After a lovely 20 hour flight from Brisbane, with stop-overs at every corner of the globe (it seemed), I arrived in Antwerp for the eight annual Interspeech conference. The Interspeech conferences replace the Eurospeech and ICSLP conferences, which used to alternate year-by-year. It is now considered taboo to mention these earlier names, as it is just Interspeech – at least this is what we were told at the welcome lecture.

Although speech is a fairly focussed area of signal processing, there is still a lot of topics that can be covered under Interspeech’s umbrella, and some of them weren’t of much interest to me. However, I did manage to attend a number of sessions on most of the 5 days of the conference. I was a little dissapointed that my area of research, multi-modal speech processing, had it’s only oral and poster session on at the same time!. That was quite annoying, but I did manage to see most of both sessions, even though I was presenting an oral in one of them. In particular I found some of the research into recognising speech with infrared sensors by Bo Zhu at MIT interesting.

The social program of Interspeech was quite nice, with lots of free food and Belgium beer available at various social events on most of the nights of the conference. Entrance to the Antwerp Zoo, next door to the conference venue, was also included in the conference registration, although all those animals in such a small area seemed a little sad to me.

On the final day of the Interspeech conference, I had to pack my bags and catch a hour or so train to Tilberg, Netherlands where I could catch an expensive taxi to Kasteel Groenendael in Hilvarenbeek for AVSP 2007. It probably would have been nice if AVSP had arranged a shuttle bus, as the taxi to Hilvarenbeek cost more than the train trip from Belgium, although I did get to share the cost with some other attendees on the way back.

The AVSP 2007 conference was a small workshop style conference specifically devoted to my area of research, although it does focus on human perception as well as automatic, which is more my style. I got to see a lot of interesting research at the AVSP workshop, although did seem to be a little perception heavy. However, I found the studies of how humans do what I am trying to perform with computers provided a good perspective on my research that I don’t normally encounter. Although even further away from my area of research, I found invited speaker Asif Ghazanfar’s talk on speech perception in monkeys (that is monkey-speech perception) to be very well presented and quite interesting.

Kasteel Groenendael is Philip Electronic’s executive training centre just outside the small village on Hilvarenbeek. Seeing what their executive training centre is like, I don’t think I’d mind working for Philips. Everything was provided for us at the workshop, and I’d probably even say it was worth loosing my weekend. I also got to meet and discuss research with a lot of interesting people over breakfast, lunch and dinner over the two days, and I hope to keep in touch with many of them.

Finally, I’d like to thank QUT and ASSTA for supplying the funding to travel to Europe and attend these conferences.

The MMUA workshops were focused on using multiple modalities for authenticating subjects. Some of the examples of modalities used for authentication were 2D and 3D face, speech, ear, gait and even heart noise. In particular the invited conferences by Kevin Bowyer and Mark Nixon were very interesting. Because of the single track and the small number of participants of the workshop (there were only 24 papers presented) I had a great opportunity to keep up-to-date with current research without having to worry about prioritizing competing tracks as I would at a larger conference. Along with the invited conferences, there were two orals and one poster session on each of the two days of the conference. A fellow researcher from QUT, Chris McCool presented an oral on the first day and I presented my oral “An Examination of Audio-Visual Fused HMMs for Speaker Recognition” on the second and final day of the workshop.

MMUA was held at Institut de Recherche en Informatique de Toulouse located at University Paul Sabatier a few kilometres out of Toulouse, France. We were provided food during the days and sitting at the same table as Kevin Bowyer and Mark Nixon (see above) over lunch lead to some really interesting discussions about where biometrics (single or multimodal) are heading in research and commercial implementation. The ability to have lengthy discussions with the keynote speakers over lunch really shows the benefit of a workshop over a large conference (Don’t worry, I’ll get on to ICASSP soon). MMUA also sent us on a canal/river cruise of Toulouse, which was quite nice, and gave another opportunity to talk to fellow researchers.

I found attending the MMUA workshop a very useful experience for myself and my research, and the intimacy of the event allowed my to receive good feedback on my research. The only real downside was that the university was not convenient to downtown Toulouse, and although the organisers provided a bus to the university and back on the first day, they did not provide a bus to leave on the final day, and we had to work out the public transport to get back to our hotel.

After MMUA had finished, and after a weekend of seeing the sights in Toulouse, I attended ICASSP 2006. It was quite a contrast. ICASSP is the largest technical signal processing conference in the world, and there were at least a dozen simultaneous oral and poster sessions at any one time. The main difficulty of a large conference like ICASSP is deciding which lecture to go to for each session. I was not presenting a paper at ICASSP myself, but another QUT researcher, Robbie Vogt did present a poster. While there was only one session directly related to my research area (being multimodal speaker authentication), I found that many of the speaker recognition sessions helped me get a broader background view on current research in my area.

