Biometric authentication system provides additional security over traditional methods such as passwords, credentials, but it can also have vulnerabilities. One of the most common forms of attack on biometric system is called “spoofing”, in which one person or program successfully impersonate as another by falsifying data and thereby gaining unauthorized right. Artificial fingers, high resolution iris image, a photograph of the authorized user, or an audio voice recording are examples of spoof attacks against various biometric systems. Moreover, our faces and irises are visible to everyone, and when we talk or use phone driven application, our voice can be recorded. Even our fingerprints and DNA are presented by anything we touch in anywhere we go.
Researchers and institutions have reported that fingerprint and facial recognition systems can be easily spoofed by using fake fingers made of gelatin and a high quality video of a person’s face. It’s proved that there are real threats of spoofing biometric systems. Although biometric-based systems, using fingerprints, iris, facial, recognition, are only just now entering the mainstream, they are expected to be common in the next few years. As soon as they start to be used to protect bank accounts or benefit systems, fraudsters will begin to look for ways of cracking into them, according to Bori Toth, biometric research and advisory lead at Deloitte & Touche. Currently, only researchers and institutions that are doing the spoofing, but soon we need to take serious actions to enhance the biometric security.
Liveness detection can be simply defined as the ability of a biometric system to distinguish the difference between the spoof and a real person. Securing automated and unsupervised biometric system is one of the most critical and most challenging tasks in real world scenarios. There is a variety of ways to detect liveness by utilizing the properties of living body such as: blood flow, precipitation, pulse, blood pressure, thermal, hippus (pupil movement), saccade (eye movement); or by utilizing bodily response to external stimuli that requires user involvement such as: blink the eyes, smile or speak a phrase at a specific time. Recently we’ve seen numerous innovations in anti-spoofing tech, particularly with the advent of new kinds of fingerprint tech to prevent false acceptance and increase security for examples: Apple’s patent Doodle – a method of distinguishing between “push” and “pull” swipes from the finger to capture a larger more comprehensive image of the finger, besides just ridges and valleys; or other patents by Atos IT Solutions and Services for face recognition spoof prevention, etc. Researches and competitions have also been established to set up standards, develop countermeasures to fend off spoofed biometric identifiers, and prime biometric recognition for widespread consumer use around the world such as: Clarkson University’s Center for Identification Technology Research, European Union funded TABULA RASA consortium.
Although biometric authentication systems can be susceptible to spoofing attacks, different sophisticated anti-spoofing technologies can be developed and implemented that may significantly raise the level of difficulty of such attacks. Liveness detection is a key aspect of a robust biometric solution which will enhance security, reliability and effectiveness of the biometric system.