Fingerprint technology is becoming an increasingly popular means for smartphone security. The newest MacBook has a Touch ID as an added security measure to keep out unauthorized users. Smartphones have had fingerprint scanners since the launch of the Toshiba G500 in 2007. The iPhone has used Touch ID since 2013. But, just how secure is this fingerprint technology? Researchers at Michigan State University are working to figure out how secure this technology is, and whether the finger being used must be an actual finger, rather than a fake replica.
To solve this problem, Anil Jain, a university distinguished professor, and Joshua Engelsma, a doctoral student, designed and created a fake finger that contained multiple key properties of human skin — this is also known as a spoof. The fake finger has been used to test two predominant types of fingerprint readers to determine their resilience to spoof attempts.
The fake fingers developed at MSU were created using a combination of carefully chosen materials like conductive silicone, silicone thinner and pigments. Along with determining the materials, the fabrication process was designed and implemented by the team using a molding and casting technique.
"What makes our design unique is that it mimics a real finger by incorporating basic properties of human skin," said Jain. "This new spoof has the proper mechanical, optical and electrical properties of a human finger. Compared to current fake fingers that only contain one or two of these properties, our new version could prove much more challenging to detect. It will help motivate designers to build better fingerprint readers and develop robust spoof-detection algorithms."
Fingerprint readers' popularity makes their resilience to fakes more important. Banks, airports, law enforcement and border security are adopting fingerprinting technologies into their operations as a more secure form of identification.
One use for the synthetic fingers is testing the recognition accuracy between different types of fingerprint readers. The readers differ based on the type of sensors — such as optical or capacitive — used to record the digital fingerprints.
Currently, the recognition accuracy declines when one fingerprint is taken using two different types of fingerprint readers. For example, if a capacitive reader was used to capture a fingerprint, but an optical fingerprint reader was then used later to authenticate the same fingerprint, it is less likely that the print will be accurately identified. Through using MSU’s new spoof, companies could develop methods to improve the accuracy.
"Given their unique characteristics, we believe our fake fingers will be valuable to the fingerprint recognition community," said Jain. "Consumers need to know their fingerprints and identity are secure, and vendors and designers need to demonstrate to the consumers the technology is not only accurate but also resilient to spoof attacks."
Jain and his team have started work on the next phase of the research: designing and building a fingerprint reader to test spoof-detection. The reader could be easily built in a couple of hours by other people in the fingerprint recognition community to test for real versus fake fingerprints. Jain’s lab is also working on algorithms that will make the fingerprint reader more resilient to spoof presentation attacks.
A report on this research was submitted to arXiv and a paper will be published in the journal IEEE Transactions on Information Forensics and Security.