Spoof Detection for Fingerprint Sensors

This publication describes methods, techniques, and apparatuses that can achieve spoof detection in fingerprint sensors by confirming that a person is present and authorized to gain access to a mobile device, door entrance, vault, application software, physical locations, and/or or virtual activities that the person wants guarded. To do so, machine-learned models may be used to match at least one of a fingerprint residual on the glass covering the fingerprint sensor to a live fingerprint, a fingerprint coloration due to the hemodynamics of the pad of the finger, or a distortion pattern of the fingerprint due to the rotation of the finger

A multiresolution framework for local similarity based image denoising

In this paper, we present a generic framework for denoising of images corrupted with additive white Gaussian noise based on the idea of regional similarity. The proposed framework employs a similarity function using the distance between pixels in a multidimensional feature space, whereby multiple feature maps describing various local regional characteristics can be utilized, giving higher weight to pixels having similar regional characteristics. An extension of the proposed framework into a multiresolution setting using wavelets and scale space is presented. It is shown that the resulting multiresolution multilateral (MRM) filtering algorithm not only eliminates the coarse-grain noise but can also faithfully reconstruct anisotropic features, particularly in the presence of high levels of noise

Evaluation of presentation attack detection under the context of common criteria

Mención Internacional en el título de doctorTHE USE OF Biometrics keeps growing. Every day, we use biometric recognition to unlock our phones or to have access to places such as the gym or the office, so we rely on what security manufacturers offer when protecting our privileges and private life. Moreover, an error in a biometric system can mean that a person can have access to an unintended property, critical infrastructure or cross a border. Thus, there is a growing interest on ensuring that biometric systems work correctly on two fronts: our personal information (smartphones, personal computers) and national security (borders, critical infrastructures). Given that nowadays we store increasing sensitive data on our mobile devices (documents, photos, bank accounts, etc.), it is crucial to know how secure the protection of the phone really is. Most new smartphones include an embedded fingerprint sensor due to its improved comfort, speed and, as manufacturers claim, security. In the last decades, many studies and tests have shown that it is possible to steal a person’s fingerprint and reproduce it, with the intention of impersonating them. This has become a bigger problem as the adoption of fingerprint sensor cell phones have become mainstream. For the case of border control and critical infrastructures, biometric recognition eases the task of person identification and black-list checking. Although the performance rates for verification and identification have dropped in the last decades, protection against vulnerabilities is still under heavy development. There have been cases in the past where fake fingers have been used to surpass the security of such entities. The first necessary step for overcoming these issues is to have a common ground for performing security evaluations. This way, different systems’ abilities to detect and reject fake fingerprints can be measured and compared against each other. This is achieved by standardization and the corresponding certification of biometric systems. The new software and hardware presentation attack detection techniques shall undergo tests that follow such standards. The aim of this Thesis is two-fold: evaluating commercial fingerprint biometric systems against presentation attacks (fake fingers) and developing a new presentation attack detection method for overcoming these attacks. Moreover, through this process, several contributions were proposed and accepted in international ISO standards. On the first matter, a few questions are meant to be answered: it is well known that it is possible to hack a smartphone using fake fingers made of Play-Doh and other easy-to-obtain materials but, to what extent? Is this true for all users or only for specialists with deep knowledge on Biometrics? Does it matter who the person doing the attack is, or are all attackers the same when they have the same base knowledge? Are smartphone fingerprint sensors as reliable as desktop sensors? What is the easiest way of stealing a fingerprint from someone? To answer these, five experiments were performed on several desktop and smartphone fingerprint readers, including many different attackers and fingerprint readers. As a general result, all smartphone capture devices could be successfully hacked by inexperienced people with no background in Biometrics. All of the evaluations followed the pertinent standards, ISO/IEC 30107 Parts 3 and 4 and Common Criteria and an analysis of the attack potential was carried out. Moreover, the knowledge gathered during this process served to make methodological contributions to the above-mentioned standards. Once some expertise had been gathered on attacking fingerprint sensors, it was decided to develop a new method to detect fake fingerprints. The aim was to find a low-cost and efficient system to solve this issue. As a result, a new optical system was used to capture fingerprints and classify them into real or fake samples. The system was tested by performing an evaluation using 5 different fake finger materials, obtaining much lower error rates than those reported in the state of the art at the moment this Thesis was written. The contributions of this Thesis include: • • Improvements on the presentation attack detection evaluation methodology. • • Contributions to ISO/IEC 30107 - Biometric presentation attack detection - Part 3: Testing and reporting and Part 4: Profile for evaluation of mobile devices. • • Presentation attack detection evaluations on commercial desktop and smartphone fingerprint sensors following ISO/IEC 30107-3 and 4. • • A new low-cost and efficient optical presentation attack detection mechanism and an evaluation on the said system.EL USO DE la Biometría está en constante crecimiento. Cada día, utilizamos reconocimiento biométrico para desbloquear nuestros teléfonos o para tener acceso a lugares como el gimnasio o la oficina, por lo que confiamos en lo que los fabricantes ofrecen para proteger nuestros privilegios y nuestra vida privada. Además, un error en un sistema biométrico puede significar que una persona pueda tener acceso a una propiedad no debida, a una infraestructura crítica o a cruzar una frontera. Por lo tanto, existe un interés creciente en asegurar que los sistemas biométricos funcionen correctamente en dos frentes: nuestra información personal (teléfonos inteligentes, ordenadores personales) y la seguridad nacional (fronteras, infraestructuras críticas). Dado que hoy en día almacenamos cada vez más datos sensibles en nuestros dispositivos móviles (documentos, fotos, cuentas bancarias, etc.), es crucial saber cómo de segura es realmente la protección del teléfono. La mayoría de los nuevos teléfonos inteligentes incluyen un sensor de huellas dactilares integrado debido a su mayor comodidad, velocidad y, como afirman los fabricantes, seguridad. En las últimas décadas, muchos estudios y pruebas han demostrado que es posible robar la huella dactilar de una persona y reproducirla, con la intención de hacerse pasar por ella. Esto se ha convertido en un problema mayor a medida que la adopción de los teléfonos celulares con sensor de huellas dactilares se ha ido generalizando. En el caso del control fronterizo y de las infraestructuras críticas, el reconocimiento biométrico facilita la tarea de identificación de las personas y la comprobación de listas negras. Aunque las tasas de rendimiento en materia de verificación e identificación han disminuido en las últimas décadas, la protección antifraude todavía está bajo intenso desarrollo. Existen casos en los que se han utilizado dedos falsos para vulnerar la seguridad de dichas entidades. El primer paso necesario para superar estos problemas es contar con una base común desde la que realizar evaluaciones de seguridad. De esta manera, se pueden medir y comparar las capacidades de los diferentes sistemas para detectar y rechazar huellas dactilares falsas. Esto se consigue mediante la estandarización y la correspondiente certificación de los sistemas biométricos. Las nuevas técnicas de detección de ataques de presentación de software y hardware deben someterse a pruebas que se ajusten a dichas normas. Esta Tesis tiene dos objetivos: evaluar los sistemas biométricos de huellas dactilares comerciales contra ataques de presentación (dedos falsos) y desarrollar un nuevo método de detección de ataques de presentación para disminuir la eficacia de estos ataques. Además, a través de este proceso, se propusieron y aceptaron varias contribuciones en las normas internacionales ISO. Sobre el primer asunto, hay que responder algunas preguntas: es bien sabido que es posible hackear un teléfono inteligente con dedos falsos hechos de Play-Doh y otros materiales fáciles de obtener, pero ¿hasta qué punto? ¿Es esto cierto para todos los usuarios o sólo para los especialistas con un profundo conocimiento de la Biometría? ¿Importa quién es la persona que realiza el ataque, o todos los atacantes son iguales cuando parte de la misma base de conocimiento? ¿Son los sensores de huellas dactilares de los teléfonos inteligentes tan fiables como los de sobremesa? ¿Cuál es la manera más fácil de robar una huella digital a alguien? Para responder estas preguntas, se realizaron cinco experimentos en varios lectores de huellas dactilares de escritorio y de teléfonos inteligentes, incluyendo muchos atacantes y lectores de huellas dactilares diferentes. Como resultado general, todos los dispositivos de captura pudieron ser hackeados con éxito por personas sin experiencia en Biometría. Todas las evaluaciones siguieron las normas pertinentes, ISO/IEC 30107 Partes 3 y 4 y Common Criteria y se llevó a cabo un análisis del potencial de ataque. Además, los conocimientos adquiridos durante este proceso sirvieron para aportar una contribución metodológica a las normas mencionadas. Una vez adquiridos algunos conocimientos sobre ataques a sensores de huellas dactilares, se decidió desarrollar un nuevo método para detectar huellas falsas. El objetivo era encontrar un sistema de bajo coste y eficiente para resolver este problema. Como resultado, se utilizó un nuevo sistema óptico para capturar las huellas dactilares y clasificarlas en muestras reales o falsas. El sistema se probó mediante la realización de una evaluación utilizando 5 materiales de dedos falsos diferentes, obteniendo tasas de error mucho más bajas que las reportadas en el estado del arte en el momento de redactar esta Tesis. Las contribuciones de esta Tesis incluyen: • • Mejoras en la metodología de evaluación de detección de ataques de presentación. • • Contribuciones a “ISO/IEC 30107 - Biometric presentation attack detection - Part 3: Testing and reporting” y “Part 4: Profile for evaluation of mobile devices”. • • Evaluaciones de detección de ataques de presentación en sensores de huellas dactilares comerciales de escritorio y de teléfonos inteligentes siguiendo la norma ISO/IEC 30107-3 y 4. • • Un nuevo y eficiente mecanismo óptico de detección de ataques de presentación, de bajo coste, y una evaluación de dicho sistema.Programa de Doctorado en Ingeniería Eléctrica, Electrónica y Automática por la Universidad Carlos III de MadridPresidente: Enrique Cabello Pardos.- Secretario: Almudena Lindoso Muñoz.- Vocal: Patrizio Campis

