Man or morph? How morphing attack detection helps border control against identity fraud

by Michael Schwaiger, secunet Security Networks AG

Biometrics and facial recognition have made border control more efficient and secure. However, there are types of fraud that still pose a challenge, both for border control officers and automated border control systems. These notably include so-called morphing attacks, in which fraudsters make use of ID photos assembled from the facial images of more than one person. Differential morphing attack detection by secunet can solve this problem.

Established security measures provide only limited protection
Perpetrators of morphing attacks use image editing software to merge their biometric passport photos into a single image which then resembles a mixture of two persons. In using that photo for a false passport, both fraudsters are then recognizable as the person in the picture. If the morph is executed well, neither facial recognition software nor the officer at the border control counter will notice the difference between the person and the morphed picture.

This method of fraud predominantly targets automated border control systems. However, it also poses a challenge to humans. Research shows that, on average, people only recognize about 60 percent of the morphs they are shown compared to a trustworthy image. It is notable though that further exposure to morphed images increases people’s performance in the course of the examination. So those who specifically deal with the subject learn to recognize more morphs later on.
Training border control officers is therefore one way to deal with the morphing problem but is only part of the solution. Another method of increasing morphing security is so-called “live enrolment”, which in order to prevent the forgery of personal images in identity documents at the issuing stage, only accepts images taken directly on-site under the supervision of the authorities. The difficulty with this is that even if all European countries were to agree on such a procedure in the future, there will probably always be countries around the world that accept images taken at home for official documents. Consequently, live enrolment alone will never truly overcome the morphing challenge.

Morphing attack detection reliably recognizes morphs
Software algorithms like morphing attack detection (MAD) that recognize facial morphs during automated border control can increase border security substantially. Therefore, work on MAD has increasingly been going on for several years by now. German cybersecurity provider secunet exemplifies this by their development of differential MAD, which creates a facial image and verifies it by comparing it with a second, trusted image. In automated border control, secunet guarantees through live capture that there is always a trusted data source and that the image meets high quality standards. The live image is then compared with the photo in the traveler’s electronic identity document. At this point, the algorithm intervenes and detects any discrepancies.

secunet now relies on a new, even more powerful algorithm, which has already proven to be suitable for everyday use. As with other algorithms like this, a threshold value can be used to fine-tune the algorithm. If set to a false positive rate of 2% (meaning two out of every hundred facial images are misclassified as morphs and have to be manually verified), the algorithm will spot 85 – 88% of all genuine morphs. This presents a huge step in comparison to both human test subjects and previous algorithms.

secunet’s portfolio with morphing protection
The new algorithm is used throughout secunet’s entire border control portfolio and complements other security measures that are already available. Among others, this includes secunet’s easygate automated border control system, which reliably detects a high proportion of so-called presentation attacks, whereby fraudsters attempt to present a false identity using masks.

Furthermore, these include the secunet easykiosk self-service system for easy pre-enrolment of passenger data and the secunet bocoa border control application in combination with the secunet easytower facial image camera. These products and solutions also provide sufficiently high-quality live images for the use as trusted comparison images for differential MAD.

Morphing detection stays challenging
Despite this progress, morphing attacks will likely remain a challenge for the foreseeable future. However, the new algorithm has allowed MAD to take a decisive step forward within a very short period of time and therefore needs to be continually improved, extended and retrained to further reduce error rates going forward. In addition to that, software-based MAD can only be part of the solution; its other cornerstones are live enrolment and the training of border control staff. After all, combatting morphing is as much about people as it is about machines.