupil to iris ratio, Iris pupil concentricity, Margin adequacy, Sharpness, Frontal gaze – elevation, Frontal gaze - azimuth, Motion blur ‣ Enumerated flag for presence of anomalies Christoph Busch 76 Liveness Detection ISO/IEC 30107-1:2016 Presentation Attack Detection • Attacks on Biometric Systems Source: ISO/IEC 30107-1 nspired by N.K. Ratha, J.H. Connell, R.M. Bolle, “Enhancing security and privacy in biometrics-based authentication systems,” IBM Systems Journal, Vol 40. NO 3, 2001. Christoph Busch 77 Presentation Attack Detection ISO/IEC 30107 - Scope • terms and definitions that are useful in the specification, characterization and evaluation of presentation attack detection methods; • a common data format for conveying the type of approach used and the assessment of presentation attack in data formats; • principles and methods for performance assessment of presentation attack detection algorithms or mechanisms; and • a classification of known attacks types (in an informative annex). Outside the scope are • standardization of specific PAD detection methods; • detailed information about countermeasures (i.e. anti-spoofing techniques), algorithms, or sensors; • overall system-level security or vulnerability assessment. Christoph Busch 78 Presentation Attack Detection Definitions in ISO/IEC 30107 PAD - Part 1: Framework • presentation attack presentation to the biometric capture subsystem with the goal of interfering with the operation of the biometric system • presentation attack detection (PAD) automated determination of a presentation attack Definitions in ISO/IEC 2382-37: Vocabulary http://www.christoph-busch.de/standards.html • impostor subversive biometric capture subject who attempts to being matched to someone else's biometric reference • identity concealer subversive biometric capture subject who attempts to avoid being matched to their own biometric reference Christoph Busch 79 Presentation Attack Detection ISO/IEC 30107 - Definitions • presentation attack instrument (PAI) biometric characteristic or object used in a presentation attack • artefact artificial object or representation presenting a copy of biometric characteristics or synthetic biometric patterns Types of presentation attacks (General Noun) (Adjectives describing categories) (Qualifying adjectives) Source: ISO/IEC 30107-1 Christoph Busch 80 Presentation Attack Detection Biometric framework with PAD Source: ISO/IEC 30107-1 Christoph Busch 81 Presentation Attack Detection ISO/IEC IS 30107-1 Standard • now available in the ISO-Portal http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=53227 Christoph Busch 82 Presentation Attack Detection ISO/IEC 30107-1: Examples of Artificial and Human Presentation Attack Instruments Source: ISO/IEC 30107-1 Christoph Busch 84 Presentation Attack Detection - Testing Methodology in ISO/IEC 30107 Presentation Attack Detection - Part 3: Testing and reporting • Security Evaluation ‣ for evaluations using the Common Criteria Framework ‣ Protection Profile (PP) (e.g. from German BSI) ‣ Security Target (ST) ‣ Evaluation Assurance Level (EAL) ‣ Assessment of the attack potential ‣ „if there is at least one artefact that can reproducibly successful attack the PAD-component - then the PAD failed the test“ • Other approaches ‣ for evaluations in academic and technology development ‣ tolerating the limited statistical significance of small test set - the statistical distribution is unknown and for sure not normal ‣ „ a score based metric can tell us, if the method improved“ Christoph Busch 85 Presentation Attack Detection - Testing Definition of PAD metrics in ISO/IEC 30107-3 • Attack presentation classification error rate (APCER) proportion of attack presentations incorrectly classified as Bona Fide presentations at the component level in a specific scenario • Bona Fide presentation classification error rate (BPCER) proportion of Bona Fide presentations incorrectly classified as attack presentations at the component level in a specific scenario Christoph Busch 86 Presentation Attack Detection 30107 parts • Part 1 - Framework ‣ Elaine Newton ‣ status: IS - published • Part 2 - Data formats ‣ Olaf Henniger ‣ status: 3rd CD • Part 3 - Testing and Reporting ‣ Michael Thieme ‣ status: 2nd CD Christoph Busch 87 Presentation Attack Detection - Part3 Martigny Status • What is an attack type? What is an attack? • What is a better term for “normal presentation”? ‣ Bona Fide presentation (in analogy to “Bona Fide traveller”) ‣ In consequence we assume that a “biometric presentation” also contains mutilated fingerprint presentations • Change from artefact series to PAI series in order to cover e.g. altered fingerprint detection • Method of calculating attack potential Christoph Busch 88 