Textural features for fingerprint liveness detection

The main topic ofmy research during these three years concerned biometrics and in particular the Fingerprint Liveness Detection (FLD), namely the recognition of fake fingerprints. Fingerprints spoofing is a topical issue as evidenced by the release of the latest iPhone and Samsung Galaxy models with an embedded fingerprint reader as an alternative to passwords. Several videos posted on YouTube show how to violate these devices by using fake fingerprints which demonstrated how the problemof vulnerability to spoofing constitutes a threat to the existing fingerprint recognition systems. Despite the fact that many algorithms have been proposed so far, none of them showed the ability to clearly discriminate between real and fake fingertips. In my work, after a study of the state-of-the-art I paid a special attention on the so called textural algorithms. I first used the LBP (Local Binary Pattern) algorithm and then I worked on the introduction of the LPQ (Local Phase Quantization) and the BSIF (Binarized Statistical Image Features) algorithms in the FLD field. In the last two years I worked especially on what we called the “user specific” problem. In the extracted features we noticed the presence of characteristic related not only to the liveness but also to the different users. We have been able to improve the obtained results identifying and removing, at least partially, this user specific characteristic. Since 2009 the Department of Electrical and Electronic Engineering of the University of Cagliari and theDepartment of Electrical and Computer Engineering of the ClarksonUniversity have organized the Fingerprint Liveness Detection Competition (LivDet). I have been involved in the organization of both second and third editions of the Fingerprint Liveness Detection Competition (LivDet 2011 and LivDet 2013) and I am currently involved in the acquisition of live and fake fingerprint that will be inserted in three of the LivDet 2015 datasets