Fake Fingerprints - Liveness Detection Solutions

By: Brian Rhodes, Published on Oct 19, 2015

One of the biggest concerns with fingerprint readers is how easy they can be fooled. While biometrics are typically more difficult to steal or fake, headlines still break news of fake fingers or stolen prints being used to fool sensors.

For this reason, many access control fingerprint readers include live finger or liveness detection that checks the finger being scanned is authentic.

In this note, we examine the four common methods (tissue reflection, heartbeat detection, dermal electric resistance, unnaturalness analysis), what HID, Morpho and Suprema use and why you need to beware of ambiguous claims.

*** ** *** ******* concerns **** *********** ******* is *** **** **** can ** ******. ***** biometrics *** ********* **** difficult ** ***** ** fake, ********* ***** ***** news ** **** ******* or ****** ****** ***** used ** **** *******.

*** **** ******, **** access ******* *********** ******* include **** ****** ** liveness ********* **** ****** the ****** ***** ******* is *********.

** **** ****, ** examine *** **** ****** ******* (tissue **********, ********* *********, dermal ******** **********, ************* analysis), **** ***, ****** *** Suprema *** *** *** you **** ** ****** of ********* ******.

[***************]

Stealing ************ ** ***** **********

*** **** ***** ** the ******* ** **** while ************ *** ******, they *** ** ****** or **** ******* **********. Throughout *** *****, ******* methods ** ******** ******, by ***************** ******** ** ****** tips, ********** **** ***** *********, *****-**** ******* ** latent ****** [**** ** longer *********], ** **** using ******* ******* **** been ********.

***** *** ****** ** producing ******* ****'* ***** takes **** ****** **** stealing * ****, ***, or ***, *** **** is *** **** - unauthorized ****** **** **** access ** ********* ***** they ** *** ******.  

Four Common *******

***** *********** ****** ************* frequently *** ******** ********* methods, **** ** *** always ******* **** **** are ** *** **** work. ** *******, *** number *** **** ** methods * ************ ******* vary *** ********* **** into **** ********* **********:

  • ****** **********:*** **** ****** ****** (sometimes ****** ************* *******) typically **** ** ***** to ******* *** ********* contrast ** * ******'* skin. **** ****** ****** on *** **** **** normal, ****** **** ******** IR ***** ** * consistent *** **** ***** different ** **** ** covered ** ********* ********. Especially *** ******* ***** sensors, **** ***** ** done ** *** **** time ** *** *********** is '****', ** ***** is ** ***** ****** the ****. 
  • ********* *********: *** ** *** strongest ******* **** * high ******* ******** **** to ****** *** *********, rhythmic ******** ** *********** coursing **** *****. **** impulse *********** ** * beating *****, *** ******* it ******* *** ******** attempt ** *******.  ***** both ******* ** ******** and ******** ***** **** particular ****** *** ** the **** ********* ******* for ************* ** ***.
  • ****** ******** **********:*** ********** **** ** sensors, ******* ***** **** carries * ***** *** consistent ********** **********. ** a ****** ** ********* and *** ****** ** unable ** ******* ******* skin **********, ** ** invalidated. **** ** *** cost ********** ***** ******, this ******** ***** ** common, *** ** *** not ** ******** ** wet ** **** ************ that ****** *** ******* of **** *** ***** in ******.
  • ************* ********: **** ****** ***** ** the *******, ** ** relies ** ******** ****** alone ** ********* ************. This ****** ******** * print ******* ******* *************** of ***** ** ******* *******. ***** ** ****** checks **** *******, ****** or ***** *****, ***** print *****, ** ******** clarity ** *** *****, if *** ******* ** the **** ***** ******* a ******* '*********' *****, the ***** ** *********** as ****.

***** *** **** ****** of ******* ** *** market, * **** ******* Liveness ********* ******* $***, ***** * **** **** layers ******* ******* *** cost *** ****.  *** addition ** ******** ********* is **** *** ****** of ***** ***** **** drive ***** ******, ***** with ****** ****, *********** support, *** ************* *********** of *** ******.

