Feature ArticlesSpoofing and Anti-Spoofing Measures
Introduction
Biometric devices have been suggested for use in applications from access to personal computers, automated teller machines, credit card transactions, electronic transactions to access control for airports, nuclear facilities, and border control. Given this diverse array of potential applications, biometric devices have the potential to provide additional security over traditional security means such as passwords, keys, signatures, picture identification, etc. While biometrics may improve security, biometric systems also have vulnerabilities. System vulnerabilities include attacks at the biometric sensor level, replay attacks on the data communication stream, and attacks on the database, among others [1]. This section will focus on the vulnerability of attacks at the sensor level, including the spoof attack or use of an artificial biometric sample to gain unauthorized access. Several recent highly publicized articles which reported on the spoofing vulnerabilities will be described, in addition to spoofing research performed in my laboratory at West Virginia University. Finally, anti-spoofing measures which can be implemented to minimize the risk of an attack will be summarized.
Section snippets
Spoofing Background
Attacks at a biometric sensor level can be divided into several scenarios [2]. Attacks can include forcibly compelling a registered user to verify/identify, presenting a registered deceased person or dismembered body part, using a genetic clone, and introduction of fake biometric samples or spoofing. Several of these scenarios are described below and potential solutions apply to most. Attacks using force and genetic clones are the exception. For attacks using force, this risk exists with
Recent Spoofing Research
The Biomedical Signal Analysis Laboratory at West Virginia University has been developing spoofing techniques in order to test a new liveness algorithm [7]. Our spoofing technique involves a mold made from dental impression material (combination of type 0 and 3) and casts made from Play-Doh and clay. Example images are shown in Figure 1. These materials are most effective since they are moisture based and most fingerprint technologies are able to image them. We enrolled eleven live subjects,
Impact on Biometric Devices
Numerous popular media articles have come out attacking biometric devices based on these published reports. While some have gone so far as to say that these studies have completely discredited the industry and that biometric devices are not useful as security measures, these statements are extreme. While someone could steal and make a copy of my office key to gain unauthorized entry, this does not discredit the use of keys. If anything, studies demonstrating spoofing vulnerability does bring
Anti-Spoofing Measures
As discussed above, there are several types of anti-spoofing techniques that could be used that would make it more difficult to spoof a system. Using passwords or smart cards, enrolling several samples, and supervising the verification process are self-explanatory. Another method for anti-spoofing is the use of multi-modal biometric systems. Multi-modal biometrics is the combination of several biometric types into one biometric system, for example, combining fingerprint recognition with facial
Summary
In summary, although biometric authentication devices can be susceptible to spoof attacks, different anti-spoofing techniques can be developed and implemented that may significantly raise the level of difficulty of such attacks. Anti-spoofing methods include addition of supervision, password, smart card, enrollment of several biometricsamples, multi-modal biometrics, and liveness testing. Applications must be carefully considered before selecting security measures which will achieve the
Acknowledgements
Part of this work was funded by the Center for Identification Technology Research (CITeR), an NSF Industry/University Cooperative Research Center. Special thanks to my colleagues, Lawrence Hornak, Tim Norman, and graduate research assistants, Reza Derakhshani, Sujan Parthnasardi.
References (16)
- NK Ratha, “Enhancing Security and Privacy in Biometrics-Based Authentication Systems,” IBM Systems Journal, v 40, n 3,...
- T Matsumoto, H. Matsumoto, K. Yamada, S. Hoshino, “Impact of Artificial ‘Gummy’ Fingers on Fingerprint Systems”,...
- AJ Mansfield, JL Wayman, “Best Practices in Testing and Reporting Performance of Biometric Devices: Version 2.01”,...
- L Thalheim, J Krissler, “Body Check: Biometric Access Protection Devices and their Programs Put to the Test”, c’t...
- D Willis, M Lee, “Biometrics Under Our Thumb”, Network Computing, June 1,...
- T van der Putte, J Keuning, “Biometrical Fingerprint Recognition: Don’t Get Your Fingers Burned,” Proceedings of the...
- R. Derakhshani, S. Schuckers, L. Hornak, L. O’Gorman, “Determination of Vitality From A Non-Invasive Biomedical...
- Liveness Detection in Biometric Systems, International Biometric Group white paper, Available at...
Cited by (240)
Face anti-spoofing detection based on multi-scale image quality assessment
2022, Image and Vision ComputingRealistic Fingerprint Presentation Attacks Based on an Adversarial Approach
2024, IEEE Transactions on Information Forensics and SecurityLipAuth: Securing Smartphone User Authentication With Lip Motion Patterns
2024, IEEE Internet of Things JournalInternal Structure Attention Network for Fingerprint Presentation Attack Detection From Optical Coherence Tomography
2023, IEEE Transactions on Biometrics, Behavior, and Identity ScienceA survey on face presentation attack detection mechanisms: hitherto and future perspectives
2023, Multimedia Systems