Fake Fingerprints - Liveness Detection Solutions

Author: Brian Rhodes, Published on Oct 19, 2015

One of the biggest concerns with fingerprint readers is how easy they can be fooled. While biometrics are typically more difficult to steal or fake, headlines still break news of fake fingers or stolen prints being used to fool sensors.

For this reason, many access control fingerprint readers include live finger or liveness detection that checks the finger being scanned is authentic.

In this note, we examine the four common methods (tissue reflection, heartbeat detection, dermal electric resistance, unnaturalness analysis), what HID, Morpho and Suprema use and why you need to beware of ambiguous claims.

*** ** *** ******* ******** **** *********** ******* ** *** easy **** *** ** ******. ***** ********** *** ********* **** difficult ** ***** ** ****, ********* ***** ***** **** ** fake ******* ** ****** ****** ***** **** ** **** *******.

*** **** ******, **** ****** ******* *********** ******* ******* **** finger ** ******** ********* **** ****** *** ****** ***** ******* is *********.

** **** ****, ** ******* *** **** ****** ******* (****** **********, heartbeat *********, ****** ******** **********, ************* ********), **** ***, ****** *** Suprema *** *** *** *** **** ** ****** ** ********* claims.

[***************]

Stealing ************ ** ***** **********

*** **** ***** ** *** ******* ** **** ***** ************ are ******, **** *** ** ****** ** **** ******* **********. Throughout *** *****, ******* ******* ** ******** ******, ** ***************** ******** ** ****** ****, ********** **** ***** *********,*****-**** ******* ** ****** ******, ** **** ***** ******* ******* **** **** ********.

***** *** ****** ** ********* ******* ****'* ***** ***** **** effort **** ******** * ****, ***, ** ***, *** **** is *** **** - ************ ****** **** **** ****** ** sensitive ***** **** ** *** ******.

Four Common *******

***** *********** ****** ************* ********** *** ******** ********* *******, **** do *** ****** ******* **** **** *** ** *** **** work. ** *******, *** ****** *** **** ** ******* * manufacturer ******* **** *** ********* **** **** **** ********* **********:

****** **********:*** **** ****** ****** (********* ****** ************* *******) ********* **** IR ***** ** ******* *** ********* ******** ** * ******'* skin. **** ****** ****** ** *** **** **** ******, ****** skin ******** ** ***** ** * ********** *** **** ***** different ** **** ** ******* ** ********* ********. ********** *** optical ***** *******, **** ***** ** **** ** *** **** time ** *** *********** ** '****', ** ***** ** ** delay ****** *** ****.
********* *********: *** ** *** ********* ******* **** * **** ******* sampling **** ** ****** *** *********, ******** ******** ** *********** coursing **** *****. **** ******* *********** ** * ******* *****, and ******* ** ******* *** ******** ******* ** *******. ***** both ******* ** ******** *** ******** ***** **** ********** ****** one ** *** **** ********* ******* *** ************* ** ***.
****** ******** **********:*** ********** **** ** *******, ******* ***** **** ******* * small *** ********** ********** **********. ** * ****** ** ********* and *** ****** ** ****** ** ******* ******* **** **********, it ** ***********. **** ** *** **** ********** ***** ******, this ******** ***** ** ******, *** ** *** *** ** reliable ** *** ** **** ************ **** ****** *** ******* of **** *** ***** ** ******.
************* ********: **** ****** ***** ** *** *******, ** ** ****** ** software ****** ***** ** ********* ************. **** ****** ******** * print ******* ******* *************** ** ***** ** ******* *******. ***** ** ****** ****** **** *******, ****** ** ***** edges, ***** ***** *****, ** ******** ******* ** *** *****, if *** ******* ** *** **** ***** ******* * ******* 'authentic' *****, *** ***** ** *********** ** ****.

***** *** **** ****** ** ******* ** *** ******, * unit ******* ******** ********* ******* $***, ***** * **** **** ****** ******* ******* *** **** *** more. *** ******** ** ******** ********* ** **** *** ****** of ***** ***** **** ***** ***** ******, ***** **** ****** type, *********** *******, *** ************* *********** ** *** ******.

Liveness ******* ****

** ****** *** **** ** **** ** ******* ******, **** commercial *********** ******** *** ******* *** ****** ** ******* **** are real. ***** ** * **** ** '******** *********' ** '**** finger *********' ** ****** *********** ******* **********:

********/*** ******: **** ********* ********* *** ****** ********** ** ******** ******* are ****.
******: ********* ** *** ******, ****** **** ****** **********, ****** resistance, ******* ** **** ************* ********.
*******: **** * ****** ** ************* ********** ** ********* ** prints *** ***** ** *********** ** **** *** ******.

** *******, ***** ********* ********* **** **** * ****** ****** at **** ** *******- * *** ***** ** ******** *** wide ***** ** ********* ****/******* ***** ********.

Beware ******** ******

*** *** '******** *********' ******* *** ******* *********. *** ******* *****'* ***** ** *** ****** *********** ****** (**** *******) ** * ****** ********** *****. Apple ******* *** ****** **** '******** ********* ******** *** **********' (unnaturalness ********) ** ********** ******. *******, ******* ***** ****** ****** ********* *****, **** ***** ***** *******. ** *** **** ** *****'* fingerprint ******, ******* ** ***** ****** *** ***** * **** with ******** ******* *****.