Toulouse itself was a very nice city to visit, although the 21:30 sunsets were a bit difficult to get used to for a Queenslander. One of the nice things about Toulouse was that the downtown area had no tall buildings which made it feel more like a small town than the fourth largest city in France.

Finally, I would like to thank ASSTA for providing me with a travel scholarship to help fund my trip.

Digital Persona would not comment on why Microsoft may have turned off the product’s encryption capabilities, but one company official said that this decision is unlikely to affect the security of its users.

“The fact that they turned the encryption off, I would argue, does not in a practical sense open up any security holes,” says Chief Technology Officer Vance Bjorn. “Even with the encryption off, you’re going to have to basically have physical access to the person’s machine to crack into it.”

I agree with him, but only because I think fingerprint readers are useless even with encryption. But, isn’t stopping people with physical access to your computer the entire point of a fingerprint reader.

Link. [thanks Engadget]

The device – which looks like small computer mouse with two metal contacts, when touched for a few seconds using one finger from each hand to complete the circuit, measures several factors in the heartbeat to record the “biodynamic signature” – a combination of electrical signals from the heart and central nervous system. The sensors measure these signals, run them through an algorithm on a computer and create a digital representation of the signature.

Link [thanks DRM News Blog].

Cancelable biometrics refers to a way of designing a biometric system such that the stored templates cannot be converted back into the raw biometric data. The idea is that at some point in the registration process a transformation is applied to the image, the features extracted from the image, or even to the users template/model and the recognition process is performed using the transformed data. For good security the transformation should probably be one-way and the raw biometric image/data should be thrown away.

This way if by nefarious (or plain incompetent) means, someone bad gets access to the templates, they shouldn’t be able to be able to re-create the raw biometric data for the purposes of somehow fooling the system.

Of course, there are a few caveats to this still.

1. You need to trust the people who are capturing the raw biometric data (taking your mugshot, scanning your fingerprints, etc.) as they could easily keep the raw data, which could then be compromisd through the same nefarious or incompetent means above.
2. You are still well and truly stuffed if someone does get access to you raw biometric data (ie. takes a photo of you) through other means, because someone will find a way to fool the system if they know what it expects to see. Repeat after me: Biometrics are not secret. Biometrics cannot be secret. Remember that.

There was also a news article on cancelable biometrics (it inspired me to write this), but I don’t think it is very well written, especially this part:

The original image isn’t stored anywhere. And even if hackers could obtain the altered biometric, it would be of limited use as long as individual organizations maintained their own formulas for transforming images before scanning.

Therein lies the real advantage of the method. While a standard biometric can’t be torn up and reissued like a credit card or password — since it’s based on unchanging aspects of a person’s physical appearance — distortion makes that possible. A bank or an office building that had its biometrics compromised could register new ones simply by changing the way it transforms images.

That’s why IBM calls this “cancelable biometrics.”

Now it’s possible that what I’m talking about here and “Cancelable Biometrics” are actually not the same thing. But, anyway: To compromise the system above (assuming I have the altered biometric data) I still need to reconstruct the original biometric to present to the scanner, yes? Am I missing something? Just having access to the altered biometric is akin to having access to a users password hash, but not their password.

Now if I can easily reverse the alteration — which it seems I would have to do to compromise the system — then I have a non-altered biometric and assuming I could fool the scanners with it, I could get into the system no matter what they changed the new alteration to. I could also get into any other system the victim uses the biometric to access (once again asuming I could fool the scanners).

But maybe I’m wrong. Maybe they can cut off the compromised user “by changing the way [they transform] images.” I hope they only have a few compromised users, because getting everyone to register their biometrics again on Monday morning will be a giant pain (remember, “the original image isn’t stored anywhere”).

Biometrics are not secret. Biometrics cannot be secret.

You may remember that you can use a bic pen to open bicycle locks, well now you can use a small roll of cardboard to open laptop locks (7.5 MB video link).

On another security related issue, here is a short how-to on faking fingerprints, also found on boing boing. The don’t seem to go on to actually test their fake fingerprint however, so Dan’s still got them beat.

Pride believes the move to fingerprint biometrics makes it more convenient for customers who need not worry about lost keys.

Yeah, lets just start handing out our biometric information to anyone in the name of convenience. This just means that the security of any one application is only as good as the worst one using the same biometric.

The new system features face-recognition technology for camera-enabled cell phones and other devices as an alternative to passwords or fingerprint scanners for security and access control. However, as mobile units enabled with the ‘OKAO Vision Face Recognition Sensor’ require no additional hardware, ‘OKAO’ technology offers a biometric security software solution at a reduced cost.