Yijie Shen,Zhe Ma,Feng Lin,Hao Yan,Zhongjie Ba,Li Lu,Wenyao Xu,Kui Ren

DOI: https://doi.org/10.1145/3625687.3625783

2023-01-01

Abstract:Fingerprint recognition has been a vital security guard for various applications whose vulnerability has been explored by different works. However, previous works on spoofing fingerprint recognition rely on prior knowledge (e.g., photos and minutiae) of the target fingerprint, which fails to implement in practical scenarios. In this paper, we design a fingerprint spoofing attack, namely FingerFaker, to explore the vulnerability of fingerprint recognition, which can spoof automated fingerprint recognition systems (AFRSs) without prior knowledge of target fingerprints. Specifically, we propose a novel concept of "pseudo-minutiae-set" as an effective optimization object and design a two-stage scheme to optimize "pseudo-minutiaeset" leveraging a two-factor evolutionary strategy. In addition, we use a GAN-based training strategy with a minutiae loss function to pre-train a fingerprint generator to map a "pseudo-minutiae-set" into a fingerprint. We use 6342 fingerprint images to verify the performance of FingerFaker on spoofing the open-source AFRS, which shows a high attack success rate (ASR) of 97.78%. Meanwhile, we conduct a realistic case study on commercial off-the-shelf (COTS) AFRS, where FingerFaker also shows 94.22% ASR. Finally, we explore the impact of different conditions to guide the attack and propose countermeasures to mitigate the harm.

Aditya Singh Rathore,Yijie Shen,Chenhan Xu,Jacob Snyderman,Jinsong Han,Fan Zhang,Zhengxiong Li,Feng Lin,Wenyao Xu,Kui Ren

DOI: https://doi.org/10.14722/ndss.2022.24082

2022-01-01

Abstract:—How to defend against presentation attacks via artificial fake fingers is a core challenge in fingerprint biometrics. The trade-off among security, usability, and production cost has driven researchers to reach a common standpoint, i.e., integrate the commercial fingerprint technology with anti-spoofing detec- tion (e.g., ridge traits). These anti-spoofing solutions are perceived as sufficiently resilient under the assumption that a fake finger can never closely relate to a live finger due to either composition of spoofing materials or non-automated manufacturing errors. In this paper, we first identify the vulnerability of in-practice antispoofing solutions in commercial fingerprint products. Instead of using expensive 3D fake fingers [1] (above USD $1000), we mimic a more realistic scenario where an attacker fabricates high-precision fake fingerprints using low-cost polyvinylacetate materials [2] (less than USD $50). Building on this, we introduce a practical and secure countermeasure, namely FakeGuard , to overcome the exposed vulnerability. We examine the nature of 3D haptic response effect that arises when a fingertip epidermis interacts with a tactile surface and reflects the disparate anatomy of live and fake fingers. Unlike the previous mitigation strategies, FakeGuard offers both hardware and software compatibility with existing fingerprint scanners. As the first exploration of haptic-based anti-spoofing solution, we demonstrate the capability of FakeGuard to prevent known and unknown fake finger attacks with an average detection error of 1.4%.

Jag Mohan Singh,Ahmed Madhun,Guoqiang Li,Raghavendra Ramachandra

DOI: https://doi.org/10.48550/arXiv.2005.08337

2020-05-18

Abstract:Fingerprint recognition systems are widely deployed in various real-life applications as they have achieved high accuracy. The widely used applications include border control, automated teller machine (ATM), and attendance monitoring systems. However, these critical systems are prone to spoofing attacks (a.k.a presentation attacks (PA)). PA for fingerprint can be performed by presenting gummy fingers made from different materials such as silicone, gelatine, play-doh, ecoflex, 2D printed paper, 3D printed material, or latex. Biometrics Researchers have developed Presentation Attack Detection (PAD) methods as a countermeasure to PA. PAD is usually done by training a machine learning classifier for known attacks for a given dataset, and they achieve high accuracy in this task. However, generalizing to unknown attacks is an essential problem from applicability to real-world systems, mainly because attacks cannot be exhaustively listed in advance. In this survey paper, we present a comprehensive survey on existing PAD algorithms for fingerprint recognition systems, specifically from the standpoint of detecting unknown PAD. We categorize PAD algorithms, point out their advantages/disadvantages, and future directions for this area.