Liveness ******* ****

** ****** *** **** of **** ** ******* prints, **** ********** *********** scanners *** ******* *** checks ** ******* **** are real.  ***** ** * list ** '******** *********' or '**** ****** *********' on ****** *********** ******* specsheets:

  • ********/*** ******: **** ********* ********* and ****** ********** ** validate ******* *** ****.
  • ******: ********* ** *** reader, ****** **** ****** reflection, ****** **********, ******* up **** ************* ********.
  • *******: **** * ****** of ************* ********** ** determine ** ****** *** faked ** *********** ** they *** ******.

** *******, ***** ********* implement **** **** * single ****** ** **** on *******- * *** point ** ******** *** wide ***** ** ********* fake/spoofed ***** ********.  

Beware ******** ******

*** *** '******** *********' methods *** ******* *********. For ******* *****'* ***** ** *** ****** *********** ****** (**** release) ** * ****** fingeprint *****. ***** ******* the ****** **** '******** detection ******** *** **********' (unnaturalness ********) ** ********** models. *******, ******* ***** ****** ****** effective *****, **** ***** ***** updates. ** *** **** of *****'* *********** ******, spoofed ** ***** ****** are ***** * **** with ******** ******* *****.

** *******, ********* ******* that *** ******** *** software **** *** ****** performing (**: *********, ****** Resistance, *** ****** **********). Take **** ** ***** methods ************* **** **** use, *** ** ********-**** (like ************* ********) ** unclear, ** ****.

Comments (7)

Horace Lasell

10/21/15 12:05am

Thanks, Brian, for a really informative article.

It would be interesting to hear about hyperspectral's robustness to skin color variations. It seems reasonable that natural variation has been considered and accommodated, without substantially reducing ability to discriminate false presentations. In fact, it would be interesting (and probably more secure) if hyperspectral skin tones added another dimension to the fingerprint signature.

There must be a reasonably wide variation in acceptable conductivity to accommodate routinely varying conditions. Knowing that skin conductivity is relevant, how hard could it be to replicate a static resistance within a dummy finger, or even on a dummy image? Naively, considering that many laserjet inks are conductive, could you print a target resistance by varying print darkness? Who knows what is possible?

For heartbeat, one could print onto a flexible substrate (something like acetate), then glue it onto a bladder such as a balloon. While presenting that image to the reader, one could gently squeeze the bladder slightly more frequently than once per second.

If hyperspectral IR has a reasonable resolution, it seems as if it could be the most difficult to faithfully replicate, and that fingerprint augmentation with hyperspectral signature could even enhance security.

Undisclosed #1

In reply to Horace Lasell | 10/21/15 12:58am

IMHO, one could obtain, at the expense of authorization delay, a higher level of confidence by using a challenge and response mechanism.

Something where the reader would display randomly changing "challenge", like a gesture, that would one mimic in response.

Of course, this is easier said than done, but could be useful since all static biometrics are, if someone is willing to spend enough $, vulnerable to the attack vector of 'fool the sensor'.

Konstantin Avramenko

10/21/15 01:29am

IMHO, it is too expensive (and usually affects accuracy) and can be solved by employing other methods. For instance, a couple of possible options:

  • enroll all fingers and request a different one each time or a combination
  • in the same price range it is more efficient (accurate, robust) to use palm vein or iris verification
  • the easiest (and probably the best) way is to use multi-factor authentication (PIN / Card / Fingerprint / Voice / Face)
Avatar

Baudouin Genouville

01/18/16 02:56am

[Request for Update (Suprema)]

Hi John / Brian,

Check this out: https://www.supremainc.com/en/AccessControl-TimeandAttendance/Biometric/BioStation-A2

Not all fingeprint devices from Suprema are using that advanced feature thought:

BioStation A2 is implementing advanced Live Finger Detection based on:

- Dynamic Pattern Analysis

- Unnaturalness Analysis

- Dual Source Light Imaging

BioStation A2 was tested and compared to nop notch fingerprint vendors as below:

#pushingthelimits

Best regards,

baud

Keith Beatty

IPVMU Certified | 04/20/17 01:10am

Who would dig up grandma just to look at a bunch of military floppy discs?

Some people just need a hobby...

Justin Dingo

IPVMU Certified | 04/21/17 12:26pm

once again it seems like it comes down to adding layers to decrease risk. all about the how much the customer is willing to spend to protect their assets. 

