Aliveness detection / La détection du vivant


Introduction

Alivenes detection, liveliness, cut finger, dead finger, fake finger, spoofing sensors, attacks... if you are here, this is because you want to know more about all these topics.

Up to now, I've been able to break any fingerprint sensor system, likely thanks to my knowledge about physics related to sensors, and also because there is not very much aliveness detection systems in fingerprint sensors. It must be changed in the future, it has to be changed, security must be increased so that it will be extremely expensive to break a system, and so it does not worth the effort -as for every security system-.

If you came here to get some recipes, forget it. At best, you will find links to reference papers about this topic, from people generally proposing counter-measures.

BTW, for more information, I wrote some articles in the Encyclopedia of Biometrics:

You will find also some information in the myths, from a provocative point of view.


Also, for those discovering this topic, this is NOT a new topic. James Bond was already making fake fingers in 1971 (yes, 1971, Diamonds are forever). And with one of the most difficult situations to detect: there is a true finger behind the fake!


James Bond and fake fingers

Basics

First of all, remember that proving that you are living is not enough. What is desired is to prove that:

This is impossible (up to now): you can’t read a person’s mind. Having some form of aliveness detection is not enough!


Security

You need to place the problem inside the whole security problem, so I invite you to have a look at the security basics of a biometric system.


Compromised biometric trait

There is a myth about revocation or compromised biometrics: if someone steals your biometric traits (copy), then you cannot use it again. Only people with their mind stick to the password concept still believe that, and aliveness detection is the answer to this problem: if you show your biometric trait, and prove that it is still connected to your mind, then compromised biometric trait is no more a problem.


Fake detection levels

We can define some detection levels, depending on the difficulty to spoof a system. Several proposals about this exist, but well, it is always around this. I'm taking the case of fingerprint sensors because it is pretty easy to explain and to understand, but you can transpose to any biometric trait with more or less difficulties.

  1. Latent print left on the sensor (zero effort)
  2. Fake/copies:
  3. Original finger:

Developments

Some companies are proposing counter-measures against spoofing. There is also many scientific R&D about aliveness detection in some laboratories, but we have to admit that it is easier to show the defects of a system than proposing something to make them better.

In general, you need to add some more sensors, so it is at the cost of the overall system. At the end, very often and it is a pity, there is no aliveness detection system: people does not want to pay for that (like insurances). This is why it was so easy to spoof the Apple iPhone 5S shortly after its release -not a big deal for people used to this domain.

You will find my own proposal in 2004-2005 for the FingerChip from Atmel, done within the Biosec project.

(2016 Nov) The situation is even worse. This kickstarter project "Taps" proposes some gloves that you can use with the fingerprint sensor of smartphones. For "security" reasons, all "Taps" are different...


Standards

Some standards are developed or under development at the ISO/IEC JTC 1/SC37 Biometrics (as of October 2016):


Conclusion

What Liveness Testing IS:

What Liveness Testing IS NOT:


If man can make it, man can break it!