The following post was written by Shaon Shahnewaz, Senior Executive in our Business Development & Interactive Marketing Department
Should we be wary of leaving our fingerprints behind? Circumventing biometric security access by spoofing the system – is turning from science-fiction to reality.
There have been times where we have seen in sci-fi movies that thieves are copying and spoofing biometric identification management systems to gain unauthorized access to valuable information. Extracting eyeballs, and lifting fingerprints to create rubber molds to successfully fool a biometric recognition hardware device in the movies that might look like a cool thing to do, but have you thought about the implications of it in real life? What if, for example, someone right now is trying to copy your biometric information and using it to spoof a biometric system to access your bank account?
What is Spoofing?
Biometric spoofing is a method of fooling a biometric identification management system, where an artificial object (like a fingerprint mold made of silicon) is presented to the biometric scanner that imitates the unique biological properties of a person which the system is designed to measure, so that the system will not be able to distinguish the artifact from the real biological target.
Are Biometric Characteristics Private?
Biometric spoofing is a growing concern. We leave fingerprints everywhere in our day to day lives, so the chance of someone lifting them and copying them is real. Currently it’s only researchers that are doing spoofing and copying for testing purposes and it is not a mainstream activity–but it could be soon as more businesses and governments around the world adopt biometrics for identification management. Many people are trying to classify biometric physiological characteristics as secret, but they aren’t. Our faces and irises are visible to everyone and our voices can be recorded. Fingerprints and DNA are left everywhere we go and it’s been proved that these are real threats to be replicated for the purpose of spoofing biometric systems.
Biometric Deployment Risks with Spoofing
Like any other security technology, biometrics has inherent weaknesses that can potentially compromise the security of a system. Susceptibility to spoofing attacks is just one of them. The implication of a biometric device’s susceptibility to spoofing attacks includes:
- Artificial objects being used to mount attacks against existing enrollments in order to gain unauthorized access to the resources protected by the biometric system.
- Artificial objects being used to authenticate thus fraudulently associating an audit trail with an unwitting individual.
- Artificial objects being used to enroll in a biometric system and then delegating these objects across multiple individuals, undermining the integrity of the entire system.
- An individual may repudiate transactions associated with his account or enrollment – claiming instead that they are the result of attacks – due to the inability of the biometric system to ensure liveness detection.
What’s the Solution?
Academic and industry experts have been researching methods to counter the threat of physical spoofing of biometric samples. In particular, various liveness detection methods have been conceived and implemented in some devices. Liveness detection is defined as biometric hardware devices that have the ability to look beyond the surface of the skin and can discriminate between the features of live skin and copies of those features in a fraction of a second. However, as every man made solution can be defeated, efforts to enhance and improve liveness detection remain a work in progress.
Recently our researchers here at M2SYS Technology developed a “smart” biometric finger scanner named M2-FuseID™, which is capable of distinguishing fingerprints made of artificial objects from a live fingerprint. The liveness detection technology they have introduced for this is among the most sophisticated in the world. Our researchers have designed the M2-FuseID™ “smart” finger scanner by including an extra liveness detection finger vein sensor just beside the regular fingerprint sensor in this advanced fingerprint reader. This advanced sensor can measure the liveness of the finger veins by identifying the presence of a live blood flow to detect whether the object it’s scanning for fingerprints is artificial or a real finger.
Benefits of Adopting a Liveness Detection System with M2-FuseID™
Our M2-FuseID™ smart fingerprint device with sophisticated liveness detection helps to minimize the risk against spoofing in the following manner:
- It simultaneously looks at and beneath the skin surface for live blood flow in the veins of the finger.
- Protects against fake and spoofed fingerprints.
- Provides protection from published and unpublished finger copying methods.
- Adaptable against future spoof threats.
Although biometric authentication devices can be susceptible to spoofing attacks, different anti-spoofing techniques can be developed and implemented that may significantly raise the level of difficulty of such attacks. Our M2-FuseID™reader with advanced liveness detection identifies the individual being scanned as alive or fake in fingerprint biometric security systems. It has all the potential to enhance security, reliability, and effectiveness of a biometric system and protect against unauthorized access.