Fake Fingerprints - Liveness Detection Solutions

By: Brian Rhodes, Published on Oct 19, 2015

One of the biggest concerns with fingerprint readers is how easy they can be fooled. While biometrics are typically more difficult to steal or fake, headlines still break news of fake fingers or stolen prints being used to fool sensors.

For this reason, many access control fingerprint readers include live finger or liveness detection that checks the finger being scanned is authentic.

In this note, we examine the four common methods (tissue reflection, heartbeat detection, dermal electric resistance, unnaturalness analysis), what HID, Morpho and Suprema use and why you need to beware of ambiguous claims.

*** ** *** ******* concerns **** *********** ******* is *** **** **** can ** ******. ***** biometrics *** ********* **** difficult ** ***** ** fake, ********* ***** ***** news ** **** ******* or ****** ****** ***** used ** **** *******.

*** **** ******, **** access ******* *********** ******* include **** ****** ** liveness ********* **** ****** the ****** ***** ******* is *********.

** **** ****, ** examine *** **** ****** ******* (tissue **********, ********* *********, dermal ******** **********, ************* analysis), **** ***, ****** *** Suprema *** *** *** you **** ** ****** of ********* ******.

[***************]

Stealing ************ ** ***** **********

*** **** ***** ** the ******* ** **** while ************ *** ******, they *** ** ****** or **** ******* **********. Throughout *** *****, ******* methods ** ******** ******, by ***************** ******** ** ****** tips, ********** **** ***** *********, *****-**** ******* ** latent ****** [**** ** longer *********], ** **** using ******* ******* **** been ********.

***** *** ****** ** producing ******* ****'* ***** takes **** ****** **** stealing * ****, ***, or ***, *** **** is *** **** - unauthorized ****** **** **** access ** ********* ***** they ** *** ******.  

Four Common *******

***** *********** ****** ************* frequently *** ******** ********* methods, **** ** *** always ******* **** **** are ** *** **** work. ** *******, *** number *** **** ** methods * ************ ******* vary *** ********* **** into **** ********* **********:

  • ****** **********:*** **** ****** ****** (sometimes ****** ************* *******) typically **** ** ***** to ******* *** ********* contrast ** * ******'* skin. **** ****** ****** on *** **** **** normal, ****** **** ******** IR ***** ** * consistent *** **** ***** different ** **** ** covered ** ********* ********. Especially *** ******* ***** sensors, **** ***** ** done ** *** **** time ** *** *********** is '****', ** ***** is ** ***** ****** the ****. 
  • ********* *********: *** ** *** strongest ******* **** * high ******* ******** **** to ****** *** *********, rhythmic ******** ** *********** coursing **** *****. **** impulse *********** ** * beating *****, *** ******* it ******* *** ******** attempt ** *******.  ***** both ******* ** ******** and ******** ***** **** particular ****** *** ** the **** ********* ******* for ************* ** ***.
  • ****** ******** **********:*** ********** **** ** sensors, ******* ***** **** carries * ***** *** consistent ********** **********. ** a ****** ** ********* and *** ****** ** unable ** ******* ******* skin **********, ** ** invalidated. **** ** *** cost ********** ***** ******, this ******** ***** ** common, *** ** *** not ** ******** ** wet ** **** ************ that ****** *** ******* of **** *** ***** in ******.
  • ************* ********: **** ****** ***** ** the *******, ** ** relies ** ******** ****** alone ** ********* ************. This ****** ******** * print ******* ******* *************** of ***** ** ******* *******. ***** ** ****** checks **** *******, ****** or ***** *****, ***** print *****, ** ******** clarity ** *** *****, if *** ******* ** the **** ***** ******* a ******* '*********' *****, the ***** ** *********** as ****.

***** *** **** ****** of ******* ** *** market, * **** ******* Liveness ********* ******* $***, ***** * **** **** layers ******* ******* *** cost *** ****.  *** addition ** ******** ********* is **** *** ****** of ***** ***** **** drive ***** ******, ***** with ****** ****, *********** support, *** ************* *********** of *** ******.

Liveness ******* ****

** ****** *** **** of **** ** ******* prints, **** ********** *********** scanners *** ******* *** checks ** ******* **** are real.  ***** ** * list ** '******** *********' or '**** ****** *********' on ****** *********** ******* specsheets:

  • ********/*** ******: **** ********* ********* and ****** ********** ** validate ******* *** ****.
  • ******: ********* ** *** reader, ****** **** ****** reflection, ****** **********, ******* up **** ************* ********.
  • *******: **** * ****** of ************* ********** ** determine ** ****** *** faked ** *********** ** they *** ******.

** *******, ***** ********* implement **** **** * single ****** ** **** on *******- * *** point ** ******** *** wide ***** ** ********* fake/spoofed ***** ********.  

Beware ******** ******

*** *** '******** *********' methods *** ******* *********. For ******* *****'* ***** ** *** ****** *********** ****** (**** release) ** * ****** fingeprint *****. ***** ******* the ****** **** '******** detection ******** *** **********' (unnaturalness ********) ** ********** models. *******, ******* ***** ****** ****** effective *****, **** ***** ***** updates. ** *** **** of *****'* *********** ******, spoofed ** ***** ****** are ***** * **** with ******** ******* *****.

