It is a well-known fact that biometrics is the most secure way of ensuring authentication. Every individual’s biometrics is unique. This ensures that only the person can gain access and no one else can.

A question that arises here is whether impersonation is possible. Is it possible to spoof a biometrics system and gain access? Bahaa Abdul Hadi attempts an answer as below.

Presentation attacks and spoofing

When any attempt is made to attack and breach a biometric system, it is referred to as a presentation attack. This is a clear indication that it is possible to try and break it into a biometric system. The most common way is spoofing.

There are different ways this could be done:

  • A hacker may take a photograph of the fingerprint and create it on clay. They would use this ‘mock fingerprint’ to access the system.
  • When facial recognition is used for biometrics, it is possible to use a photograph or a video to spoof the system.
  • Another trick used is a person may deliberately grow facial hair or mutilate their fingerprints. They would then enrol into the system using another account.
  • When iris detection is used, it is even possible to create a synthetic iris to spoof the system.

While it is possible to spoof a biometric system, it must be noted that it is not so easy. Creating a synthetic iris is not easy and calls for a lot of work and money to be spent. Not all hackers can spoof the system so easily.

Since it possible to spoof a biometric system, it is important to take measures to prevent it.

Preventing spoof of biometric systems

One of the most popular ways of preventing biometric spoofing is by using a concept known as liveness detection. Whenever biometric systems are spoofed, an artificial image or tool is used. To overcome this, the system must be capable of detecting liveness. The system should be able to find out if the person in front of the scanner is live or not.

There are two types here:

  1. Active: Here, the user is asked to perform an action live that proves liveness. Eg: movement of mouth may be analyzed by the system.
  2. Passive: Here, the system can detect if the image is live or not without any active user involvement. During registration, high quality data is collected. Multiple matching is done using algorithms to detect liveness.

Organizations need to bring in liveness detection to ensure their biometric systems are more robust.

Thank you for your interest in Bahaa Abdul Hadi blogs. For more information, please stay tuned to www.bahaaabdulhadi.com