Computer Vision and Pattern Recognition,Cryptography and Security,Image and Video Processing

Javier Galbally,Julian Fierrez-Aguilar,Joaquin Rodriguez-Gonzalez,Fernando Alonso-Fernandez,Javier Ortega-Garcia,Marino Tapiador

DOI: https://doi.org/10.48550/arXiv.2207.04813

2022-07-11

Abstract:A new method to generate gummy fingers is presented. A medium-size fake fingerprint database is described and two different fingerprint verification systems are evaluated on it. Three different scenarios are considered in the experiments, namely: enrollment and test with real fingerprints, enrollment and test with fake fingerprints, and enrollment with real fingerprints and test with fake fingerprints. Results for an optical and a thermal sweeping sensors are given. Both systems are shown to be vulnerable to direct attacks.

Computer Vision and Pattern Recognition,Cryptography and Security,Image and Video Processing

Steven A. Grosz,Tarang Chugh,Anil K. Jain

DOI: https://doi.org/10.1109/ijcb48548.2020.9304863

2020-09-28

Abstract:The vulnerability of automated fingerprint recognition systems to presentation attacks (PAs), i.e., spoof or altered fingers, has been a growing concern, warranting the development of accurate and efficient presentation attack detection (PAD) methods. However, one major limitation of the existing PAD solutions is their poor generalization to new PA materials and fingerprint sensors, not used in training. In this study, we propose a robust PAD solution with improved cross-material and cross-sensor generalization. Specifically, we build on top of any CNN-based architecture trained for fingerprint spoof detection combined with cross-material spoof generalization using a style transfer network wrapper. We also incorporate adversarial representation learning (ARL) in deep neural networks (DNN) to learn sensor and material invariant representations for PAD. Experimental results on LivDet 2015 and 2017 public domain datasets exhibit the effectiveness of the proposed approach.

Ashutosh Anshul,Ashwini Jha,Prayag Jain,Anuj Rai,Ram Prakash Sharma,Somnath Dey

DOI: https://doi.org/10.1007/s42979-023-01861-7

2023-06-14

SN Computer Science

Abstract:Automatic fingerprint recognition systems (AFRS) have played a significant role in biometric security in recent years. However, it is vulnerable to several threats which can put the AFRS at substantial risk. Presentation attack or spoofing is one of these attacks which utilizes a spoof fingerprint created with a fabrication material by an intruder to fool the authentication system. The development of new fabrication materials makes this spoof detection more challenging for cross-materials. In this paper, a new approach for liveness detection is proposed to encounter the presentation attack. An enhanced Generative Adversarial Network is utilized for this purpose. The performance of the proposed method is evaluated in an open-set paradigm on publicly accessible LivDet Competition datasets and the proposed methodology achieves an average accuracy of 98.52 %, 92.02 %, 80.89% and 86.95% for the LivDet 2013, LivDet 2015, LivDet 2017 and LivDet 2019 datasets, respectively, which outperforms the state-of-the-art methods.

Lázaro J. González-Soler,Marta Gomez-Barrero,Leonardo Chang,Airel Pérez-Suárez,Christoph Busch

DOI: https://doi.org/10.48550/arXiv.1908.10163

2019-08-27

Abstract:Fingerprint-based biometric systems have experienced a large development in the last years. Despite their many advantages, they are still vulnerable to presentation attacks (PAs). Therefore, the task of determining whether a sample stems from a live subject (i.e., bona fide) or from an artificial replica is a mandatory issue which has received a lot of attention recently. Nowadays, when the materials for the fabrication of the Presentation Attack Instruments (PAIs) have been used to train the PA Detection (PAD) methods, the PAIs can be successfully identified. However, current PAD methods still face difficulties detecting PAIs built from unknown materials or captured using other sensors. Based on that fact, we propose a new PAD technique based on three image representation approaches combining local and global information of the fingerprint. By transforming these representations into a common feature space, we can correctly discriminate bona fide from attack presentations in the aforementioned scenarios. The experimental evaluation of our proposal over the LivDet 2011 to 2015 databases, yielded error rates outperforming the top state-of-the-art results by up to 50\% in the most challenging scenarios. In addition, the best configuration achieved the best results in the LivDet 2019 competition (overall accuracy of 96.17\%).

Computer Vision and Pattern Recognition

Anuj Rai,Parsheel Kumar Tiwari,Jyotishna Baishya,Ram Prakash Sharma,Somnath Dey

2024-08-17

Abstract:Automatic fingerprint recognition systems suffer from the threat of presentation attacks due to their wide range of deployment in areas including national borders and commercial applications. A presentation attack can be performed by creating a spoof of a user's fingerprint with or without their consent. This paper presents a dynamic ensemble of deep CNN and handcrafted features to detect presentation attacks in known-material and unknown-material protocols of the liveness detection competition. The proposed presentation attack detection model, in this way, utilizes the capabilities of both deep CNN and handcrafted features techniques and exhibits better performance than their individual performances. We have validated our proposed method on benchmark databases from the Liveness Detection Competition in 2015, 2017, and 2019, yielding overall accuracy of 96.10\%, 96.49\%, and 94.99\% on them, respectively. The proposed method outperforms state-of-the-art methods in terms of classification accuracy.

Computer Vision and Pattern Recognition

Sandip Purnapatra,Conor Miller-Lynch,Stephen Miner,Yu Liu,Keivan Bahmani,Soumyabrata Dey,Stephanie Schuckers

DOI: https://doi.org/10.48550/arXiv.2303.05459

2023-03-10

Abstract:Touch-based fingerprint biometrics is one of the most popular biometric modalities with applications in several fields. Problems associated with touch-based techniques such as the presence of latent fingerprints and hygiene issues due to many people touching the same surface motivated the community to look for non-contact-based solutions. For the last few years, contactless fingerprint systems are on the rise and in demand because of the ability to turn any device with a camera into a fingerprint reader. Yet, before we can fully utilize the benefit of noncontact-based methods, the biometric community needs to resolve a few concerns such as the resiliency of the system against presentation attacks. One of the major obstacles is the limited publicly available data sets with inadequate spoof and live data. In this publication, we have developed a Presentation attack detection (PAD) dataset of more than 7500 four-finger images and more than 14,000 manually segmented single-fingertip images, and 10,000 synthetic fingertips (deepfakes). The PAD dataset was collected from six different Presentation Attack Instruments (PAI) of three different difficulty levels according to FIDO protocols, with five different types of PAI materials, and different smartphone cameras with manual focusing. We have utilized DenseNet-121 and NasNetMobile models and our proposed dataset to develop PAD algorithms and achieved PAD accuracy of Attack presentation classification error rate (APCER) 0.14\% and Bonafide presentation classification error rate (BPCER) 0.18\%. We have also reported the test results of the models against unseen spoof types to replicate uncertain real-world testing scenarios.

Computer Vision and Pattern Recognition

Jag Mohan Singh,Sushma Venkatesh,Kiran B. Raja,Raghavendra Ramachandra,Christoph Busch

DOI: https://doi.org/10.48550/arXiv.1912.01408

2019-12-03

Abstract:Despite the high biometric performance, finger-vein recognition systems are vulnerable to presentation attacks (aka., spoofing attacks). In this paper, we present a new and robust approach for detecting presentation attacks on finger-vein biometric systems exploiting the 3D Shape (normal-map) and material properties (diffuse-map) of the finger. Observing the normal-map and diffuse-map exhibiting enhanced textural differences in comparison with the original finger-vein image, especially in the presence of varying illumination intensity, we propose to employ textural feature-descriptors on both of them independently. The features are subsequently used to compute a separating hyper-plane using Support Vector Machine (SVM) classifiers for the features computed from normal-maps and diffuse-maps independently. Given the scores from each classifier for normal-map and diffuse-map, we propose sum-rule based score level fusion to make detection of such presentation attack more robust. To this end, we construct a new database of finger-vein images acquired using a custom capture device with three inbuilt illuminations and validate the applicability of the proposed approach. The newly collected database consists of 936 images, which corresponds to 468 bona fide images and 468 artefact images. We establish the superiority of the proposed approach by benchmarking it with classical textural feature-descriptor applied directly on finger-vein images. The proposed approach outperforms the classical approaches by providing the Attack Presentation Classification Error Rate (APCER) & Bona fide Presentation Classification Error Rate (BPCER) of 0% compared to comparable traditional methods.

Computer Vision and Pattern Recognition,Image and Video Processing

Marco Micheletto,Gian Luca Marcialis,Giulia Orrù,Fabio Roli

DOI: https://doi.org/10.1109/TIFS.2021.3121201

2021-10-20

Abstract:The diffusion of fingerprint verification systems for security applications makes it urgent to investigate the embedding of software-based presentation attack detection algorithms (PAD) into such systems. Companies and institutions need to know whether such integration would make the system more "secure" and whether the technology available is ready, and, if so, at what operational working conditions. Despite significant improvements, especially by adopting deep learning approaches to fingerprint PAD, current research did not state much about their effectiveness when embedded in fingerprint verification systems. We believe that the lack of works is explained by the lack of instruments to investigate the problem, that is, modeling the cause-effect relationships when two non-zero error-free systems work together. Accordingly, this paper explores the fusion of PAD into verification systems by proposing a novel investigation instrument: a performance simulator based on the probabilistic modeling of the relationships among the Receiver Operating Characteristics (ROC) of the two individual systems when PAD and verification stages are implemented sequentially. As a matter of fact, this is the most straightforward, flexible, and widespread approach. We carry out simulations on the PAD algorithms' ROCs submitted to the most recent editions of LivDet (2017-2019), the state-of-the-art NIST Bozorth3, and the top-level Veryfinger 12 matchers. Reported experiments explore significant scenarios to get the conditions under which fingerprint matching with embedded PAD can improve, rather than degrade, the overall personal verification performance.

Cryptography and Security,Computer Vision and Pattern Recognition

Anuj Rai,Somnath Dey,Pradeep Patidar,Prakhar Rai

2023-03-03

Abstract:Automatic fingerprint recognition systems are the most extensively used systems for person authentication although they are vulnerable to Presentation attacks. Artificial artifacts created with the help of various materials are used to deceive these systems causing a threat to the security of fingerprint-based applications. This paper proposes a novel end-to-end model to detect fingerprint Presentation attacks. The proposed model incorporates MobileNet as a feature extractor and a Support Vector Classifier as a classifier to detect presentation attacks in cross-material and cross-sensor paradigms. The feature extractor's parameters are learned with the loss generated by the support vector classifier. The proposed model eliminates the need for intermediary data preparation procedures, unlike other static hybrid architectures. The performance of the proposed model has been validated on benchmark LivDet 2011, 2013, 2015, 2017, and 2019 databases, and overall accuracy of 98.64%, 99.50%, 97.23%, 95.06%, and 95.20% is achieved on these databases, respectively. The performance of the proposed model is compared with state-of-the-art methods and the proposed method outperforms in cross-material and cross-sensor paradigms in terms of average classification error.

Computer Vision and Pattern Recognition

Ruben Tolosana,Marta Gomez-Barrero,Christoph Busch,Javier Ortega-Garcia

DOI: https://doi.org/10.1109/TIFS.2019.2934867

2019-02-28

Abstract:The increased need for unattended authentication in multiple scenarios has motivated a wide deployment of biometric systems in the last few years. This has in turn led to the disclosure of security concerns specifically related to biometric systems. Among them, Presentation Attacks (PAs, i.e., attempts to log into the system with a fake biometric characteristic or presentation attack instrument) pose a severe threat to the security of the system: any person could eventually fabricate or order a gummy finger or face mask to impersonate someone else. The biometrics community has thus made a considerable effort to the development of automatic Presentation Attack Detection (PAD) mechanisms, for instance through the international LivDet competitions. In this context, we present a novel fingerprint PAD scheme based on $i)$ a new capture device able to acquire images within the short wave infrared (SWIR) spectrum, and $ii)$ an in-depth analysis of several state-of-the-art techniques based on both handcrafted and deep learning features. The approach is evaluated on a database comprising over 4700 samples, stemming from 562 different subjects and 35 different presentation attack instrument (PAI) species. The results show the soundness of the proposed approach with a detection equal error rate (D-EER) as low as 1.36\% even in a realistic scenario where five different PAI species are considered only for testing purposes (i.e., unknown attacks).

Computer Vision and Pattern Recognition

Jascha Kolberg,Marta Gomez-Barrero,Christoph Busch

DOI: https://doi.org/10.48550/arXiv.2010.09566

2021-01-12

Abstract:Nowadays, fingerprint-based biometric recognition systems are becoming increasingly popular. However, in spite of their numerous advantages, biometric capture devices are usually exposed to the public and thus vulnerable to presentation attacks (PAs). Therefore, presentation attack detection (PAD) methods are of utmost importance in order to distinguish between bona fide and attack presentations. Due to the nearly unlimited possibilities to create new presentation attack instruments (PAIs), unknown attacks are a threat to existing PAD algorithms. This fact motivates research on generalisation capabilities in order to find PAD methods that are resilient to new attacks. In this context, we evaluate the generalisability of multiple PAD algorithms on a dataset of 19,711 bona fide and 4,339 PA samples, including 45 different PAI species. The PAD data is captured in the short wave infrared domain and the results discuss the advantages and drawbacks of this PAD technique regarding unknown attacks.

Computer Vision and Pattern Recognition

Cong Wu,Kun He,Jing Chen,Ziming Zhao,Ruiying Du

2020-01-01

Abstract:Fingerprint authentication has gained increasing popularity on mobile devices in recent years. However, it is vulnerable to presentation attacks, which include that an attacker spoofs with an artificial replica. Many liveness detection solutions have been proposed to defeat such presentation attacks; however, they all fail to defend against a particular type of presentation attack, namely puppet attack, in which an attacker places an unwilling victim's finger on the fingerprint sensor. In this paper, we propose FINAUTH, an effective and efficient software-only solution, to complement fingerprint authentication by defeating both synthetic spoofs and puppet attacks using fingertip-touch characteristics. FINAUTH characterizes intrinsic fingertip-touch behaviors including the acceleration and the rotation angle of mobile devices when a legitimate user authenticates. FINAUTH only utilizes common sensors equipped on mobile devices and does not introduce extra usability burdens on users. To evaluate the effectiveness of FINAUTH, we carried out experiments on datasets collected from 90 subjects after the IRB approval. The results show that FINAUTH can achieve the average balanced accuracy of 96.04% with 5 training data points and 99.28% with 100 training data points. Security experiments also demonstrate that FINAUTH is resilient against possible attacks. In addition, we report the usability analysis results of FINAUTH, including user authentication delay and overhead.

Meng Zhang,Jianjiang Feng,Jie Zhou

DOI: https://doi.org/10.1007/978-3-030-31456-9_2

2019-01-01

Abstract:With the ever growing deployments of fingerprint recognition systems, presentation attack detection has become the new bottleneck. In order to make full use of the difference in materials between the fake fingerprint and the real fingerprint, we proposed to utilize two images of a finger for classification. A pair of fingerprints are first aligned using a deformable registration algorithm and then are fed into MobileNet-v2 networks to perform the classification. Experimental results on the public dataset LivDet 2011 show that the performance of the proposed approach is promising and prove the effectiveness of fusing two fingerprints rather than using the fingerprints separately.

Tarang Chugh,Anil K. Jain

DOI: https://doi.org/10.48550/arXiv.1908.00102

2019-07-31

Computer Vision and Pattern Recognition

Abstract:Optical coherent tomography (OCT) fingerprint technology provides rich depth information, including internal fingerprint (papillary junction) and sweat (eccrine) glands, in addition to imaging any fake layers (presentation attacks) placed over finger skin. Unlike 2D surface fingerprint scans, additional depth information provided by the cross-sectional OCT depth profile scans are purported to thwart fingerprint presentation attacks. We develop and evaluate a presentation attack detector (PAD) based on deep convolutional neural network (CNN). Input data to CNN are local patches extracted from the cross-sectional OCT depth profile scans captured using THORLabs Telesto series spectral-domain fingerprint reader. The proposed approach achieves a TDR of 99.73% @ FDR of 0.2% on a database of 3,413 bonafide and 357 PA OCT scans, fabricated using 8 different PA materials. By employing a visualization technique, known as CNN-Fixations, we are able to identify the regions in the OCT scan patches that are crucial for fingerprint PAD detection.

Tarang Chugh,Anil K. Jain

DOI: https://doi.org/10.48550/arXiv.1812.11574

2018-12-31

Abstract:We study the problem of fingerprint presentation attack detection (PAD) under unknown PA materials not seen during PAD training. A dataset of 5,743 bonafide and 4,912 PA images of 12 different materials is used to evaluate a state-of-the-art PAD, namely Fingerprint Spoof Buster. We utilize 3D t-SNE visualization and clustering of material characteristics to identify a representative set of PA materials that cover most of PA feature space. We observe that a set of six PA materials, namely Silicone, 2D Paper, Play Doh, Gelatin, Latex Body Paint and Monster Liquid Latex provide a good representative set that should be included in training to achieve generalization of PAD. We also propose an optimized Android app of Fingerprint Spoof Buster that can run on a commodity smartphone (Xiaomi Redmi Note 4) without a significant drop in PAD performance (from TDR = 95.7% to 95.3% @ FDR = 0.2%) which can make a PA prediction in less than 300ms.

Computer Vision and Pattern Recognition

Cong Wu,Kun He,Jing Chen,Ziming Zhao,Ruiying Du

DOI: https://doi.org/10.1109/tdsc.2021.3116552

2022-01-01

Abstract:Fingerprint authentication has gained increasing popularity on mobile devices in recent years. However, it is vulnerable to presentation attacks, which include that an attacker spoofs with an artificial replica. Many liveness detection solutions have been proposed to defeat such presentation attacks; however, they all fail to defend against a particular type of presentation attack, namely puppet attack , in which an attacker places an unwilling victim's finger on the fingerprint sensor. In this article, we propose FinAuth , an effective and efficient software-only solution, to complement fingerprint authentication by defeating both synthetic spoofs and puppet attacks using fingertip-touch characteristics. FinAuth characterizes intrinsic fingertip-touch behaviors including the acceleration and the rotation angle of mobile devices when a legitimate user authenticates. FinAuth only utilizes common sensors equipped on mobile devices and does not introduce extra usability burdens on users. To evaluate the effectiveness of FinAuth , we carried out experiments on datasets collected from 90 subjects after the IRB approval. The results show that FinAuth can achieve the average balanced accuracy of 96.04% with 5 training data points and 99.28% with 100 training data points. Security experiments also demonstrate that FinAuth is resilient against possible attacks. In addition, we report the usability analysis results of FinAuth , including user authentication delay and overhead.

Divine Senanu Ametefe,Suzi Seroja Sarnin,Darmawaty Mohd Ali,George Dzorgbenya Ametefe,Dah John,Norhayati Hussin

DOI: https://doi.org/10.1007/s00521-024-10423-8

2024-12-07

Neural Computing and Applications

Abstract:In the rapidly evolving domain of biometric security, the significance of Fingerprint Presentation Attack Detection (FPAD) has become increasingly paramount, given the susceptibility of Automatic Fingerprint Identification System (AFIS) to advanced spoofing techniques. This systematic literature review (SLR), spanning from 2022 to the second quarter of 2024, delves into the intricate challenges and burgeoning opportunities within FPAD. It focuses on innovative methodologies for detecting presentation attacks, the prevalent challenges posed by spoof fabrications (including materials like silicone, gelatine, and latex), and the exploration of potential advancements in FPAD effectiveness. The comprehensive analysis, based on a rigorous review protocol, scrutinizes 40 seminal peer-reviewed articles from the IEEE Xplore and ScienceDirect databases. This exploration uncovers a diverse range of strategies in FPAD, including software-centric and hardware-assisted approaches, each bearing unique implications for security enhancement and user privacy considerations. A pivotal finding of this review is the identification of critical research gaps, particularly in the development of algorithms capable of universal detection, the system's adaptability to novel spoofing materials, and the ethical management of biometric data. This review provides a contemporary assessment of the current state of FPAD and establishes a foundation for future research directions. It highlights the need for continuous innovation in response to the evolving sophistication of spoofing techniques and the imperative of maintaining a balance between robust security measures and user-centric design in biometric systems. This review underscores the dynamic interplay between technological advancements, the ingenuity of attackers, and the ongoing endeavour to achieve reliable, user-friendly, and ethically responsible biometric security solutions.

computer science, artificial intelligence