Introduction
Alivenes detection, liveliness, cut finger, dead finger, fake finger, spoofing sensors, presentation attacks... if you are here, this is because you want to know more about all these topics.
Up to now, I've been able to break any fingerprint sensor system, likely thanks to my knowledge about physics related to sensors, and also because there is not very much aliveness detection systems in fingerprint sensors. It must be changed in the future, it has to be changed, security must be increased so that it will be extremely expensive to break a system, and so it does not worth the effort -as for every security system-.
Aliveness detection is around since the last century, the first paper I found is from 1994, and the first product, from 3M, 1996.
If you came here to get some recipes, forget it. At best, you will find links to reference papers about this topic, from people generally proposing counter-measures.
Also, for those discovering this topic, this is NOT a new topic. James Bond was already making fake fingers in 1971 (yes, 1971, Diamonds are forever). And with one of the most difficult situations to detect: there is a true finger behind the fake!
Basics
First of all, remember that proving that you are living is not enough. What is desired is to prove that:
- I’m a living person not under threat
- and I agree to make such and such action
This is impossible (up to now): you can’t read a person’s mind. Having some form of aliveness detection is not enough!
Security
You need to place the problem inside the whole security problem, so I invite you to have a look at the security basics of a biometric system.
Compromised biometric trait
There is a myth about revocation or compromised biometrics: if someone steals your biometric traits (copy), then you cannot use it again. Only people with their mind stick to the password concept still believe that, and aliveness detection is the answer to this problem: if you show your biometric trait, and prove that it is still connected to your mind, then compromised biometric trait is no more a problem.
Fake detection levels
We can define some detection levels, depending on the difficulty to spoof a system. Several proposals about this exist, but well, it is always around this. I'm taking the case of fingerprint sensors because it is pretty easy to explain and to understand, but you can transpose to any biometric trait with more or less difficulties.
- Latent print left on the sensor (zero effort)
- Fake/copies:
- Printed fingerprint image
- Fake made of gelatin, latex, or other material
- Thin layer of material glued to a real finger, including real skin cells grown in a laboratory
- Original finger:
- Cut out
- Belonging to a dead person
- Alive person under threat
Easy fake finger?
Is it so easy to create a fake finger? yes and no. It's easy when you have the cooperation of the donnor -it's what you see in those youtube from hackers. You will get more info from my easy fake finger page.
Papers & counter-measures
I have collected old papers related to aliveness detection, and I wrote some articles in the Encyclopedia of Biometrics:
- J.F. Mainguet "Fingerprint Fake Detection" in "Encyclopedia of Biometrics" 2009
- J.F. Mainguet "Fingerprints Hashing" in "Encyclopedia of Biometrics" 2009
- J.F. Mainguet "Anti-spoofing: Fingerprint (Fake Fingers)" in "Encyclopedia of Biometrics" 2014
The oldest product tentative with some counter-measures was the 3M Biosentry ultimate /1996: a fingerprint reader with optical plethysismography AND electrocardiogram.
Some companies are proposing counter-measures against spoofing, proposals coming from laboratories, but we have to admit that it is easier to show the defects of a system than proposing something to make them better. In general, you need to add some more sensors, so it is at the cost of the overall system. At the end, very often and it is a pity, there is no aliveness detection system: people does not want to pay for that (like insurances). This is why it was so easy to spoof the Apple iPhone 5S shortly after its release -not a big deal for people used to this domain.
You will find my own proposal in 2004-2005 for the FingerChip from Atmel, done within the Biosec project.
Movies
There are many movies showing biometric recognition: let's have a look to those with cut fingers or the like.
Diamonds Are Forever (1971) (James Bond)
Les diamants sont éternels
Q supplied Bond with a fake fingerprint.
Demolition man (1993)
Simon Phoenix is escaping, crossing the retinal scan check using Warden's eyeball.Double Team (1997)
Quinn uses a scalpel to slice off a thin layer of fingerprint...The 6th day (2000)
To enter the WEIR building, Adam is using Talia's cut finger.La Tour Montparnasse Infernale (2000)
Safe with 5-finger recognition, so the bad guys cut the hand to open the safe.Die Another Day (2002)
Meurt un autre jour
Bond and Jinx have to go through the door locked by a handprint reader.
Jinx uses a laser to cut off Mr Kill’s arm, so the reader is tricked.
