Fingerprint & Biometric Door Locks
Fingerprint systems analyse the locations of “minutiae” – the endings and bifurcations of the friction ridges on the pad of your finger. Often, additional information, such as the number of ridges between minutiae points, is also used.
A number of methods exist to capture fingerprints: optical capture uses visible light, capacitive sensors use electrical current conducted through the finger, and ultrasound uses high frequency sound waves.
Contact sensors capture an image of the ridge pattern in contact with the sensor, while contactless sensors effectively take an image (2D or 3D, depending on the system) of the ridge pattern while the finger is held a distance away from the sensor.
Attacks
Attacks could be mounted with or without the collusion of enrolled users. The least sophisticated attackers might simply place their own fingers on the sensor and hope to be recognized as an enrolled data subject. The chance of success is then determined by the false match rate of the system and should be low enough for success to be very rare.
Artefacts
More determined attackers may attempt to produce an artefact – a false fingerprint – which matches the finger of an enrolled user.
Once a high quality artefact has been produced, the probability of defeating the system increases significantly. Instructions for making artefacts of reasonable quality can be readily found on the internet. This does not make an attacker’s life easy, but this is a vulnerability particular to fingerprint biometrics.
Obviously, the specific artefact must be recognisable by the type of fingerprint capture sensor it is used against. For example, a capacitive system will require the artefact to have similar conductivity properties to human skin in order to be detected.
It is clearly easy to obtain a fingerprint image with the co-operation of an enrolled data subject but it is also possible to obtain such an image covertly. This is because one major vulnerability of fingerprint biometrics is that latent fingerprints are sometimes left when a finger comes into contact with a surface (indeed, this is the whole point of forensic applications of fingerprinting). Sometimes, this makes it possible to obtain a fingerprint image from which an artefact can be produced.
Implementation notes
For low threat situations, particularly if the number of enrolled users is relatively small, the use of one fingerprint may be adequate. But, given the ease with which friction ridges on fingers are damaged, more fingerprints should be enrolled.
However, if greater security (lower false match rate) is required, it may be necessary to use more than one finger in the matching process. For example, high integrity systems used for automated border control at airports needing to match travelers to millions of enrolled persons, sometimes use all eight fingers and both thumbs.
If the system is likely to be attacked using artefacts at the sensor, the false match rate alone is not an adequate measure of overall security. It is also necessary to assess the effectiveness of any liveness detection, or spoof detection capability. This is actually quite difficult to measure because of the diversity of available attack methods.
Enrolment problems
All biometric systems suffer from the fact that some members of the population will not be able to provide an adequate biometric sample to use the system. The biometric characteristic might be missing or temporarily inaccessible, it could also be of such low quality that it cannot be used.
With fingerprint systems in particular, there is a great deal of operational and experimental evidence to show that older members of the population, and those who work in some industries, tend to produce lower quality fingerprint readings. For some people, the problem can be so severe that they simply cannot use the biometric system.
Protections
The biometric sensor and controlling software may perform checks to detect a presentation attack. These can happen in a number of ways, including:
Sub-dermal image analysis
Deformation effects when the finger is presented to the sensor
Optical spectrum analysis to identify the distinctive texture of skin
Conductivity/capacitance of the skin
Oxygen levels of the blood in the finger
Pulse or ECG measurements
Summary
Fingerprint recognition is able to provide a useful degree of discrimination between enrolled users. However, the absolute level of security provided can be difficult to measure, particularly if the system is subjected to malicious spoofing attacks in a challenging operational setting. The error rates achieved will depend on a number of factors, including the environment in which the system is deployed and the composition of the user population. This can make the required performance difficult to specify.
User acceptance issues should not be ignored in the deployment of any biometric system. Fingerprints in particular are sometimes associated with law enforcement and criminality, which can hinder their acceptance in some situations.
Please contact Electric Locking Systems Limited on 01202 941050 or contact us via Email at sales@electriclock.co.uk or why not chat to us via the web via our website at electriclock.net and use our online chat .
Showing the single result