Liveness Detection for the Mobile Biometrics Market

licoricebedsΑσφάλεια

22 Φεβ 2014 (πριν από 3 χρόνια και 8 μήνες)

80 εμφανίσεις












Liveness Detection for the
Mobile Biometrics Market


Introduction

There’s a reason why Apple, HTC, Samsung
and so many other vendors are adding fingerprint authentication
to their smartphones: The technology offers consumers and enterprise users a way to protect their devices
and information that’s as easy to use as it is easy to understand. Today, over two-thirds of all biometric sensors
worldwide use fingerprint authentication because it’s the most mature and cost-effective biometric
technology available. By 2015, fingerprint sensors will be standard on most high-end smartphones,
Goode
Intelligence predicts
. By 2018, 3.4 billion people will have a mobile device with a biometric sensor
.
However, a few challenges stand in the way, including the public nature of this biometric (latent fingerprints
are left on everything we touch) and the inherent vulnerability of fingerprint sensors to fake fingerprints or
“spoofing”. Liveness detection
overcomes these challenges by ensuring samples presented to a sensor are
genuine. As a result, liveness detection enables fingerprint authentication to live up to its pervasive use
potential by instilling confidence in the security of the mobile biometric authentication.

Biometric Authentication Goes Mainstream
The iPhone 5S is a milestone in fingerprint
authentication because although it’s not
the world’s first smartphone with a
biometric sensor, it is the largest such
deployment. As a result, sensors now ship
daily in volumes that previously took
months to achieve. Just as important,
these sensors are going primarily into the
hands of consumers instead of the
traditional biometrics markets of
government and enterprise. These latter
applications typically incorporated biometric sensors as a component to multifactor authentication systems,
wherein authentication occurred in observed or otherwise monitored situations, including border control,
building access and security kiosks.
The iPhone 5S also educated consumers about how fingerprint authentication benefits them directly and in
multiple ways. From effortless unlocking of their phone to making an iTunes or App Store purchase, consumers
now appreciate the convenience of fingerprint authentication compared to traditional password- or PIN-based
authentication.
This convenience also benefits enterprises, regardless of whether they provide their employees with iPhones
or have a bring-your-own-device (BYOD) policy. People find PINs and passwords to be annoying and easy to
forget, so they routinely look for ways to circumvent employer policies that require them. That creates large
security risks: not only is data on the smartphone now vulnerable if it’s lost or stolen, but so is everything
stored on the enterprise network that the smartphone is authorized to access. Fingerprint authentication
mitigates those risks by offering an alternative based on convenience and something that no one can forget:
their fingerprint.

How to Spoof a Fingerprint Sensor
Vulnerabilities of biometric devices to spoofing have previously undermined the market’s confidence in
adopting their use. Just how vulnerable are fingerprint sensors to spoofing? To begin with, like most
biometrics, fingerprints are not a secret. Latent prints are left on most everything we touch: door knobs, car
door handles, cups, glasses and mobile devices. Covertly acquiring someone’s fingerprint from these surfaces
is not difficult. These latent fingerprints can be “lifted” using a variety of simple techniques and inexpensive
supplies and in as little as 30 seconds. Latent prints can then be scanned into a computer to produce digitized
images to create molds.
Molds can be created by printing digitized images onto acetate,
using the thickness of the printer toner to create the height
differentials of fingerprint ridges and valleys. Image files can
also be used to mask and etch printed circuit boards to create a
mold of the latent print, and the materials to do so are readily
available online or at retail electronics outlets. For the more
sophisticated spoof preparer, Adobe Photoshop can be used to
create a 3D version of the digitized image and then have a high
resolution mold thereof printed by a 3D printer (see image
right).
Molds can then be used to caste spoofs of the image using
everyday materials such as wood glue, epoxy, latex paint,
gelatin and many other readily available materials (see spoof image below). Recipes for making spoofs are
available online and require no special equipment or facilities to produce. The only research needed to be
done is to identify which material(s) work best at spoofing the
specific image capture technology used in the targeted
fingerprint sensor.
Fingerprint sensor technologies vary, including touch versus
swipe and optical versus capacitance versus ultrasound.
Different combinations of these parameters require different
choices of spoof materials. The bottom line is that all
fingerprint sensors, lacking liveness detection, are vulnerable to
spoofing. Moreover, all biometric modalities have their own
vulnerabilities to spoofing.


Why Liveness Detection is a Must-Have
The good news – for smartphone vendors and their customers – is that these vulnerabilities can be mitigated.
In government and enterprise applications, vulnerabilities are typically reduced using a multifactor
authentication process: users must provide something they know (a password or PIN), something they have
(their smartphone), and something they are (biometric).