** *******, ********* ******* **** *** ******** *** ******** **** are ****** ********** (**: *********, ****** **********, *** ****** **********). Take **** ** ***** ******* ************* **** **** ***, *** if ********-**** (**** ************* ********) ** *******, ** ****.

Comments (6)

Horace Lasell

10/21/15 12:05am

Thanks, Brian, for a really informative article.

It would be interesting to hear about hyperspectral's robustness to skin color variations. It seems reasonable that natural variation has been considered and accommodated, without substantially reducing ability to discriminate false presentations. In fact, it would be interesting (and probably more secure) if hyperspectral skin tones added another dimension to the fingerprint signature.

There must be a reasonably wide variation in acceptable conductivity to accommodate routinely varying conditions. Knowing that skin conductivity is relevant, how hard could it be to replicate a static resistance within a dummy finger, or even on a dummy image? Naively, considering that many laserjet inks are conductive, could you print a target resistance by varying print darkness? Who knows what is possible?

For heartbeat, one could print onto a flexible substrate (something like acetate), then glue it onto a bladder such as a balloon. While presenting that image to the reader, one could gently squeeze the bladder slightly more frequently than once per second.

If hyperspectral IR has a reasonable resolution, it seems as if it could be the most difficult to faithfully replicate, and that fingerprint augmentation with hyperspectral signature could even enhance security.

Undisclosed #1

In reply to Horace Lasell | 10/21/15 12:58am

IMHO, one could obtain, at the expense of authorization delay, a higher level of confidence by using a challenge and response mechanism.

Something where the reader would display randomly changing "challenge", like a gesture, that would one mimic in response.

Of course, this is easier said than done, but could be useful since all static biometrics are, if someone is willing to spend enough $, vulnerable to the attack vector of 'fool the sensor'.

Konstantin Avramenko

10/21/15 01:29am

IMHO, it is too expensive (and usually affects accuracy) and can be solved by employing other methods. For instance, a couple of possible options:

enroll all fingers and request a different one each time or a combination
in the same price range it is more efficient (accurate, robust) to use palm vein or iris verification
the easiest (and probably the best) way is to use multi-factor authentication (PIN / Card / Fingerprint / Voice / Face)

Baudouin Genouville

01/18/16 02:56am

[Request for Update (Suprema)]

Hi John / Brian,

Check this out: https://www.supremainc.com/en/AccessControl-TimeandAttendance/Biometric/BioStation-A2

Not all fingeprint devices from Suprema are using that advanced feature thought:

BioStation A2 is implementing advanced Live Finger Detection based on:

- Dynamic Pattern Analysis

- Unnaturalness Analysis

- Dual Source Light Imaging

BioStation A2 was tested and compared to nop notch fingerprint vendors as below:

#pushingthelimits

Best regards,

baud

Keith Beatty

IPVMU Certified | 04/20/17 01:10am

Who would dig up grandma just to look at a bunch of military floppy discs?

Some people just need a hobby...

Justin Dingo

IPVMU Certified | 04/21/17 12:26pm

once again it seems like it comes down to adding layers to decrease risk. all about the how much the customer is willing to spend to protect their assets.

Login to read this IPVM report.

Why do I need to log in?

IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Most Recent Industry Reports

Casino Security Consultant Carl Lindgren Interview on Mar 26, 2019

For more than 20 years, Carl Lindgren worked as a casino surveillance pro, while being active (and sometimes outspoken) on various online video...

Lenel Favorability Results 2019 on Mar 26, 2019

The positive news for Lenel is that integrators do not dislike them as much as they used to. The negative news for Lenel is that integrators...

9 UK MPs Call Out Hikvision Over Human Rights Violations on Mar 26, 2019

A group of nine MPs in the UK has released a letter calling out Hikvision for its surveillance deals in Xinjiang and Tibet, alleging Hikvision...

Access Control Course Spring 2019 on Mar 26, 2019

The member's price is normally $299, but register early for a $50 discount, for a price of $249. The price covers classes, personal help and...

UTC Interlogix Series 6 Tested on Mar 25, 2019

UTC Interlogix has long been deceptively OEMing Hikvision as our 2017 results show. Now, Interlogix is back with their newest IP camera series,...

Outdoor Camera Installation Guide on Mar 25, 2019

Outdoor camera installation can be fraught with problems. Creating a sturdy and weather tight mount is key for camera performance and longevity,...

Favorite Video Storage / Server Manufacturers 2019 on Mar 25, 2019

189 integrators answered this question: "What is your favorite storage device / server manufacturer for recording video? Why?" In general...

IBM / Genetec Surveillance System Investigated Over Philippines Human Rights Abuses on Mar 22, 2019

A lengthy investigation into an IBM video surveillance project in the Philippines, raising concerns IBM helped local police conduct a bloody...

Eagle Eye Favorability Results 2019 on Mar 21, 2019

Eagle Eye has been the biggest spender in the cloud VMS market including (via their owner) acquiring Brivo for $50 million and CameraManager from...

Large Hospital Security End User Interview on Mar 21, 2019

This large single-state healthcare system consists of many hospitals, and hundreds of health parks, private practices, urgent care facilities, and...