生物演示攻击

Biometric Spoofing' is defined as 'process of defeating Biometric System with fake Biometric sample'. Yes, inquisitive topic for discussion; but - Spoofing is always serious concern worldwide. Biometric Technology is believed as right fit solution to address security challenges including Spoofing attacks. But, in reality - not all Biometrics would stand fool-proof against advanced Spoofing attacks.

My Post covers readings from my studies and experiments conducted in India, China & UK on Biometrics and latest Market trends. Idea is to highlight deficiencies & vulnerabilities of Biometrics and share tips & techniques for better preparedness for Spoofing.

Biometric Technologies

Some of Biometric Technologies widely used globally:

• Fingerprint
• Iris
• Face
• Voice
• Vein

Though there are many other Biometric technologies in research, technologies with lesser market share currently are not taken into consideration for this post.

Market Trends

• Global Biometrics Market is projected to reach $21.9 billion by 2020 (Source: 6WResearch); $23 billion (Source: Transparency Market Research)

• In Global Biometrics market, Fingerprint Biometrics has contributed for majority of the market revenues till date

• Ease of use and low cost of fingerprint based biometrics devices have resulted for their dominance in last 5 years

• Going forward, Fingerprint biometrics is expected to face tough fight from other biometrics like Iris, Face, Voice etc., technologies and lose market share

• Focus will be more on higher reliability and accuracy of Biometric Solution design with the advent of Biometric Payments

• IRIS, Face and Vein are growing rapidly due to lower FAR and FRR as compared to Fingerprint Biometrics Technology

• Multimodal Biometrics systems is expected to grow rapidly in next 5 years

• User acceptance of Fingerprint & Face Biometrics is more, where as Vein and Iris are more accurate

Facts

• Most of the Fingerprint Scanners are prone to hacking

• Researchers identified over 300 materials (but not limited to) like Silicon Gel, Rubber etc., to create Fingerprint Spoof as shown above

• Iris - Fake Eye Images, Contact Lens etc., enable hackers to fake Iris sample

• Face - Very easy to spoof, even just with Photograph. Our experiments proved that cracking 2D face is damn easy
• Voice - Mimicry, similar voice can spoof with little effort

Tips

Below tips help us to fight against Spoofing and give tough hassles to hackers:

• Liveness - 'Liveness Detection' of Biometric Sensor feature helps to guard against Spoofing. Algorithms can differentiate 'real' and 'fake' samples using living traits like Fingerprint temperature, pressure, moisture, eye pupil movement etc. Usually, classified as Hardware based technique

• Multimodal Biometrics - Researches reveal that Biometric Solutions with Six Biometric modals will throw tough challenge to hackers. For practical reasons, many modals may not be always possible due to economics and implementation hassles. But, we noticed that complexity & reliability increases with each additional Biometric modal inclusion to the System. So, another Hardware based technique, more you plan - more robust your System could be!

• 3D Biometrics - 2D Biometric modals are easier to crack; 3D makes Spoofing difficult due to complexity of algorithms to crack(like 3D Face). Categorized as Software based anti-spoofing technique

• Fool Proof Enrollment - Necessary care & precautions should be taken during Enrollment process to avoid Fake/faulty samples

• Server/Database Security - Like above, sound security strategy is inevitable at Server, Database and Network level to protect stored Biometric templates against hacking

• 3 Way Plan - For efficient anti-spoof mechanism, one should deploy Sensor level, Feature level and Score level anti-spoofing techniques at Sensor, Extractor and Matcher respectively