Liveness Detection in Biometric Systems

Introduction   

It has long been held that most biometric systems are capable of detecting liveness in biometric samples. Liveness detection in a biometric system ensures that only "real" fingerprints, facial images, irises, and other characteristics are capable of generating templates for enrollment, verification, and identification. From a security and accountability perspective, requiring a live biometric characteristic makes it difficult for an individual to repudiate that he or she executed a transaction, accessed a secure facility, or applied for a benefit. 

Recent academic and media tests, however, show that with negligible-to-modest effort many leading biometric systems are susceptible to attacks in which fake fingerprints, static facial images, and static iris images can be used successfully as biometric samples. These fraudulent samples are processed by the biometric system to generate templates and to verify enrolled individuals. Methods of attack include fashioning fingerprints from gelatin, superimposing iris images atop human eyes, even breathing on a fingerprint sensor. In the words of C'T magazine, responsible for executing a handful of these successful attacks: "...the products in the versions made available to us were more of the nature of toys than of serious security measures."  

The implications of this demonstrable susceptibility to "spoofing" - defeating a biometric system through fake biometric samples - are as follows. 

Login to access full report Not Registered? Email Password   Forgot your password? By clicking on Login, I agree to the terms and conditions of usage

In addition to our accuracy- and enrollment-focused Comparative Biometric Testing, International Biometric Group performs custom Vulnerability and Penetration Testing of biometric devices and systems. IBG evaluates resistance to spoof attacks, replay attacks, communication attacks, and other attempts to defeat or circumvent biometric systems.