SIST-TS CEN/TS 17262:2019

SLOVENSKI STANDARD
SIST-TS CEN/TS 17262:2019
01-februar-2019
2VHEQDLGHQWLILNDFLMD2GSRUQRVWSURWLQDSDGRPQDELRPHWULþQRSUHGVWDYLWHY
8SRUDEDSULHYURSVNHPDYWRPDWL]LUDQHPPHMQHPQDG]RUX
Personal identification - Robustness against biometric presentation attacks - Application
to European Automated Border Control
Persönliche Identification - Empfehlungen zur Sicherung der biometrischen Belastbarkeit
Europäischer ABC-Systeme gegenüber Manipulationen
Identification personnelle - Recommandations pour garantir la robustesse de la biométrie
dans les systèmes de contrôle frontalier automatisés européens contre les attaques de
présentation
Ta slovenski standard je istoveten z: CEN/TS 17262:2018
ICS:
35.240.15 ,GHQWLILNDFLMVNHNDUWLFHýLSQH Identification cards. Chip
NDUWLFH%LRPHWULMD cards. Biometrics
SIST-TS CEN/TS 17262:2019 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------

SIST-TS CEN/TS 17262:2019

---------------------- Page: 2 ----------------------

SIST-TS CEN/TS 17262:2019


CEN/TS 17262
TECHNICAL SPECIFICATION

SPÉCIFICATION TECHNIQUE

December 2018
TECHNISCHE SPEZIFIKATION
ICS 35.240.20
English Version

Personal identification - Robustness against biometric
presentation attacks - Application to European Automated
Border Control
Identification personnelle - Recommandations pour Persönliche Identifikation - Empfehlungen zur
garantir la robustesse de la biométrie dans les Sicherung der biometrischen Belastbarkeit
systèmes de contrôle frontalier automatisés européens Europäischer ABC-Systeme gegenüber Manipulation
contre les attaques de présentation
This Technical Specification (CEN/TS) was approved by CEN on 10 September 2018 for provisional application.

The period of validity of this CEN/TS is limited initially to three years. After two years the members of CEN will be requested to
submit their comments, particularly on the question whether the CEN/TS can be converted into a European Standard.

CEN members are required to announce the existence of this CEN/TS in the same way as for an EN and to make the CEN/TS
available promptly at national level in an appropriate form. It is permissible to keep conflicting national standards in force (in
parallel to the CEN/TS) until the final decision about the possible conversion of the CEN/TS into an EN is reached.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania,
Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Turkey and United Kingdom.





EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION

EUROPÄISCHES KOMITEE FÜR NORMUNG

CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2018 CEN All rights of exploitation in any form and by any means reserved Ref. No. CEN/TS 17262:2018 E
worldwide for CEN national Members.

---------------------- Page: 3 ----------------------

SIST-TS CEN/TS 17262:2019
CEN/TS 17262:2018 (E)
Contents

European foreword . 4
Introduction . 5
1 Scope . 6
2 Normative references . 6
3 Terms and definitions . 6
4 Abbreviated terms . 7
5 Presentation attack detection overview in ABC system . 8
5.1 Obstacles to presentation attacks in ABC system . 8
5.2 Impostor attacks . 8
5.2.1 General . 8
5.2.2 Verification of an eMRTD credential . 8
5.2.3 Identification in a Registered Traveller Programme use case . 9
5.2.4 Concealer attacks . 9
5.3 Level of attack potential to consider . 9
6 Minimal accuracy requirements guideline for ABC systems . 10
7 PAD evaluation in ABC systems . 10
7.1 Overview . 10
7.2 Artefacts Properties . 10
7.2.1 Overview . 10
7.2.2 Artefacts for facial biometrics . 10
7.2.3 Artefacts for fingerprint biometrics . 11
7.3 Artefact creation and usage . 12
7.4 Metrics for the evaluation of ABC systems . 13
7.4.1 General metrics . 13
7.4.2 Metrics for an impostor attack scenario with eMRTD credentials . 14
7.4.3 Metrics for an impostor attack scenario in Registered Traveller Programme . 14
7.4.4 Metrics for concealer attack scenario . 14
7.4.5 Considerations on statistical relevance . 14
8 Logging, data protection and privacy . 14
9 Usability and the environment . 15
Annex A (informative) Examples of attack potential ratings . 16
A.1 General . 16
A.2 Framework for the calculation of attack potential . 16
A.3 Considerations for rating factors in ABC systems . 18
A.3.1 Overview . 18
A.3.2 Elapsed time . 18
A.3.3 Window of opportunity: Access to the TOE . 18
A.3.4 Window of opportunity: Access to biometric characteristics . 19
2