Alfredo Santiago

ALFREDO'S TELEPHONE SERVICE
10/24/19 06:58am

I guess I should have read the next article before I asked the previous question.

Read this IPVM report for free.

This article is part of IPVM's 6,367 reports, 855 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now

Related Reports

Breaking Into A Facility Using Canned Air Tested on Jan 28, 2020
Access control is supposed to make doors more secure, but a $5 can of compressed air may defeat it. With no special training, intruders can...
Multipoint Door Lock Tutorial on Jan 23, 2020
Despite widespread use, locked doors are notoriously weak at stopping entry, and thousands can be misspent on locks that leave doors quite...
Fingerprints for Access Control Guide on Sep 09, 2019
Users can lose badges, but they never misplace a finger, right? The most common biometric used in access are fingerprints, and it has become one...
Facial Recognition Systems Fail Simple Liveness Detection Test on May 17, 2019
Facial recognition is being widely promoted as a solution to physical access control but we were able to simply spoof 3 systems because they had no...
Door Hinges Guide on Oct 10, 2018
Some of the trickiest access control problems are caused by bad door hinges. From doors not closing right, to locks not locking, worn or warped...
Access Control - Restricted Keys Guide on Mar 15, 2018
Not all doors, even in larger facilities, can justify using electronic access control. And even for doors that do have electronic access control,...
Wrongly Accused Critical Vulnerability for Vivotek on Jul 13, 2017
Vulnerabilities are an increasing branding and business problem for video surveillance manufacturers. However, sometimes vulnerabilities reported...
Biometrics Pros and Cons For Electronic Access Control on Jun 26, 2017
Biometrics has been long sought as an alternative to the security risks of cards, pins and passwords. While biometrics has improved somewhat over...
Anti-Hack Access Card Shields Tested on May 26, 2017
Keeping your access control card information secure is becoming a big priority, especially since cheaper copiers can hack details easily. Multiple...
Alarm Panel Quiz - Honeywell vs DSC vs Bosch And More on Apr 07, 2017
Intrusion panels are hard to identify, are not always clearly labeled, and often look like other printed circuit boards unless you spot telling...

Most Recent Industry Reports

Hikvision Illicitly Uses Back To The Future In Marketing on Jul 03, 2020
NBCUniversal told IPVM that Hikvision UK's ongoing coronavirus marketing campaign using NBCUniversal's assets was not allowed. Hikvision mass...
Verkada: "IPVM Should Never Be Your Source of News" on Jul 02, 2020
Verkada was unhappy with IPVM's recent coverage declaring that reading IPVM is 'not a good look' and that 'IPVM should never be your source of...
Vintra Presents FulcrumAI Face Recognition on Jul 02, 2020
Vintra presented its FulcrumAI face recognition and mask detection offering at the May 2020 IPVM Startups show. Inside this report: A...
Uniview Wrist Temperature Reader Tested on Jul 02, 2020
Uniview is promoting measuring wrist temperatures whereas most others are just offering forehead or inner canthus measurements. But how well does...
Dahua USA Admits Thermal Solutions "Qualify As Medical Devices" on Jul 02, 2020
Dahua USA has issued a press release admitting a controversial point in the industry but an obvious one to the US FDA, that the thermal temperature...
Access Control Online Show - July 2020 - With 40+ Manufacturers - Register Now on Jul 01, 2020
IPVM is excited to announce our July 2020 Access Control Show. With 40+ companies presenting across 4 days, this is a unique opportunity to hear...
Hanwha Face Mask Detection Tested on Jul 01, 2020
Face mask detection or, more specifically lack-of-face-mask detection, is an expanding offering in the midst of coronavirus. Hanwha in partnership...
UK Government Says Fever Cameras "Unsuitable" on Jul 01, 2020
The UK government's medical device regulator, MHRA, told IPVM that fever-seeking thermal cameras are "unsuitable for this purpose" and recommends...
Camera Course Summer 2020 on Jun 30, 2020
This is the only independent surveillance camera course, based on in-depth product and technology testing. Lots of manufacturer training...
Worst Over But Integrators Still Dealing With Coronavirus Problems (June Statistics) on Jun 30, 2020
While numbers of integrators very impacted by Coronavirus continue to drop, most are still moderately dealing with the pandemic's problems, June...