However, without the benefit of liveness detection, the biometric factor of these systems still remains a
vulnerable element. Hence the increasing requirement for liveness detection in proposed new systems.
Consumers, however, are more interested in the convenience of single-factor authentication offered by
biometrics. After all, the adoption of biometric authentication in the consumer space is meant to eradicate the
need for passwords and PINs, so as to realize the full benefit of convenience in authenticating.
To address the need for liveness detection, some sensor providers are inferring liveness through the capture of
additional biometric information at the time of image capture. This can include blood oximetry, temperature
or multispectral imaging. Unfortunately these hardware-based solutions are too costly and space consuming
for use in mobile devices. Software-based systems, such as NexID Biometrics’ Liveness Detection SDK
, offer a
cost-effective solution to these vulnerabilities. Moreover, suppliers of other biometric modalities are also
working to incorporate liveness detection in manners compatible with the mobile device market, often using
resources already part of the device, such as the camera and microphone. Research in liveness detection is
also underway at academic institutions and funded both by industry and government resources. One example
is the Center for Identification and Technology Research (
www.citer.wvu.edu
).
To help with the adoption of liveness detection solutions, and to subsequently drive pervasive use of biometric
authentication, a number of standards are in place or being developed:
• The International Standards Organization (ISO) is currently developing standards documents for
liveness detection.
• In Germany, the Federal Office for Information Security has developed an international standard called
Common Criteria that offers certification for liveness detection to sensor manufacturers. Safran
Morpho (France) is the first and only vendor thus far to achieve this rigorous certification.
• The Fast Identity Online Alliance (FIDO) has established “an open, scalable, interoperable set of
mechanisms that supplant reliance on passwords to securely authenticate users of online services. This
new standard for security devices and browser plugins will allow any website or cloud application to
interface with a broad variety of existing and future FIDO-enabled devices that the user has for online
security.”
These and other efforts are aimed at making pervasive the benefit of convenience and security offered by
biometric authentication on mobile devices.

The NexID Advantage
To capitalize on smartphone vendor demand for fingerprint authentication, sensor manufacturers are rushing
new products to market that are smaller, with less resolution, and lower cost, all to better “fit” mobile device
constraints. Unfortunately, these changes will challenge image quality and therefore limit matching algorithms’
functionality. Moreover, software-based liveness detection is also challenged by these design parameters. To
meet current and future liveness detection requirements, NexID is currently working on a new product
specifically for mobile and embedded liveness detection applications. Our goal for this “Mobile Liveness
Detection” application is to offer performance parameters currently available with our desktop/laptop
application on a mobile and/or embedded device.

With its Mobile Liveness Detection solution NexID Biometrics will play an integral role in the pervasive
adoption of mobile biometric authentication. This software-based technology represents the most cost-
effective liveness detection solution for fingerprint authentication on the market today. Because the NexID
solution analyzes only the captured image to determine whether the image is real or fake, it is technology
agnostic, making it compatible with any and all fingerprint sensors.
Given its software-based nature, NexID’s evolving solution can be field upgraded onto existing devices as
needed. The implementation of NexID liveness detection is tailored for each vendor’s technology to maximize
its accuracy in determining real versus fake, typically achieving an accuracy level of 96 to 98 percent while
minimizing user inconvenience by typically executing the liveness detection function in under one-quarter of a
second. NexID liveness detection has been successfully installed on a variety of fingerprint technologies,
including swipe and touch, and optical and capacitive sensors. The following infographic shows how the
liveness detection function can be inserted to execute before or after the matching algorithm is complete.
Everyone benefits when mobile
biometric authentication systems
include liveness detection.
Consumers and enterprise users
enjoy greater confidence in using
biometrics for authenticating
their identity, without sacrificing
convenience. This combination of
confidence and convenience will
drive adoption and eventual
pervasive use, enabling a
plethora of innovative new
applications. That in turn creates
major new market opportunities
for application solution providers,
device manufacturers and
biometric sensor manufacturers.


About NexID Biometrics
NexID Biometrics is a leading software and technology supplier to the biometric authentication industry. The
company develops and licenses liveness detection software that enables fingerprint-scanning technologies to
more accurately, and with greater confidence, authenticate scanned images by mitigating spoof-related risks.
The company also provides testing and analysis of fingerprint scanning devices to identify existing
vulnerabilities to known spoofing strategies. The company’s founders represent some of the world’s leading
authorities on biometric spoof mitigation and liveness detection. For more information, visit
www.nexidbiometrics.com
.