---------------------- Page: 4 ----------------------

SIST-TS CEN/TS 17262:2019
CEN/TS 17262:2018 (E)
A.4 Examples of application to ABC systems . 19
A.4.1 Overview . 19
A.4.2 Impostor Attack against a face-based ABC system in an eMRTD credential
verification scenario . 19
A.4.3 Impostor Attack against a fingerprint-based ABC system for Identification in a
Registered Traveller Programme scenario . 20
A.4.4 Concealer Attack against a watchlist in an ABC system . 21
Bibliography . 23


3

---------------------- Page: 5 ----------------------

SIST-TS CEN/TS 17262:2019
CEN/TS 17262:2018 (E)
European foreword
This document (CEN/TS 17262:2018) has been prepared by Technical Committee CEN/TC 224
“Personal identification, electronic signature and cards and their related systems and operations”, the
secretariat of which is held by AFNOR.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN shall not be held responsible for identifying any or all such patent rights.
According to the CEN-CENELEC Internal Regulations, the national standards organisations of the
following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria,
Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia,
France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta,
Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Turkey and the United Kingdom.
4

---------------------- Page: 6 ----------------------

SIST-TS CEN/TS 17262:2019
CEN/TS 17262:2018 (E)
Introduction
EU Member States issue electronic passports (ePassports) containing a smart-card chip that stores
biometric data. The biometric data stored is a face image and two finger images of the holder, except for
Ireland and the UK, which issue ePassports containing only a face image. A number of EU Member
States have deployed automated border control (ABC) systems that automate border checks for EU
citizens in possession of an ePassport. An ABC system authenticates the ePassport, verifies that the
traveller is the rightful holder of the ePassport by comparing presented biometric characteristics with
biometric data stored in the ePassport, queries border control records (possibly involving biometric
identification of the traveller in watchlists), and finally determines eligibility of border crossing
according to pre-defined rules, without intervention of a border guard. Border guards can supervise
several ABC lanes and intervene whenever something does not work as expected or the traveller hits a
watchlist.
Even though supervised, ABC systems are potentially vulnerable to biometric presentation attacks. A
biometric presentation attack (or spoofing) is the presentation of artefacts or human characteristics to
the biometric capture subsystem in a fashion that may interfere with the system policy. Techniques for
the automated detection of presentation attacks are called presentation attack detection (PAD)
mechanisms.
This document deals with best practice recommendations regarding the PAD capabilities of European
ABC systems.
5

---------------------- Page: 7 ----------------------

SIST-TS CEN/TS 17262:2019
CEN/TS 17262:2018 (E)
1 Scope
This document is an application profile for the International Standard ISO/IEC 30107. It provides
requirements and recommendations for the implementation of Automated Border Control (ABC)
systems in Europe with Presentation Attack Detection (PAD) capability.
This document covers the evaluation of countermeasures from the Biometrics perspective as well as
privacy, data protection and usability aspects. Technical descriptions of countermeasures are out of
scope. Enrolment, issuance and verification applications of electronic Machine Readable Travel
Documents (eMRTD) other than border control are not in scope. In particular, presentation attacks at
enrolment are out of scope.
The biometric reference data can be stored in an eMRTD and/or in a database of registered travellers.
This document covers:
• biometric impostor attacks and
• biometric concealer attacks in a watchlist scenario.
This document addresses PAD for facial and fingerprint biometrics only.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 2382-37, Information technology — Vocabulary — Part 37: Biometrics
ISO/IEC 30107 (series), Information Technology — Biometric presentation attack detection
CEN/TS 16634, Personal identification - Recommendations for using biometrics in European Automated
Border Control
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 2382-37, CEN/TS 16634,
ISO/IEC 30107 (series) and the following apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
• IEC Electropedia: available at http://www.electropedia.org/
• ISO Online browsing platform: available at http://www.iso.org/obp
3.1
automated border control system
ABC system
automated system which authenticates the electronic machine readable travel document or token,
establishes that the passenger is the rightful holder of the document or token, queries border control
records and other relevant records or databases, then determines eligibility of border crossing
according to the predefined rules
6

