A Systematic Empirical Analysis of Forging Fingerprints to Fool Biometric Systems

C. Schwarzl, E. Weippl:
"A Systematic Empirical Analysis of Forging Fingerprints to Fool Biometric Systems";
International Journal of Secure Software Engineering (IJSSE),2(2011), 1; S. 40 - 83.

[ Publication Database ]

Abstract:


This paper is about the security of biometric systems - important components of many security-critical systems. Our research methodology may serve as a scaffold to future research so that attacks are more thoroughly documented and easily reproducible by other researchers to better quantify the risks for information systems that rely on biometrics for security. Our main contribution is to systematically describe the attempts made to forge fingerprints to fool biometric systems and to review all relevant publications on forging fingerprints to fool sensors. Unlike related work we clearly describe every detail to make the experiments reproducible. We found that many of the related works fail in this aspect and that past successes could not be repeated by us. First, the basics of biometrics are explained in order to define the meaning of the term security in this special context. Second, the reader is also presented with the state of the art of biometric systems. Third, the focus then turns to the security of fingerprint scanners. For this, a series of more than 30,000 experiments were conducted to fool scanners. The authors were able to reproduce and keep records of each single step in the test and to show which methods lead to the desired results and which do not. This is also done, because in most of the existing studies on this topic a number of the individual steps in producing a fake finger and fooling a fingerprint scanner are not explained in full detail, which means that some of the studies cannot be replicated. In addition, some of the authorsĀ“ own ideas and slight variations of existing experiment set-ups are also tried out. All the experiments are conducted with more than one scanner to create generally applicable results.