Fake Fingerprints - Liveness Detection Solutions

By: Brian Rhodes, Published on Oct 19, 2015

One of the biggest concerns with fingerprint readers is how easy they can be fooled. While biometrics are typically more difficult to steal or fake, headlines still break news of fake fingers or stolen prints being used to fool sensors.

For this reason, many access control fingerprint readers include live finger or liveness detection that checks the finger being scanned is authentic.

In this note, we examine the four common methods (tissue reflection, heartbeat detection, dermal electric resistance, unnaturalness analysis), what HID, Morpho and Suprema use and why you need to beware of ambiguous claims.

Stealing ************ ** ***** **********

*** **** ***** ** the ******* ** **** while ************ *** ******, they *** ** ****** or **** ******* **********. Throughout *** *****, ******* methods ** ******** ******, by ***************** ******** ** ****** tips, ********** **** ***** *********, *****-**** ******* ** latent ****** [**** ** longer *********], ** **** using ******* ******* **** been ********.

***** *** ****** ** producing ******* ****'* ***** takes **** ****** **** stealing * ****, ***, or ***, *** **** is *** **** - unauthorized ****** **** **** access ** ********* ***** they ** *** ******.  

Four Common *******

***** *********** ****** ************* frequently *** ******** ********* methods, **** ** *** always ******* **** **** are ** *** **** work. ** *******, *** number *** **** ** methods * ************ ******* vary *** ********* **** into **** ********* **********:

  • ****** **********:*** **** ****** ****** (sometimes ****** ************* *******) typically **** ** ***** to ******* *** ********* contrast ** * ******'* skin. **** ****** ****** on *** **** **** normal, ****** **** ******** IR ***** ** * consistent *** **** ***** different ** **** ** covered ** ********* ********. Especially *** ******* ***** sensors, **** ***** ** done ** *** **** time ** *** *********** is '****', ** ***** is ** ***** ****** the ****. 
  • ********* *********: *** ** *** strongest ******* **** * high ******* ******** **** to ****** *** *********, rhythmic ******** ** *********** coursing **** *****. **** impulse *********** ** * beating *****, *** ******* it ******* *** ******** attempt ** *******.  ***** both ******* ** ******** and ******** ***** **** particular ****** *** ** the **** ********* ******* for ************* ** ***.
  • ****** ******** **********:*** ********** **** ** sensors, ******* ***** **** carries * ***** *** consistent ********** **********. ** a ****** ** ********* and *** ****** ** unable ** ******* ******* skin **********, ** ** invalidated. **** ** *** cost ********** ***** ******, this ******** ***** ** common, *** ** *** not ** ******** ** wet ** **** ************ that ****** *** ******* of **** *** ***** in ******.
  • ************* ********: **** ****** ***** ** the *******, ** ** relies ** ******** ****** alone ** ********* ************. This ****** ******** * print ******* ******* *************** of ***** ** ******* *******. ***** ** ****** checks **** *******, ****** or ***** *****, ***** print *****, ** ******** clarity ** *** *****, if *** ******* ** the **** ***** ******* a ******* '*********' *****, the ***** ** *********** as ****.

***** *** **** ****** of ******* ** *** market, * **** ******* Liveness ********* ******* $***, ***** * **** **** layers ******* ******* *** cost *** ****.  *** addition ** ******** ********* is **** *** ****** of ***** ***** **** drive ***** ******, ***** with ****** ****, *********** support, *** ************* *********** of *** ******.

Liveness ******* ****

** ****** *** **** of **** ** ******* prints, **** ********** *********** scanners *** ******* *** checks ** ******* **** are real.  ***** ** * list ** '******** *********' or '**** ****** *********' on ****** *********** ******* specsheets:

  • ********/*** ******: **** ********* ********* and ****** ********** ** validate ******* *** ****.
  • ******: ********* ** *** reader, ****** **** ****** reflection, ****** **********, ******* up **** ************* ********.
  • *******: **** * ****** of ************* ********** ** determine ** ****** *** faked ** *********** ** they *** ******.

