Biometric Spoofing and Anti-Spoofing

Biometric Spoofing and Anti-Spoofing

Zahid Akhtar (University of Udine, Italy)
DOI: 10.4018/978-1-5225-0703-1.ch007


The demand for reliable and robust person recognition systems has expanded due to intense security requirements in today's highly intertwined network society. The advantages of biometrics over traditional security systems have triggered large-scale deployment of biometrics as an authentic technique to determine the identity of an individual. The prime objective of such methods is to assure that the systems are only accessed by genuine users. Since, biometric traits are overt, leading thus to a threat of them being captured, copied, and forged. Numerous techniques have been developed over the years for biometric spoofing and anti-spoofing. The goal of this chapter is to provide a comprehensive overview on works in the field of spoofing and anti-spoofing with special attention to three mainly accepted biometric traits (i.e., fingerprint, face and iris) and multimodal biometric systems. We also present the key challenges, major issues and point out some of the salient and useful research directions.
Chapter Preview


Due to exponential growth in digital information and communication technologies, the need and importance of robust user authentication is increasing day by day. Several efforts have been made to develop systems that can identify and authenticate genuine users. Authentication process validates the identity of user by utilizing one (or more) of the three-authentication factor - something user knows (the PIN or password), something user has (the card or keys), or something user is (the biometrics). Only biometrics among them exploits the distinct features associated with an individual, thus it could provide higher identification accuracy and security level (Jain, 2007).

Desirable properties of biometric characteristics are distinct for each user, temporal-invariance, and hard to be forged. But, recent research has demonstrated that biometric traits can be stolen, replicated and fake trait could be used to attack biometric systems (Matsumoto, 2002, Akhtar, 2012, Galbally, 2014). For instance, the Japanese border control fingerprint system was deceived in January 2009 by a woman, who used tape-made fake fingerprints on her true fingerprints (Galbally, 2014, Akhtar, 2012). Similarly, just two days after the iPhone5s hit the market, it was fooled by a fingerprint spoof (Galbally, 2014). Unfortunately, one cannot change his or her biometric characteristics once it is stolen, unlike PIN’s and passwords. If someone’s biometric data is used illegally, they may face difficulty to prove their innocence.

Spoofing is a situation in which one person pretends as another by falsifying data and thereby gaining an illegal benefits. Biometric spoofing attack is a process by which individuals aim to compromise a biometric system by presenting a spoofed (fake) biometric sample of genuine user. Biometric spoofing attack is also referred as ‘direct attack’ as it is carried out directly on the biometric sensors. The most important point about biometric spoof attacks is that it does not require advanced technical skills and thus increases the number of potential attackers. Biometric spoof attacks also may be carried out in coordination with the genuine user to gain the delegate access rights or without user consent or knowledge (e.g., collected face images from surveillance cameras or latent fingerprints from objects or surfaces).

As we know that biometric traits are not secret. Everyone leaves their biometrics all over without being conscious that their biometrics can be captured, copied, and replicated, which later might possibly enable future acts of fraud. Therefore, to defeat spoofing attacks several countermeasure technologies and methods have been developed. In fact, the vulnerability of biometric systems to spoof attacks has generated a research trends to improve the robustness and reliability of biometrics such as anti-spoofing techniques or “liveness detection” (Li, 2009, Chingovska, 2013, Galbally, 2014) or multimodal biometric fusion (Jain, 2007, Akhtar, 2012).

Key Terms in this Chapter

Face Recognition: Face recognition is a computational technique to automatically identify or verify a person from a digital image or a video using their facial features.

Biometric Anti-Spoofing: Typical countermeasure to biometric spoofing is liveness detection (biometric anti-spoofing) methods, which aim at disambiguating human live biometric trait samples from spoof artifacts.

Multimodal Biometrics: Multimodal biometric systems consolidate evidence from multiple biometric sources. For example, a multimodal biometric system could be a combination of iris recognition and fingerprint recognition to confirm the identity of a user.

Fingerprint Recognition: Fingerprint automated method matches two human fingerprints to identify individuals using fingerprint as biometrics.

Adversarial Pattern Classification: Adversarial pattern classification is a scenario where the pattern recognition system faces an intelligent and adaptive adversary that modifies patterns to fool the system.

Biometric Spoofing: Biometric spoofing attack is carried out by presenting artifact biometric trait to the system to fool the system pretending as a genuine user.

Complete Chapter List

Search this Book: