The training was held over four days from 3rd to 6th June 2024, consisting of comprehensive modules designed to enhance the participants’ expertise in biometric security. Each day included a mix of lectures, hands-on demonstrations, and practical sessions. The sessions covered topics such as testing, compliance, certification processes, biometric quality, risks and vulnerabilities, and identity resolution techniques. The structured agenda ensured that participants received both theoretical knowledge and practical skills essential for advancing their capabilities in biometric security evaluation and testing.
The representatives who attended the training, are as follows:

NoNameDesignation
1Ahmad Dahari Bin JarnoHead of Department, MySEF
2Nor Zarina Binti ZamriSenior Analyst, MySEF
3Nur Iylia Binti RoslanAnalyst, MySEF
4Nur Sharifah Idayu Binti Mat RohAnalyst, MySEF
5Nurul Asha Binti JeffridinAnalyst, MySEF

The training was organized to cover a comprehensive range of topics essential for developing expertise in biometric security. Over four days, participants engaged in modules that progressed from fundamental concepts to practical applications. Each day was designed to build on the knowledge gained from the previous sessions, ensuring a thorough understanding of biometric standards, quality management, risks and vulnerabilities, and hands-on laboratory operations. The structured approach facilitated a balanced learning experience, equipping participants with the necessary skills to enhance biometric security measures effectively.

Day 1: Fundamentals of Biometric Security

Module 1: Testing, Compliance, and Certification for Identity and Biometric Solutions.

This module provided an overview of international standards (ISO) for hardware, software, and data accessibility. It covered various frameworks such as eIDAS, TDIF, and national and international standards for biometric data interchange and security. Participants gained an understanding of the importance of these standards in ensuring interoperability and security in biometric systems.

Module 2: Recent Trends in Identity and Biometrics

This module focused on the latest trends in biometric threats, the impact of AI and deepfakes on identity verification, and the advancements in biometric testing standards. Participants learned about the evolving landscape of biometric security and the emerging challenges posed by new technologies.

Figure 1 : Dr. Ted explaining a fingerprint reader product’s features and functionalities.

Day 2: Biometric Quality and Data Analysis

Module 3: Biometric Quality

Emphasis was placed on the importance of quality in biometric systems for maintaining accuracy and mitigating vulnerabilities. Techniques for managing and assessing biometric quality were discussed, including user instruction and automated quality assessment tools. The module also covered standards for fingerprint, face, and iris image quality, such as ISO/IEC 29794-4 and ISO/IEC 19794-5.

Module 4: Biometric Data Analysis

This module introduced the fundamentals of biometric matching, including metrics like False Acceptance Rate (FAR) and False Rejection Rate (FRR). Participants learned data preparation techniques, statistical analysis methods, and exploratory data analysis. The module also covered demographic analysis and performance evaluation of biometric systems, providing insights into effectively handling and interpreting biometric data.

Figure 2 : A lecture session focused on the biometric quality

Figure 3 : A live demonstration of the BXASSURE System

Day 3: Risks and Vulnerabilities

Module 5: Biometric Risks and Vulnerabilities

The focus of this module was on understanding presentation attacks and detection. Participants were introduced to various methods for detecting suspicious presentations, including artefact and liveness detection. Examples of artificial subversive presentations and strategies for mitigation were also discussed, helping participants recognize and counteract potential security threats.

Module 6: Biometrics Modalities – Common Vulnerabilities

This module provided an in-depth look at common vulnerabilities across different biometric modalities. Through case studies and examples, participants learned about the specific weaknesses in face, fingerprint, iris, voice, and other biometric systems. This knowledge is crucial for developing robust security measures against these vulnerabilities.

Figure 4 : A lecture covering the various risks and vulnerabilities associated with biometric systems

Figure 5 : Participants observe the biometric testing process, gaining insights into practical evaluation methods.

Day 4: Practical Applications and Laboratory Operations

Module 7: Biometric Testing Laboratory Operations

Best practices and procedures for operating a biometric testing laboratory were the focus of this module. It covered the setup, equipment, and methodologies for conducting biometric tests. Participants learned about the practical aspects of running a laboratory, ensuring they are equipped to manage and execute comprehensive biometric evaluations.

Module 8: Identity Resolutions Training

The final module covered hybrid approaches for identity verification that combine human and automated solutions. Techniques for facial comparison, including holistic and morphological comparisons, were taught. The module also addressed strategies for managing bias and ensuring accurate identity resolution, equipping participants with the skills needed for effective identity verification in real-world scenarios.

Figure 6 : Observation of testing Process for Fingerprint Reader

Figure 7 : A lecture on identity resolution training

Figure 8 : Participant from CSM MySEF

Figure 9 : Participants receive certificates of completion.

These training arrangements ensured a balanced approach, starting with fundamental concepts and progressing to practical applications. Each day was structured to build on the knowledge gained in the previous sessions, providing a comprehensive understanding of biometric security, quality, risks, vulnerabilities, and practical laboratory operations.

CONCLUSION & RECOMMENDATION

The training on Generating Presentation Attack Instruments (PAIs) for Biometric Modalities was a comprehensive and invaluable experience for all participants. Over the course of four days, attendees gained a deep understanding of biometric security standards, quality management, data analysis, and the latest trends and vulnerabilities in biometric systems. The modules provided a balanced mix of theoretical knowledge and practical applications, ensuring that participants are well-equipped to address the complexities of biometric security. The focus on real-world scenarios and case studies, coupled with hands-on laboratory operations, enhanced the participants’ ability to implement robust biometric security measures. The knowledge gained from this training is crucial for advancing the capabilities of CyberSecurity Malaysia’s MySEF Department in providing technical advisory services to government agencies and supporting the establishment of the RMK12 Biometric Security Evaluation Centre

To maximize the benefits of the training and continue improving biometric security measures, it is recommended that engaging in further training and workshops will help participants stay updated with the latest advancements and emerging threats in biometric security. Continuous education is essential for maintaining a high level of expertise and readiness to tackle new challenges.

The practical techniques and best practices learned during the training should be integrated into the current biometric security evaluation processes. Adopting new standards, quality management practices, and advanced testing methodologies will strengthen the organization’s security framework. Furthermore, establishing and strengthening collaborations with international organizations like BixeLab and other industry leaders can provide ongoing support and access to cutting-edge technologies and methodologies. These partnerships are vital for staying at the forefront of biometric security innovations.

Allocating necessary resources for the implementation of advanced biometric testing laboratories and acquiring state-of-the-art equipment will support the practical application of skills learned during the training and enhance the overall evaluation capabilities of the department. Additionally, developing and updating internal policies and procedures based on the latest standards and best practices covered in the training will ensure that organizational policies align with international standards, thereby enhancing compliance and security.

By following these recommendations, CyberSecurity Malaysia’s MySEF Department can significantly strengthen its biometric security framework, providing robust and reliable services to support national and international biometric security initiatives.

By asha