Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Scientists give biometric security systems the (fake) finger

George Nott | Sept. 25, 2017
Spoof digit can crack the two common types of fingerprint scanners.


Photo via Computerworld Australia. 

Researchers have fabricated a wearable fake fingertip that is able to fool biometric security systems.

The spoof digit end features a number of properties found in human skin, and is being used to test the two main types of fingerprint reader.

Most readers – such as those used to unlock smartphones and currently being trialled at Canberra International Airport – are either optical or capacitive. Optical readers use light rays to capture an image while capacitive use electrical current to create an image.

"This new spoof has the proper mechanical, optical and electrical properties of a human finger. Compared to current fake fingers that only contain one or two of these properties, our new version could prove much more challenging to detect,” said Anil Jain, a biometric expert at Michigan State University who led the team to make the wearable.

The fake fingers were created using conductive silicone, silicone thinner and pigments, cast in a mould.

"What makes our design unique is that it mimics a real finger by incorporating basic properties of human skin," said Jain.

The researchers will use the dummy digit to test the recognition accuracy between different types of readers, which is often poor. For example, if a capacitive reader was used to capture a fingerprint, but an optical fingerprint reader was later used to authenticate that same fingerprint, it's less likely the print will be accurately identified.

By using the new spoof, companies could develop methods to improve the accuracy, the researchers said.

"Given their unique characteristics, we believe our fake fingers will be valuable to the fingerprint recognition community," said Jain. "Consumers need to know their fingerprints and identity are secure, and vendors and designers need to demonstrate to the consumers the technology is not only accurate but also resilient to spoof attacks. It will help motivate designers to build better fingerprint readers and develop robust spoof-detection algorithms."

 

Facing facts

A wide range of smartphone models include a fingerprint scanner, the first being the Toshiba G500 in 2007. The technology found a mass market when Apple introduced Touch ID to the iPhone 5S in 2013 (after buying biometric company AuthenTec for nearly $360 million in 2012).

It was quickly discovered that the Touch ID authentication system, and others, could be defeated using a latex copy of someone's fingerprint, according to a German hacking group.

Fingerprint scanners are commonly used at US airports and in home security locks.

“As fingerprints continue to become a key to access society’s confidential data, social benefits, networks, and buildings, the need to know and quantify fingerprint recognition accuracy is paramount,” Jain added.

 

1  2  Next Page 

Sign up for Computerworld eNewsletters.