How to defend against presentation attacks via artificial fake fingers is a core challenge in fingerprint biometrics. The trade-off among security, usability, and production cost has driven researchers to reach a common standpoint, i.e., integrate the commercial fingerprint technology with anti-spoofing detection (e.g., ridge traits). These anti-spoofing solutions are perceived as sufficiently resilient under the assumption that a fake finger can never closely relate to a live finger due to either composition of spoofing materials or non-automated manufacturing errors. In this paper, we first identify the vulnerability of in-practice anti-spoofing solutions in commercial fingerprint products. Instead of using expensive 3D fake fingers (above USD $1000), we mimic a more realistic scenario where an attacker fabricates high-precision fake fingerprints using low-cost polyvinylacetate materials (less than USD $50). Building on this, we introduce a practical and secure countermeasure, namely FakeGuard, to overcome the exposed vulnerability. We examine the nature of 3D haptic response effect that arises when a fingertip epidermis interacts with a tactile surface and reflects the disparate anatomy of live and fake fingers. Unlike the previous mitigation strategies, FakeGuard offers both hardware and software compatibility with existing fingerprint scanners. As the first exploration of haptic-based anti-spoofing solution, we demonstrate the capability of FakeGuard to prevent known and unknown fake finger attacks with an average detection error of 1.4%. We also examine and prove FakeGuard resilience against seven different physical attacks, e.g., brute-force through pressure variations or partial fingerprints, haptic response alteration via advanced spoofing materials or side-channel interference, and denial-of-service attacks by manipulating the moisture, lighting, and temperature of the ambient environment.

View More Papers

PoF: Proof-of-Following for Vehicle Platoons

Ziqi Xu (University of Arizona), Jingcheng Li (University of Arizona), Yanjun Pan (University of Arizona), Loukas Lazos (University of Arizona,...

Read More

Detecting Obfuscated Function Clones in Binaries using Machine Learning

Michael Pucher (University of Vienna), Christian Kudera (SBA Research), Georg Merzdovnik (SBA Research)

Read More

Remote Memory-Deduplication Attacks

Martin Schwarzl (Graz University of Technology), Erik Kraft (Graz University of Technology), Moritz Lipp (Graz University of Technology), Daniel Gruss...

Read More

An In-Depth Analysis on Adoption of Attack Mitigations in...

Ruotong Yu (Stevens Institute of Technology, University of Utah), Yuchen Zhang, Shan Huang (Stevens Institute of Technology)

Read More