PAD-Standard and FIDO FIDO - on 9th September 2015 Source: R. Lindemann (NokNok) - 2015 Christoph Busch 89 WG3 Roadmap G3 19794-1:201x Generation 3: - The common semantics amongst all parts will continue to form the Framework of Generation 3 - All parts will exist in a XML and/or binary version with a (revised) harmonized semantic - Again Conformance testing will be included in Annex A of each part Christoph Busch 94 G3 development Data Interchange Format • Widely adopted and deployed in large number • Reflecting need for distributed systems with XML encoding • Reflecting need for actionable feedback with quality vectors • Reflecting need for secure system with PAD encoding Results from discussion with SC17 WG3 • Definition on transition period from G1 to G2 in ICAO 9393 • Suitable revision cycles for definition in ICAO 9303 • Forward and backwards compatibility • Transcodability from XML to BIN and vice versa Working on concepts in a Special group Christoph Busch 95 G3 development Martigny: Special group report • XSD root • We need ASN.1 (DER) and XML, and we want a single root, with (other) serialization format specifications derived from the root. We must have serialization formats that are interoperable, independent of tool provider/vendor. We want “pretty” xml/xsd, such that code binding tools produce “usable” class structures. Christoph Busch 96 G3 development Martigny: Special group report • ASN.1 root • Previous Investigation on ASN.1 to XML conversion • Using different tools, the XML output was different and noninteroperable from the same ASN.1 file input • Need manual corrections - XML output was not “pretty” • ASN.1 root favored by SC17/WG3 Christoph Busch 97 G3 development Martigny: Special group report • Dual encoding suggested (two roots) Christoph Busch 98 G3 development Martigny: Special group report • New component in SD16 ‣ Converter ASN.1-to-XSD (Olaf Henniger) ‣ Converter XSD-to-ASN.1 (based on X.694 standard) (Greg Cannon) ‣ Harmonization assurance test (using sample data records) (RL) Christoph Busch 99 G3 development Martigny: Discussion on project organization • we will have a letter ballot NWIP after the July meeting • we will create a SG to prepare BD on part 1,4, 5 and to augment the scope • Once we start G3 (in July 2016) we will ask ITTF for the project number 39794-x Christoph Busch 103 ICAO - SC17 WG3 Martigny: ICAO Portrait Quality resolution: “SC37 experts are requested to submit comments on the draft ICAO TR posted to SC37 WG N0292 on Face Portrait Quality. Comments should be submitted to the SC37 secretariat by February 29th, 2016” Christoph Busch 104 CCTV - 30137-3 Status Martigny • New scope proposed thus NWIP, which should become part 4. • Title: Use of biometrics in video surveillance systems - Part 4 Ground truth and video annotation procedure • Scope: ‣ What information inserted in the ground truth of a video ‣ How to establish a standard ground truth for annotating video ‣ Procedures for handling multiple subjects in a representation ‣ The encoding of the ground truth information. ‣ Methodology description for annotating the video ‣ The kind of metadata to be inserted in the video stream. ‣ The desired video quality (linked with the ISO IS 22311 – Level 2 MPEG4 encoding). Christoph Busch 110 Joint Meeting WG1 WG2 WG3 WG5 - Forensics Gjøvik: Presentation by Didier Meuwly • Close overlap with the existing SC37 work on fusion and calibration of scores ‣ scores in its raw form do not mean anything ‣ there is a purpose for courts but also for the general interpretation of score ‣ what if the priors are not calculated correctly? - teach all the jurisdiction to understand the process and depending of the alternative hypothesis the strength of evidence will change ‣ Could this be a NWIP for an IS or a TR Christoph Busch 122 Revision of ISO/IEC 19795-1 Gjøvik: Presentation Andreas Nautsch • Is there a dependency of the score normalization of the algorithm? ‣ we don’t know, if it is normalized but we do know that there is strong quantization of the scores • there are systems that are just providing decisions but no scores • how should we calculate the costs? ‣ NIST has done so in the SRE • the challenge is modeling. How can this be done ‣ PLDA is a solution for this • before we can insert these metrics, we need a part 8 to establish priors and we need a part 9 how to establish costs ‣ unlike for FMR / FNMR for these metric noise will not be averaged out • WG5: there is value in this type of approach. Suggestion for TR Christoph Busch 123 References List of projects Christoph Busch 125 References Information on WG3 status • • and a ppt-copy of theses slides are available at: http://www.christoph-busch.de/standards-sc37wg3.html Christoph Busch 126