** *******, ********* ******* that *** ******** *** software **** *** ****** performing (**: *********, ****** Resistance, *** ****** **********). Take **** ** ***** methods ************* **** **** use, *** ** ********-**** (like ************* ********) ** unclear, ** ****.

Comments (7)

Thanks, Brian, for a really informative article.

It would be interesting to hear about hyperspectral's robustness to skin color variations. It seems reasonable that natural variation has been considered and accommodated, without substantially reducing ability to discriminate false presentations. In fact, it would be interesting (and probably more secure) if hyperspectral skin tones added another dimension to the fingerprint signature.

There must be a reasonably wide variation in acceptable conductivity to accommodate routinely varying conditions. Knowing that skin conductivity is relevant, how hard could it be to replicate a static resistance within a dummy finger, or even on a dummy image? Naively, considering that many laserjet inks are conductive, could you print a target resistance by varying print darkness? Who knows what is possible?

For heartbeat, one could print onto a flexible substrate (something like acetate), then glue it onto a bladder such as a balloon. While presenting that image to the reader, one could gently squeeze the bladder slightly more frequently than once per second.

If hyperspectral IR has a reasonable resolution, it seems as if it could be the most difficult to faithfully replicate, and that fingerprint augmentation with hyperspectral signature could even enhance security.

IMHO, one could obtain, at the expense of authorization delay, a higher level of confidence by using a challenge and response mechanism.

Something where the reader would display randomly changing "challenge", like a gesture, that would one mimic in response.

Of course, this is easier said than done, but could be useful since all static biometrics are, if someone is willing to spend enough $, vulnerable to the attack vector of 'fool the sensor'.

IMHO, it is too expensive (and usually affects accuracy) and can be solved by employing other methods. For instance, a couple of possible options:

  • enroll all fingers and request a different one each time or a combination
  • in the same price range it is more efficient (accurate, robust) to use palm vein or iris verification
  • the easiest (and probably the best) way is to use multi-factor authentication (PIN / Card / Fingerprint / Voice / Face)

[Request for Update (Suprema)]

Hi John / Brian,

Check this out: https://www.supremainc.com/en/AccessControl-TimeandAttendance/Biometric/BioStation-A2

Not all fingeprint devices from Suprema are using that advanced feature thought:

BioStation A2 is implementing advanced Live Finger Detection based on:

- Dynamic Pattern Analysis

- Unnaturalness Analysis

- Dual Source Light Imaging

BioStation A2 was tested and compared to nop notch fingerprint vendors as below:

#pushingthelimits

Best regards,

baud

Who would dig up grandma just to look at a bunch of military floppy discs?

Some people just need a hobby...

once again it seems like it comes down to adding layers to decrease risk. all about the how much the customer is willing to spend to protect their assets. 

I guess I should have read the next article before I asked the previous question.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Most Recent Industry Reports

Video Surveillance 101 Course Opened on Dec 12, 2019
IPVM is adding a Video Surveillance 101 course, designed to help those new to the industry to quickly understand the most important terms,...
Verkada Notification Outage on Dec 12, 2019
Verkada is suffering an event notification outage and analytic search failures. Inside, we examine what the issues are, what Verkada told IPVM...
Hikvision DS 2nd Gen Intercom Tested on Dec 12, 2019
With its newest IP intercom, Hikvision proclaims users can 'get full control over an entrance' regardless of where it is installed, home or office...
Honeywell 30 Series Cameras Tested Vs Dahua and Hikvision on Dec 11, 2019
Honeywell has infamously OEMed Dahua and Hikvision for years, but now they have introduced an NDAA-compliant line, the 30 Series, claiming "lower...
"Good Market, Bad Business Models" - Residential Security on Dec 11, 2019
Industry banker John Mack, at his company's annual event, took aim squarely at the problems in the residential security...
IP Camera Browser Support: Who's Broken / Who Works on Dec 10, 2019
For many years, IP cameras depended on ActiveX control, whose security flaws have been known for more than a decade. The good news is that this is...
Acquisitions - Winners and Losers on Dec 10, 2019
Most major manufacturers have been acquired over the last decade. But which have been good deals or not? In this report, we analyze the...
IP Camera Installability Shootout 2019 - Avigilon, Axis, Bosch, Dahua, Hanwha, Hikvision, Uniview, Vivotek on Dec 09, 2019
What are the best and worst cameras to install? Which manufacturers make it the hardest or easiest to install their cameras? We tested 35 total...
Viisights Raises $10 Million, Behavior Analytics Company Profile on Dec 09, 2019
Viisights, an Israeli AI analytics startup marketing "Behavioral Understanding Systems", announced $10 million Series A funding. We spoke to...
Disruptor Wyze Releases Undisruptive Smartlock on Dec 06, 2019
While Wyze has disrupted the consumer IP camera market with ~$20 cameras, its entrance into smart locks is entirely undisruptive. We have...