---------------------- Page: 8 ----------------------

SIST-TS CEN/TS 17262:2019
CEN/TS 17262:2018 (E)
3.2
imposter attack presentation match rate BASIC
IAPMR
BASIC
in an evaluation of an ABC system in a verification scenario, maximum value of IAPMR obtained by a PAI
species of attack potential BASIC among those evaluated
3.3
imposter attack presentation identification rate BASIC
IAPIR
BASIC
in an evaluation of an ABC system in an identification scenario, maximum value of IAPIR obtained by a
PAI species of attack potential BASIC among those evaluated
3.4
concealer attack presentation non identification rate BASIC
CAPNIR
BASIC
in an evaluation of an ABC system in a watchlist identification scenario, maximum value of CAPNIR
obtained by a PAI species of attack potential BASIC among those evaluated
4 Abbreviated terms
The abbreviated terms shown in Table 1 are used in this document.
Table 1 — Abbreviated Terms
Abbreviations Terms
ABC Automated Border Control
APCER Attack Presentation Classification Error Rate
APMR Attack Presentation Match Rate
APNRR Attack Presentation Non-Response Rate
BPCER Bona Fide Presentation Classification Error Rate
BPNRR Bona Fide Presentation Non-Response Rate
CEN European Committee for Standardization
CAPNIR Concealer Attack Presentation Non-Identification Rate
CAPNIRBASIC Concealer Attack Presentation Non-Identification Rate
BASIC
eMRTD electronic Machine Readable Travel Document
EU European Union
FTA Failure to Acquire
FMR False Match Rate
FNIR False Negative Identification Rate
FNMR False Non Match Rate
FPIR False Positive Identification Rate
FS-PD Full System Processing Duration
GDPR General Data Protection Regulation
7

---------------------- Page: 9 ----------------------

SIST-TS CEN/TS 17262:2019
CEN/TS 17262:2018 (E)
Abbreviations Terms
IAPIR Imposter Attack Presentation Identification Rate
IAPIR Imposter Attack Presentation Identification Rate BASIC
BASIC
IAPMR Imposter Attack Presentation Match Rate
IAPMR Imposter Attack Presentation Match Rate BASIC
BASIC
IEC International Electrotechnical Commission
ISO International Organization for Standardization
PAD Presentation Attack Detection
PAI Presentation Attack Instrument
TOE Target of Evaluation
TS Technical Specification
5 Presentation attack detection overview in ABC system
5.1 Obstacles to presentation attacks in ABC system
By definition, biometric presentation to ABC systems is not directly supervised by an operator. An
operator should be present but is typically monitoring several ABC systems at the same time.
Intervention by the operator may be requested by the system if a fraud attempt is detected, or if the
capture subject is identified against a watchlist, which are the outcomes an attacker wants to avoid. The
operator will also become actively involved in a transaction if a capture subject fails to be recognized by
the system after a certain number of attempts. In this case of multiple rejections, human intervention is
needed to check the identity credential of the capture subject before processing through the border is
allowed.
The absence of direct supervision means that attackers may use artefacts with only limited visual
plausibility. Nevertheless, the presence of an operator nearby means the attacker could attract attention
by using artefacts which are too voluminous (like fake heads for example) or using fraud techniques
which take more time or more attempts than normally needed to cross ABC systems.
Abnormal or lengthy activities during presentation at ABC systems may also attract attention from
other people crossing the ABC systems and raise alarm.
5.2 Impostor attacks
5.2.1 General
Biometric imposters aim to attack a system by impersonating the biometric characteristics of another
person.
In order to be effective, the artefact is successfully matched and presentation attack detection does not
raise any alarm.
5.2.2 Verification of an eMRTD credential
An attacker may have acquired an eMRTD credential and the corresponding biometric characteristics of
the rightful user. The attacker will hence create an artefact mimicking these characteristics in order to
be verified when presenting the artefact at the ABC system. While the attacker may have stolen the
credential and used subterfuge to acquire the biometrics data (like latent fingerprint), it is also possible
that the owner of the credential is an accomplice and has provided high-quality samples of fingerprints
or the face.
8

