A Multispectral Sensor for Fingerprint Spoof DetectionJanuary 1, 2005 By: Robert K. Rowe Sensors
Biometric sensors are devices that can collect information capable of performing an automatic determination of a person's identity. Common types of biometric technologies include facial recognition, iris recognition, and fingerprint sensing. Although not yet ubiquitous, biometric sensors—and particularly fingerprint sensors—are poised to become much more prevalent in many people's lives for both commercial and government applications.
Recent commercial introductions of fingerprint technology include an IBM laptop computer with a built-in fingerprint sensor, and a line of fingerprint-enabled computer products from Microsoft including a keyboard and mouse. The goal of both products is to offer an alternative to user names and passwords as a means to authorize access to computers, networks, and services.
In the aftermath of 9/11, the federal government and other governing bodies around the world have turned to biometrics to verify the identity of foreign travelers entering and leaving the U.S. and other countries. Furthermore, as networked digital devices become more prevalent in warfare, there is a growing movement toward biometric sensing to ensure that the person using a particular device is authorized to do so. Fingerprint sensors are among the leading candidate technologies for these and many other security applications.
Conventional fingerprint sensors read the superficial friction ridge patterns of the skin on the fingertips. Common sensor types include capacitive, radio frequency, thermal, and optical arrays. Although each sensing modality is fundamentally different from the others, each generates an image that distinguishes between points of contact with the sensor (fingerprint ridges) and points where there is a gap (fingerprint valleys).
A common problem with current fingerprint sensors is that they are an easy target for "spoofing"—the art of using artificial samples to imitate real and authorized fingerprint patterns. While this security breach is a concern for all biometric technologies, the problem is particularly pronounced for fingerprint sensors because people leave copies of their fingerprints on most objects they touch throughout the day. A quick search on the Internet can provide a motivated individual with enough information to convert a latent fingerprint into an effective spoof using familiar materials that can be bought at a hobbyist supply shop.
The reason most fingerprint sensors are susceptible to spoofing is that little or no information is acquired specific to the object touching the sensor. As long as the sensor can produce a pattern sufficiently close to that of the enrolled fingerprint, authorization is granted. As an example, consider a common type of optical fingerprint sensor based on total internal reflectance (TIR), as shown in Figure 1. An image is formed when a material with an appropriate index of refraction contacts the sensor surface. This material can be human skin, but it can also be silicone, gelatin, or a variety of other substances.
Figure 1. In a typical optical fingerprint sensor based on total internal reflectance (TIR), light enters from the left of the prism and is diffusely reflected from the right-side facet to uniformly illuminate the sample surface. The imager detects bright regions where air gaps are located and darker areas where skin or other material of appropriate refractive index is in contact with the glass (inset).
Furthermore, superficial fingerprint patterns may be worn, damaged, or simply hard to read due to the skin's surface conditions—too wet or too dry, for example. Collecting fingerprints of good quality from older people is particularly difficult because their skin is likely not to be very supple. The resulting poor-quality images, even if collected from a properly authorized person, can lead to authorization rejections. The system administrator might then set the sensor's security threshold to a more lenient setting to reduce the number of false negatives. This relaxed threshold further exacerbates the susceptibility of a sensor to spoof attacks.
Most Read Articles