** *******, ***** ********* implement **** **** * single ****** ** **** on *******- * *** point ** ******** *** wide ***** ** ********* fake/spoofed ***** ********.  

Beware ******** ******

*** *** '******** *********' methods *** ******* *********. For ******* *****'* ***** ** *** ****** *********** ****** (**** release) ** * ****** fingeprint *****. ***** ******* the ****** **** '******** detection ******** *** **********' (unnaturalness ********) ** ********** models. *******, ******* ***** ****** ****** effective *****, **** ***** ***** updates. ** *** **** of *****'* *********** ******, spoofed ** ***** ****** are ***** * **** with ******** ******* *****.

** *******, ********* ******* that *** ******** *** software **** *** ****** performing (**: *********, ****** Resistance, *** ****** **********). Take **** ** ***** methods ************* **** **** use, *** ** ********-**** (like ************* ********) ** unclear, ** ****.

Comments (8)

Thanks, Brian, for a really informative article.

It would be interesting to hear about hyperspectral's robustness to skin color variations. It seems reasonable that natural variation has been considered and accommodated, without substantially reducing ability to discriminate false presentations. In fact, it would be interesting (and probably more secure) if hyperspectral skin tones added another dimension to the fingerprint signature.

There must be a reasonably wide variation in acceptable conductivity to accommodate routinely varying conditions. Knowing that skin conductivity is relevant, how hard could it be to replicate a static resistance within a dummy finger, or even on a dummy image? Naively, considering that many laserjet inks are conductive, could you print a target resistance by varying print darkness? Who knows what is possible?

For heartbeat, one could print onto a flexible substrate (something like acetate), then glue it onto a bladder such as a balloon. While presenting that image to the reader, one could gently squeeze the bladder slightly more frequently than once per second.

If hyperspectral IR has a reasonable resolution, it seems as if it could be the most difficult to faithfully replicate, and that fingerprint augmentation with hyperspectral signature could even enhance security.

IMHO, one could obtain, at the expense of authorization delay, a higher level of confidence by using a challenge and response mechanism.

Something where the reader would display randomly changing "challenge", like a gesture, that would one mimic in response.

Of course, this is easier said than done, but could be useful since all static biometrics are, if someone is willing to spend enough $, vulnerable to the attack vector of 'fool the sensor'.

IMHO, it is too expensive (and usually affects accuracy) and can be solved by employing other methods. For instance, a couple of possible options:

  • enroll all fingers and request a different one each time or a combination
  • in the same price range it is more efficient (accurate, robust) to use palm vein or iris verification
  • the easiest (and probably the best) way is to use multi-factor authentication (PIN / Card / Fingerprint / Voice / Face)

[Request for Update (Suprema)]

Hi John / Brian,

Check this out: https://www.supremainc.com/en/AccessControl-TimeandAttendance/Biometric/BioStation-A2

Not all fingeprint devices from Suprema are using that advanced feature thought:

BioStation A2 is implementing advanced Live Finger Detection based on:

- Dynamic Pattern Analysis

- Unnaturalness Analysis

- Dual Source Light Imaging

BioStation A2 was tested and compared to nop notch fingerprint vendors as below:

#pushingthelimits

Best regards,

baud

Who would dig up grandma just to look at a bunch of military floppy discs?

Some people just need a hobby...

once again it seems like it comes down to adding layers to decrease risk. all about the how much the customer is willing to spend to protect their assets. 

I guess I should have read the next article before I asked the previous question.

Great article

Read this IPVM report for free.

