Spoofing Biometrics is Possible
Debesh Choudhury, PhD
Information Security Researcher, Academician, Entrepreneur | Password & Cybersecurity, Digital Identity, Biometrics Limit, 3D Education | Linux Trainer | Writer | Podcast Host
Biometrics is a technique used for identification and authentication of humans using physiological and behavioral traits, such as face, fingerprint, iris, voice, walking style etc. Face, fingerprint and iris recognition have been widely accepted for applications in user authentication and personal identification. A question surfaces around the vulnerability: How safe and secure biometric recognition technology is?
If the biometric data are stolen or hacked?
The biometric database may be leaked or stolen, as in case of Aadhaar project in India. Then, each and every biometric signature in that database are in the hands of the criminals. They can make use of that data. They can try to create duplicate biometric objects for use.
Duplicate fingerprints created on thumb like objects can be used to fake as real thumb
The high resolution pictures of fingerprints can be utilized to synthesize artificial thumb like objects made up of rubber with exact copy of the 3D fingerprints. Not only that, the rubber thumbs can also be equipped with an electronic vibrator that can pass the liveness sensor of the fingerprint sensors. Thumb cloning is such an easy task that students in an Indian academic institute reported to use cloned thumbs to cheat the fingerprint recognition system for recording class attendance.
Face images may easily be grabbed / stolen from the social media
Face images are abundantly available in the social media. So criminals don't need any special trick to hack face images. Face images may also be captured remotely from public places. Even a 3D face shape may also be sensed and reconstructed from suitably captured multiple face images The stolen face images and 3D printed face mask may be used to beat the face recognition systems. Reports show that it is indeed possible to break the face recognition tests. Security researchers used 3D face musk to crack the 3D face ID of iPhone X.
Iris images may be extracted from HD images of faces for spoofing
It has been shown by a security researcher that high resolution prints of face images can give optimum resolution of iris images sufficient for spoofing iris recognition systems. Samsung Galaxy S8 iris scanner has been defeated by a group of German hackers. Here an artificial eye is created using a print of the eye and a contact lens, which is used to match the curvature of the eye. So, iris recognition system may easily be fooled by faking iris images.
Are the behavioral biometric traits safe and secure?
The behavioral biometrics, such as voice and speaker recognition systems, may appear as safe. But research reports say that mimicry attacks may act as threats to voice and speaker recognition.
So how to make spoofing proof biometrics? This is a hot question among the biometrics circle around the world. The solution to the biometrics vulnerability is not easy. The solution is still in the research labs. Commercial biometrics with a fool proof anti spoofing seems to be quite far away.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
I am Debesh Choudhury and you can see my LinkedIn blog page here. My current research focuses on Biometric Security and Privacy Protection. You can give me a connection invite, follow me on Twitter and Facebook or beBee.
Here are some other posts I authored:
- Privacy protection could have saved Aadhaar data breach
- Data Protection is a Big Challenge
- Why "Microsoft Loves Linux"?
- Why GNU/Linux is not Accepted by the Academic Community
- Unix-like Operating Systems are Safer to Malware and Virus Attacks
- Why Google and Microsoft Run after Glass and Lens?
- Power of a LinkedIn Connection
- Best Solution to Software Virus
- Need 15 Tips to Eat a Biscuit?
In June 2015, Dr. Jeffrey Strickland and I founded a new LinkedIn Group called "The Unfluencers". To learn about the history of "The Unfluencers" please read the seminal LinkedIn article by Dr. Jeffrey Strickland entitled -- "Who are the Unfluencers". This group is an open group. You are welcome to join this group and engage yourself in the discussions. The Unfluencer?? Logo is a registered trademark of Dr. Jeffrey Strickland.
Text Copyright ? 2018 Debesh Choudhury— All Rights Reserved
----------------------------------------------------------
Debesh Choudhury is an academician and researcher. He is interested in the science and engineering of optics and electronics. He uses GNU/Linux, Free and Open Source Software for all his works related to computers, be it educational or entertainment, professional or personal.
#Biometrics #Faking #Spoofing #DebeshChoudhury
ITIL 4 Master, Accredited Trainer
6 年Thanks for sharing, very interesting read.
Information Security Researcher, Academician, Entrepreneur | Password & Cybersecurity, Digital Identity, Biometrics Limit, 3D Education | Linux Trainer | Writer | Podcast Host
6 年"Visa launches New Zealand security roadmap as country’s supermarkets implement facial recognition" https://lnkd.in/fvewWpK What safety VISA provides to prevent biometric spoofing?
Sales and Business at Shiva Industries
6 年Thanks sir for sharing this important information. This is the time to go into the discussion of all these points and implementing the layers for security purposes.
Information Security Researcher, Academician, Entrepreneur | Password & Cybersecurity, Digital Identity, Biometrics Limit, 3D Education | Linux Trainer | Writer | Podcast Host
6 年CC: Joe Kwon