In an effort to better protect our security and privacy, fingerprint readers are being implemented into an ever-growing number of devices. Most of our smartphones already have them, as well as many laptops and even entrance doors to secure buildings. You might think of a fingerprint reader as state of the art security (it’s certainly better than a 4-digit passcode), if you had never seen a Mission Impossible or James Bond movie.
As it stands, spoofing a fingerprint really isn’t that difficult. A lot of materials can be used to “copy” a fingerprint, and many of the methods that can be employed don’t even require physical access to the fingertip in question (a photo is often enough). This is one thing spy movies seem to get right: fingerprint readers are susceptible to attacks using fake fingerprints. To combat this, Joshua J. Engelsma, Kai Cao, and Anil K. Jain have developed a Raspberry Pi-based fingerprint reader that they hope can be used for more sophisticated means of detecting fingerprint spoofing.
The RaspiReader can utilize traditional spoofing detection methods, like heartbeat and blood flow detection. But, additional hardware gives it the potential to be used to detect more advanced techniques that often fool traditional readers. That hardware is two Camera Modules connected to the Raspberry Pi: one that acts as a conventional reader and can use well-known spoofing detection algorithms, and another that takes a photo of the fingertip as a whole.
Using the second camera, new approaches can be investigated for detecting a falsified fingerprint. The RaspiReader isn’t intended to be a commercial device (at least not now), but rather as a research tool for developing better fingerprint reader security. The team’s research paper demonstrates a wide range of methods for falsifying fingerprints, and how they can be detected with RaspiReader. It may be incremental, but it’s an important step in creating more secure devices.