| Spoofing Fingerprint Devices |
| |
| Sujan Parthnasardhi, Reza Derakhshani, Stephanie Schuckers,
Lawrence Hornak |
| |
| The Biomedical Signal Analysis Laboratory at West Virginia University
has been developing spoofing techniques in order to test a new liveness
algorithm. Our spoofing technique involves a mold made from dental
impression material (combination of type 0 and 3) and casts made from
Play-Doh and clay. These materials are most effective since they are
moisture based and most fingerprint technologies are able to image
them. We enrolled eleven live subjects, formed molds from the eleven
subjects, created six casts from each subject, and attempted to verify
for each cast. Various fingerprint scanners, including capacitive
DC, capacitive AC, optical and opto-electronic technologies, were
tested. All security levels were tested. Results shown here are for
the highest security level (Figure). For certain fingerprint scanners,
most subjects’ casts were able to spoof the system. For all
technologies, at least 3 of 11 subject’s casts were of sufficient
quality to spoof fingerprint devices at least once. It should be noted
that one device was chosen from each technology type. Even though
the specific device manufacturer’s name is withheld, these results
are tests of the entire system from scanner to image processing to
pattern recognition algorithms. Conclusions regarding one technology
over another should not be made, but rather, these tests are a demonstration
that spoofing is possible with a variety of fingerprint devices. In
addition, we also tested cadaver fingers in an attempt to address
the possibility that dismembered fingers could be used to spoof fingerprint
devices. In this method, fourteen cadaver fingers were enrolled and,
if able to enroll, verified six times each. For one device, six cadaver
fingers were not able to enroll. Cadaver fingers were able to be verified
from 40-94% of the time. |
| |
 |
| Figure. Results of verification of Play-Doh molds made from eleven
subjects, each verifying six times. The enrolled image was from the
live finger. |
 |
| Figure. Results of verification of cadaver fingers from 14 subjects,
each verifying 6 times. The enrolled image was from the cadaver finger.
Six cadaver fingers for one device were unable to enroll. |
| |
| Published in Information Security Technical Report 2002. |
