New biometrics software looks for sweat

Sweaty hands might make you unpopular as a dance partner, but they could someday prevent hackers from getting into your bank account.

Researchers at Clarkson University have found that fingerprint readers can be spoofed by fingerprint images lifted with Play-doh or gelatin or a model of a finger molded out of dental plaster. The group even assembled a collection of fingers cut from the hands of cadavers.

In a systematic test of more than 60 of the carefully crafted samples, the researchers found that 90 percent of the fakes could be passed off as the real thing.

But when researchers enhanced the reader with an algorithm that looked for evidence of perspiration, the false-verification rate dropped to 10 percent.

The idea of using perspiration is promising as a way to beat hackers because sweating follows a pattern that can be modeled. In live fingers, perspiration starts around the pore and spreads along the ridges, creating a distinct signature of the process. The algorithm, created by Stephanie Schuckers, associate professor of electrical and computer engineering at Clarkson, detects and accounts for the pattern of perspiration when reading a fingerprint image.

Dead fingers don't sweat.

"Since liveness detection is based on the recognition of physiological activities as signs of life, we hypothesized that fingerprint images from live fingers would show a specific changing moisture pattern due to perspiration, but cadaver and spoof fingerprint images would not," Schuckers said in a prereleased statement.

The research, funded by a $3.1 million grant from the National Security Agency and conducted in collaboration with other universities, is part of an ongoing effort to improve biometric authentication and identification.

Other methods are in the works as well. Fingerprint readers essentially take a picture of a fingerprint and match it to a sample in the database. To get around spoofs involving lifted fingerprints, NEC researchers have developed technology that actually takes a picture of the tissue underneath the fingertip to get a three-dimensional image that can be matched against a database sample. Fujitsu has developed an authentication technology that looks at vein patterns.

Although biometric identification technologies continue to improve, each has its own flaws. Voice authentication is fairly accurate and tough to spoof, say advocates, but it can be affected by a bad phone connection. Iris scans work well, but are commercially impracticable.

Face scanning is actually less accurate than most, but consultants for the U.S. State Department say that the technology was chosen for electronic passports because that particular identity test seems to make people feel less like criminals.

[wbenton]

What's NEW about this?

Don't really know what is so "NEW" about this. Some call it sweat, but checking for human impediance (otherwise known as contact resistance within the body which is measured by sweat and/or other liquids in the body) has been around in prototype version since the end of 1999 that I'm aware of.

One biometric smart card finger-print reader manufacturer whom I have the pleasure of know the owner has known this and openly discussed it with me on numerous occasions shortly before and after 2000. He showed me his prototype back towards the end of 1999 and they went into full production in 2000 with it.

I asked him how they were able to test severed fingers and whether or not they had any volunteers or what, but he more or less laughed at the question... never could get an accurate answer on that one.

The cards he manufacturered have been in use by many official government and banking establishments for over 4 years now!

And to think that they wasted $3.1 million grant from the National Security Agency to find out this already known information just totally baffles me!

Of course, the one I saw had the checking built into the hardware of the fingerprinting smartcard itself where as this is referring to software... but the technology shouldn't be that much difference. I mean it's all about human contact resistance. All you ened to do is to take an Ohm meter set to it's most sensitive setting and grab the positive and negative end of the probes with your right and left hand to see contact resistance within your body. Of course a special hardware system must be made to get both input and output from the same finger, but I could have done that for less than half ot the spent $3.1 million!!! (* LOL *)

Walt

[zaznet]

Does more than that.

If you read through this article you will note that they are reading the pattern of sweat, not just that it exists on the finger tip.