Aug 19

Fingerprinting Breakthrough: Multispectral Imaging for Liveness and Spoof Detection

Introduction

Biometrics is the automated method of collecting physiological or behavioural characteristics to ascertain the identity of an individual. Biometric data can be used to uniquely distinguish an individual from the entire population. For the biometric system to be reliable and accurate, the collection and storage of biometric data should be secured. There are various points in a biometric system, which if targeted can compromise the overall security of the biometric system.

To identify these points, let us look at the information flow in a biometric system:

  1. The biometric data is presented to a sensor by the person requesting access. This sensor could be a camera to capture facial image or iris, a sensor to scan the fingerprint or a microphone to capture the voice.
  2. In each case, the biometric data is captured and sent to a feature extractor which extracts the salient features of the biometric data. These features could be the minutiae points for a fingerprint and for a face this could be the distance between eyes. This extracted information is called a biometric template and is stored in a template database.
  3. When a user requests access, the matcher compares the newly presented biometric sample to the template stored in the database to make a decision.
Information flow in a biometric systemFigure: Information flow in a biometric system to obtain the final result

What is a spoof attack?

Biometric sensor is the first point in the biometric system which could be prone to a hacker attack. An adversary may present fake biometric data to the sensor such as an artificial finger, a mask over a face or a contact lens on an eye. This is known as a spoof attack.

Security vulnerabilities exist at many points in the capture and processing of the biometric trait. But the most susceptible point is the biometric sensor itself since it is accessible to all the people for the presentation of the biometric data. Cloning of biometric data is also relatively simple which makes the biometric sensor an easy target for hackers. For example, an intruder can acquire the fingerprint impressions lifted from the biometric sensor surface and create a physical artefact like gummy fingers of the biometric trait.

“Liveness” and spoof detection

A spoof is a counterfeit biometric that is used by intruders to mislead the biometric sensor.

When collecting fingerprint biometric data from an individual, latent (hidden or invisible) prints could be left behind on the surface of the biometric sensor. This latent print on the sensor can be reactivated by simply breathing on it. Hackers could also be sinister enough to use a dismembered finger. This is not unlikely as we can recall the incident where Malaysian car thieves cut off the finger of a Mercedes-Benz S-Class owner when attempting to steal the car.

Spoof detection is the process of differentiating a genuine biometric trait obtained from a live person versus from some other fake source using any method. “Liveness” is the act of sensing vitality in the biometric trait such as pulse and is a method of spoof detection.

How are fingerprint sensors spoofed?

Fingerprint sensors are quite vulnerable to spoof attacks. The first attempt to spoof fingerprint sensors was done in the 1920s when an inmate at the Kansas penitentiary used his expertise in photography and engraving to forge latent prints. The latent fingerprint was dusted to reveal and a photograph was taken after increasing contrast. The negative was used to etch the print on a copper plate and lightly greased. This plate could be used to leave counterfeit latent prints on objects. This is just one example of how easy it can be to spoof a biometric sensor used for capturing fingerprint biometric data.

Fingerprinting breakthrough – protection against spoofing using multispectral imaging

In order to capture information-rich fingerprint biometric data, the MSI sensor collects multiple images of the finger under different optical conditions. It captures raw images using different wavelengths of illumination light, different polarization conditions and illumination orientations. Hence, each of these captured raw images contains somewhat different and complementary information about the finger. The different wavelengths penetrate the skin to different depths and are also absorbed differently by the chemical components of the skin. The degree to which the surface and subsurface features contribute to the raw image changes according to the different polarization conditions. Finally, the location and degree to which surface features get accentuated are changed by different illumination orientations.

Multispectral Imaging Operation Principles

In order to capture information-rich fingerprint biometric data, the MSI sensor collects multiple images of the finger under different optical conditions. It captures raw images using different wavelengths of illumination light, different polarization conditions and illumination orientations. Hence, each of these captured raw images contains somewhat different and complementary information about the finger. The different wavelengths penetrate the skin to different depths and are also absorbed differently by the chemical components of the skin. The degree to which the surface and subsurface features contribute to the raw image changes according to the different polarization conditions. Finally, the location and degree to which surface features get accentuated are changed by different illumination orientations.

Optical components of an MSI fingerprint sensorFigure: Major optical components of an MSI fingerprint sensor

In the figure, the lower LED on the right hand side is a polarized LED and the lower LED on the left is a non-polarized LED. The fingerprint rests on the sensor platen. Light from the lower right LED passes through a linear polarizer and then illuminates the finger resting on the platen. Light interacts with the finger and a portion of the light is directed towards the imager through the imaging polarizer. The imaging polarizer is oriented with the illumination polarizer on the right such that light with the same polarization as the illumination light will be substantially attenuated by the polarizer. This drastically reduces the light reflected from the skin surface and accentuates the light that has undergone multiple optical scattering events after penetrating the skin. When the non-polarized LED on the left hand side of the figure is illuminated, the light gets randomly polarized thereby allowing both the surface-reflected light and the deeply penetrating light to pass through the imaging polarizer in equal proportions. Hence, the image that is produced from this non-polarized LED contains a much stronger influence from the surface features of the finger.

Both the illuminating (polarized and non-polarized) LEDs as well as the imaging system are arranged in such a way which avoids any critical-angle phenomena at the platen-air interfaces. This ensures that each illuminator will illuminate the finger and the imager will image the finger irrespective of whether the finger skin is dry, dirty or even in contact with the sensor. This aspect of the MSI imager makes it distinctly different from other conventional fingerprint imaging technologies and also attributes to the robustness of the MSI technique. It is a powerful technique for detecting fingerprint spoofs and shows promising results.

About The Author

Danny Thakkar is Senior Product Manager at Bayometric, one of the leading biometric solution providers in the world. He has helped large organizations like Pepsi, America Cares, Michigan State and many other medium and small businesses achieve their identity management needs. He has been in the Biometric Industry for 10+ years and has extensive experience across public and private sector verticals. Currently, he is chief evangelist for Touch N Go and blogs regularly at www.bayometric.com and www.touchngoid.com.