Doom (2005)
DNA access control to the armory. It works better with the cut hand.Shoot'Em Up (2007)
Smith cannot fire with the Hertz's fingerprint protected gun. Smith uses the cut hand.What happened to Monday (2017) Seven Sisters
A bad guy tries to access the flat with an eye in a bag...The Spy Who Dumped Me (2018) L'espion qui m'a larguée
Using the bad guy's finger, who is dead, to access the fingerprint protected smartphone.... cut the finger, later hidden inside a lipstick.
Real world
Cut fingers? Does it really happen? Yes, you will find here some material for your article/paper/blog :
CRUEL ACT: Kumaran showing what is left of his left index finger. — NST picture by Mohd Said Samad.
(2005 Mar) Is this a sign of the maturity of biometrics? Well, to my best knowledge, the very first official case of the use of a body part happened in Malaysia end of March 2005, where a team of carjackers on the prowl in Subang Jaya chopped off part of the left index finger when they realised that the S-Class Mercedes Benz had a security feature which would immobilise the car without his fingerprint.
There is no limit to stupidity: even with a reliable cut finger detection, it is likely that this will happen again, just because "they don't know", at least that it possible to enroll somebody else...
Imagine if it was an iris recognition system, as proposed here!
A man caught while attempting to illegally enter the United States
had his fingerprints altered using skin taken from his foot
in an attempt to foil fingerprint identification systems.
(2006 May) (Office of the United States Attorney / District of Arizona
(www.usdoj.gov/usao/az/press_releases/2006/2006-063(George).pdf))
TUCSON, Ariz. – Marc Terrance George, 41, of Jamaica, was sentenced here today by U.S. District Judge Cindy K. Jorgenson to 13 months in prison, to be followed by deportation, after he pleaded guilty on February 27, 2006 of illegal entry after deportation.
George attempted to enter the U.S. illegally on September 24, 2005 through the Nogales, Ariz. Port of Entry during which time U.S. Customs and Border Protection officers noted that his fingerprints had been surgically replaced with skin from his feet.
George stated that this procedure had been done to “clean” his identity by a doctor in Phoenix."This case demonstrates what extraordinary and drastic measures people will take to enter our country illegally,” stated U.S. Attorney Paul K. Charlton. “It proves as well that our fingerprint identification systems have gained a significant reputation in the criminal world.”
Prior to deportation, George will be extradited to the State of New Jersey to face money laundering charges in state court in that jurisdiction.
The investigation in this case was conducted by U.S. Customs and Border Protection. The prosecution was handled by Danny Roetzel, Assistant U.S. Attorney, District of Arizona, Tucson, Ariz.
(2018 Mar) [Forbes]
Yes, Cops Are Now Opening iPhones With Dead People's Fingerprints
The iPhone 8 uses Apple Touch ID, a fingerprint-based security technology that cops are trying to bypass in various ways. It's legally easier to bypass when the owner is dead, Forbes has learned.
I really like this one:
(2020 Mar) Belarusian man, 53, claims he can unlock a smartphone with his severed thumb which he kept in a freezer after cutting it off in circular saw accident. download mp4 file
Standards & Testing
ISO standards
Some standards are developed at the ISO/IEC JTC 1/SC37 Biometrics:
- (2016) ISO/IEC 30107-1: Information technology -- Biometric presentation attack detection -- Part 1: Framework
- (2017) ISO/IEC 30107-2: Information technology -- Biometric presentation attack detection -- Part 2: Data formats
- (2017) ISO/IEC 30107-3: Information technology -- Biometric presentation attack detection -- Part 3: Testing and reporting
And yes, you have to pay to get them.
FIDO
(2020) FIDO alliance is proposing to certify your biometric device: the Biometric Component Certification done by FIDO Accredited Biometric Laboratories.
- Checking the biometric performances FAR/FRR: 1/10000
- Checking the resistance to spoof: Presentation Attack Detection
I recommend this excellent laboratory: the CEA-Leti ITSEF (CESTI CEA-Leti in french)
- brochure
- Les Défis du CEA #242, L'enjeu de la cybersécurité (Mars/Avril 2021) [local copy for the records]
- Article en ligne: Les R&D du CEA en cybersécurité [copie locale].
Conclusion
What Liveness Testing IS:
- A means to minimize the effectiveness of artificial or simulated biometric specimens and thus improve the security posture of the biometric system.
What Liveness Testing IS NOT:
- A guarantee that the biometric specimen belongs to the authentic live human being.
If man can make it, man can break it!