This article is part of IPVM's 6,530 reports, 880 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now

Related Reports

Anixter Runs Fake Coronavirus Marketing Using Shutterstock Watermarked Images on Jul 24, 2020
Coronavirus faked marketing is regrettably commonplace right now but Anixter...
Bias In Facial Recognition Varies By Country, NIST Report Shows on Jul 15, 2020
While many argue that face recognition is inherently racist, results from one...
Keypads For Access Control Tutorial on Jul 28, 2020
Keypad readers present huge risks to even the best access systems. If...
Directory of 206 "Fever" Camera Suppliers on Aug 04, 2020
This directory provides a list of "Fever" scanning thermal camera providers...
Door Fundamentals For Access Control Guide on Aug 24, 2020
Doors vary greatly in how difficult and costly it is to add electronic access...
FLIR A Series Temperature Screening Cameras Tested on Jun 04, 2020
FLIR is one of the biggest names in thermal and one of the most conservative....
Forced Door Alarms For Access Control Tutorial on Aug 17, 2020
One of the most important access control alarms is also often ignored....
Beware Rigged China Fever Cameras on Sep 08, 2020
Many China fever camera manufacturers have rigged algorithms dynamically...
The Problem With Fever Detecting Thermal Sunglasses on Apr 15, 2020
While the media has promoted using thermal sunglasses to detect fevers, this...
Actual Coronavirus Testing Options Examined on Aug 13, 2020
Fever cameras have emerged as an indirect and flawed way to test for...
Spectron IR Thermal Fever Screening System Examined on Apr 14, 2020
Most are quick to avoid "fever screening" and "medical" labels, but...
Free Online NFPA, IBC, and ADA Codes and Standards 2020 on Sep 03, 2020
Finding applicable codes for security work can be a costly task, with printed...
Face Detection Shootout - Dahua, Hanwha, Hikvision, Uniview, Vivotek on Jul 30, 2020
Face detection analytics are available from a number of manufactures...
Faked Convergint Fever Camera 'Expert' Marketing on Jun 16, 2020
Convergint touts they are "THERMAL CAMERA SOLUTION EXPERTS" while faking...
TVT / InVid Facial Recognition Tested on Mar 25, 2020
Facial recognition is frequently sold for thousands of dollars per channel...

Recent Reports

IP Networking Course Fall 2020 - Last Chance - Register Now on Sep 23, 2020
Today is the last chance to register for the only IP networking course...
Norway Ethics Councils Finds Hikvision Human Rights Abuses "Ongoing" on Sep 23, 2020
Hikvision's involvement in "serious human rights abuse" in Xinjiang is...
IPVM Camera Calculator User Manual / Guide on Sep 23, 2020
Learn how to use the IPVM Camera Calculator (updated for Version 3.1). The...
Installation Course Fall 2020 - Save $50 - Last Chance on Sep 22, 2020
Today is your last chance to save $50 on registration for the Fall 2020 Video...
SimpliSafe Business Security Launched Examined on Sep 22, 2020
SimpliSafe has launched "SimpliSafe Business Security" that the company...
FLIR CEO: Many New Fever Entrants "Making Claims That The Science Just Won't Support" on Sep 22, 2020
FLIR's CEO joins a growing number calling out risks with fever / screening...
China Bems Temperature Measurement Terminal Tested on Sep 22, 2020
Guangzhou Bems (brand Benshi) is the manufacturer behind temperature...
Axis Exports To China Police Criticized By Amnesty International on Sep 21, 2020
Axis Communications and other EU surveillance providers are under fire from...
Milestone XProtect on AWS Tested on Sep 21, 2020
Milestone finally launched multiple cloud solutions in 2020, taking a...
Mobile Access Control Usage Statistics 2020 on Sep 21, 2020
Most smartphones can be used as access control credentials, but how...
Axis Compares Fever Camera Sellers to 9/11 on Sep 18, 2020
Axis Communications, the West's largest surveillance camera manufacturer, has...
Avigilon Elevated Temperature Detection Camera Tested on Sep 17, 2020
Avigilon has entered the temperature screening market with the release of...
Chilean Official Investigated for Motorola And Hikvision Contracts on Sep 17, 2020
A corruption investigation is underway in Chile after a crime prevention...
Huawei HiSilicon Production Shut Down on Sep 17, 2020
Huawei HiSilicon chips are no longer being manufactured or supplied to...
Virtual ISC West and GSX+ Exhibiting Contrasted on Sep 17, 2020
Both ISC West and ASIS GSX are going virtual this year, just weeks apart, but...