---------------------- Page: 10 ----------------------

SIST-TS CEN/TS 17262:2019
CEN/TS 17262:2018 (E)
5.2.3 Identification in a Registered Traveller Programme use case
In cases where biometric characteristics acquired in an ABC system are identified against a data set of
authorized or registered travellers, the attacker may target a specific identity upon which they have
acquired the characteristics. Alternatively, the attacker may also target any registered identity in the
data set by using an artefact with high false positive identification probability.
The attacker may also try to re-activate remaining latent fingerprints on the sensor left by the previous
legitimate user.
5.2.4 Concealer attacks
Biometric concealers aim to attack a system by hiding their biometric characteristics. The purpose is
not to be matched against a biometric watchlist or similar system. The eMRTD used by the concealer
attacker is not related to their true identity. The attacker also seeks to not attract unwanted attention
from personnel by triggering, for example, multiple “Failure To Acquire (FTA)” signals, so the artefact
might have characteristics likely to be confused with genuine biometric characteristics. In order to be
successful, the artefact does not raise any alarm from presentation attack detection. In the context of
ABC systems, the goal of an attacker is not to be recognized but still to be able to cross the border. The
attacker has two ways to achieve this:
1. The attacker may try to exploit the system policy for managing unsuccessful biometric verification.
Typically, after a given number of failed attempts fixed by the system policy, an ABC system user
will be redirected to a human officer for manual check.
NOTE This document only addresses the presentation of biometric characteristics to a sensor, the fallback
processes that could be implemented by the system policy after a failure are out of scope.
EXAMPLE As only one officer typically monitors several ABC systems, the manual check after an ABC system
rejection could be less adequate than a regular manual check in case of overcrowded border. Therefore, the
attacker could rely on forged identity credentials to proceed through the border after having been rejected by
automated access.
2. Alternatively, the concealer attack could be accompanied by an impostor attack where the attacker
tries to match the biometric data stored in the eMRTD with that of another identity.
5.3 Level of attack potential to consider
ISO/IEC 30107-3 and ISO/IEC 19989 ([1], currently under development by ISO/IEC JTC 1/SC 27) refer
to the Common Criteria terminology to evaluate the potential of presentation attacks. Attack potential
can be rated as being “Basic”, “Enhanced-Basic”, “Moderate”, “High” or “Beyond-High”. Examples of
Attack Potential Ratings can be found in Annex A. The level of attack potential considered for an
evaluation is a major factor as it will determine what kind of attacks the system is supposed to be
resilient to.
The attack potential rating is influenced by the level of knowledge available to an attacker on the
system. To reduce an ABC system’s vulnerability, technical details available publicly about the PAD
method used should therefore be minimal. Ideally, ABC systems should not be available on the general
public market to avoid easy access for attackers and limit the opportunity to test and elaborate specific
attack methods.
Attack potential will be greatly influenced by the level of technological know-how required to produce
artefacts. As information on most generic attack methodologies can be found quite easily in scientific
papers or on websites by potential attackers, ABC systems should at least be resilient to attack methods
requiring low or moderate technical means and ability.
9

---------------------- Page: 11 ----------------------

SIST-TS CEN/TS 17262:2019
CEN/TS 17262:2018 (E)
ABC systems should, for example, have countermeasures to detect attacks requiring no specific
technical ability and very common means (like camera or printing machine) as well as attacks requiring
limited technical ability (like the capacity to acquire latent fingerprints) and less common resources
(like silicon material or similar).
6 Minimal accuracy requirements guideline for ABC systems
An ABC system shall be resistant to presentation attacks requiring the attack potential BASIC.
A system under test in an eMRTD verification impostor attack scenario is considered resistant to
attacks if IAPMR is below 20 %.
BASIC
A system under test in a Registered Traveller Programme impostor attack scenario is considered
resistant to attacks if IAPIR is below 20 %.
BASIC
A system under test in a concealer attack scenario is considered resistant to attacks if CAPNIR is
BASIC
below 20 %.
7 PAD evaluation in ABC systems
7.1 Overview
This section gives recommendations on how an evaluator should conduct a PAD evaluation to assess
the resilience of an ABC system PAD mechanisms to attacks.
An ABC system evaluation should be considered a full-system evaluation as described in
ISO/IEC 30107-3.
Special care should be taken by the evaluator to describe the precise use case of the TOE and the
evaluation scenario.
7.2 Artefacts Properties
7.2.1 Overview
This section presents common examples of artefacts for facial and fingerprint biometrics which would
be rated as having BASIC attack potential, requiring low or moderate technical ability. These constitute
examples of the minimal artefacts that an evaluator of an ABC system should consider when testing a
system
The examples in this section would be rated as BASIC for most sensors and systems on the market. Still
some factors involved in Attack Potential computation, like Knowledge of TOE and Window of
Opportunity, are TOE-specific, and should be computed accordingly for any new PAD evaluation of a
system by the evaluator.
Explicit technical details are not given and more refined and advanced techniques are not described. An
evaluator should nevertheless try to establish vulnerabilities of the system under evaluation and test
other type of artefacts.
7.2.2 Artefacts for facial biometrics
Even without complicity of the targeted identity, the increase of photograph sharing in social networks
makes it quite easy for impostor attackers to acquire very high quality facial images of the targeted
identity. The increase in small digital cameras also allows the discrete direct acquisition of facial images.
The attack may be presented to the sensor by:
• putting a printed face (paper sheet, photocopy, photograph, t-shirt) in front of/on the sensor:
10

---------------------- Page: 12 ----------------------

SIST-TS CEN/TS 17262:2019
CEN/TS 17262:2018 (E)
• the print can be planar or presented on a curved support;
• this type of attack requires no technical know-how and facial images of the target are easy
to obtain by an impostor attacker. Taking the window of opportunity and operator
supervision into account, these kind of attacks would be rated as having BASIC attack
potential in most evaluation scenarios;
• putting the face displayed on the screen of a digital media (tablet, smartphone, laptop) in front
of/on the sensor:
• in case of display on a screen, the presentation can be static or a video;
• similarly to a printed attack, these kind of attacks would be rated as having BASIC attack
potential in most evaluation scenarios;
• and presenting a mask moulded on the targeted face or produced from a 3D model of the face
(interpolated from a 2D acquisition or directly acquired with a 3D camera):
• this can include facial masks which can be personalized and bought rapidly and cheaply
from an online supplier or very realistic full head silicon masks;
• depending on the technical difficulty of building the mask, attack potential may vary for this
type of attack.
The impostor may also try to impersonate the targeted identity by using elaborate make-up which
changes biometric characteristics or artefacts to have a doppelganger appearance.
NOTE Cell twins might attack ABC systems by using the passport of the second twin. PAD mechanisms would
not be able to detect such an attack.
ABC systems should not misclassify minor appearance changes as artefacts used either for concealer or
impostor attacks presentation. For example, a person’s appearance could differ from their stored facial
reference for several reasons, such as:
• use of glasses (corrective or sunglasses),
• change of hairstyle (colour, cut, added hair extension…),
• use of contact lenses (with and without colour change),
• use of make-up,
• newly grown/shaven or different length or style of beard/moustache and/or
• a new facial scar.
7.2.3 Artefacts for fingerprint biometrics
7.2.3.1 Artefacts for an impostor attack in an eMRTD credential verification scenario
Impostor attackers may use fake fingerprint(s) made in advance, with or without the complicity of the
individual whose identity is faked. The fingerprint may have been obtained through different methods,
e.g., a high quality photograph of the hand of the person, a fingerprint image from a sensor or inked
impression latently revealed by black powder or other means. The fingerprint could also have been
directly moulded (generally with complicity). The attack could be presented to the sensor by:
11

---------------------- Page: 13 ----------------------

SIST-TS CEN/TS 17262:2019
CEN/TS 17262:2018 (E)
• putting the fingerprint printed on a document (paper sheet, photocopy, photograph) or a specific
material in front of/on the sensor.
This type of attack requires no technical know-how. The main difficulty for an impostor attacker is
finding the opportunity to acquire a fingerprint sample from the target. This type o
...