Biometric Anti-spoofing Technique Using Randomized 3 D Multi-Modal Traits

Despite their advantages over password-based and token-based authentication, Biometric Authentication Systems (BAS) are not perfect. They are particularly vulnerable to spoofing, also called Suspicious Presentation (SP) attacks whereby an impostor presents a fake trait to the biometric scanner during verification. Spoofing has a critical impact on system security leading to a trust deficit on biometric systems with weak anti-spoofing mechanisms. Mitigating biometric spoofing is a possibility, hence several techniques have evolved in recent times including multi-biometrics, biometric cryptography and Liveness Detection (LD) also called Suspicious Presentation Detection (SPD). Unfortunately, nearly all known LD techniques exhibit a fundamental set of flaws – they are mostly uni-modal, easily predictable by a well-equipped impostor, and can be circumvented by well-crafted SP attacks. This paper presents the Multi-Modal Random Trait Biometric Liveness Detection System (MMRTBLDS) framework, as an alternative approach that implements LD using multiple traits each acquired from separate modalities of the same subject combined in a randomized manner. The strength of the framework lays in the impostor’s inability to accurately predict the exact set of randomized trait parameter combinations in advance of LD. The framework employs a 3D simulation of fifteen liveness parameters, composed of three each from finger, face and iris traits, based on random number generation. Simulation results obtained using 125 distinct randomized combinations show significant improvements in biometric authentication security with a system efficiency of 99.2%.


I. INTRODUCTION
Biometric systems enjoy huge usefulness in a variety of areas including logical access control, physical access control, time and attendance, law enforcement and surveillance [1], [2] [3].The unique security benefits of Biometric Authentication Systems (BAS) account for their popularity and growing application for identification and verification purposes in commerce, healthcare, academia, research and industry.Recent digital health trends reveal the integration of Artificial Intelligence (AI) [4] into emerging biometric innovations for decision support systems.While addressing the rising global cybercrime challenges [5], [6], [7], biometrics in AI specifically aid accurate predictive analytics in healthcare delivery, disease surveillance, pattern and tele-medical diagnostics, among many other health sector applications [8], [9].
Despite biometric advantages [10] especially the difficulty to copy or steal attributes, and the infeasibility to misplace own biological trait credentials (eye swapping, finger trading or hand misplacement); Biometric Authentication Systems (BAS) remain vulnerable to spoofing.Spoofing results when an impostor maliciously presents a suspected fake or counterfeit trait to the biometric system with the intention to bypass its security controls and gain unmerited access.Since the trait supplied to the system by the impostor is of deceitful intent and involves using fake presentation in order to bypass security controls and gain unauthorized access, biometric spoofing is also known as Suspicious Presentation (SP).In a laboratory scenario however, it is also possible to experimentally present a forged trait to a prototype biometric scanner for purely research purposes; such a well-intentioned fake trait is called an artefact.Spoofing is the ability to deceive a biometric system to the point of recognizing an unauthorized user as a genuine one by means of presenting a stolen, copied, forged or synthetically replicated version of the original biometric trait to the biometric sensor [11], [12], [13].Biometric spoofing has several consequences on the system and can occur on any biometric type irrespective of whether it is physiological or behavioural in nature.For example: fingerprints and iris patterns can be forged in much the same way that hand writing patterns and voice prints can be faked by a well-equiped imposter, except that behaviour-based spoofing would require more sophistication to create replica artefacts such as producing identical signatures and audio samples respectively.The reality of huge impacts and high risks justify the need to deploy systems to safe-guard information and its supporting processes, systems and infrastructures against spoofing [14].
Table I illustrates that the impostor's attack patterns using fake traits can take a number of various forms.For example, with the finger modality, an attacker may present a fake finger fabricated using gelatin or other materials with a DOI 10.5013/IJSSST.a.19.05.05 5.2 ISSN: 1473-804x online, 1473-8031 print fingerprint impression, or a photographic image of a finger and/or a dismembered finger.While for the eye modality, molds of the eye may be fabricated using silicon, gelatin, latex or similar substances, or a photographic portrait, or a contact lens imprinted with the mimicked retina image for scanning.Attacks against the face modality could be performed using a face mask, photographic image, isometric view of a 3D mold or a pre-recorded video clip of the face [15], [16], [17].Attacks against the voice modality may involve play-back of pre-recorded audio or mimicking voice using special modulators.This and other reported incidences of successful attacks on facial recognition cameras and fingerprint scanners through the submission of fake traits have led to the classification of spoofing as a major threat capable of curtailing the security of biometric authentication systems [16], [18], reduce their reliability [19], and deepen biometric apathy.
The feasibility of a spoof attack is much higher than other types of attacks against biometric systems, as it does not require any internal knowledge of the system, such as the feature extraction and/or the matching algorithm used [11].With the rising deployment of biometric systems in various applications, there are increasing concerns about the potentially catastrophic impact of spoofing or presentation attacks especially for mission critical applications.The growing sophistication of cyber-attacks by cyber criminals is a global threat that requires a re-definition and strengthening of the biometric authentication process [20].This paper presents a simulation of a secure anti-spoofing multibiometric liveness detection [21], [20] framework using a randomized fusion of fingerprint, facial print and iris pattern as adopted traits for the research.
The remainder of the paper is organized to first discuss the background of anti-spoofing using Suspicious Presentation Detection (SPD), followed by a presentation of the Multi-Modal Random Trait Biometric Liveness Detection System (MMRTBLDS) framework together with its parameter thresholds and simulation results.Subsequent sections present improved authentication security resulting from the framework as well its applications and future scalability.

II. BACKGROUND
Biometric systems are vulnerable to manipulation [22] of the presented trait.The ability of the Biometric Authentication System (BAS) to detect elements of real liveness in the presented trait in order to minimize the incidence of False Accept Rate (FAR) provides a measure of the system's security.Spoofing attacks based on synthetic replication, cloning or copying of traits rely on the wellknown drawback that our fingerprints, face, iris, voice or even our DNA, may be publicly available data [23], [24], [25], hence biometric traits are not total secrets.There are several anti-spoofing countermeasures for improving the authentication performance and effectiveness of biometric systems either applied independently or in some combined format, including: biometric cryptography (also referred to as cancellable biometrics or biometric revocation), multibiometric fusion (combination of different biometric modes), multi-factor authentication (concurrent application of different authentication modes such as biometrics + password + token), challenge response (use of interactive sequence of actions to verify identity), and Suspicious Presentation Detection (SPD) -which is the detection of fake or counterfeit trait as a biometric authentication sample.Mitigating spoofing attacks using SPD is also called Liveness Detection (LD).This paper reviews the traditional application of LD, exposes its weaknesses and introduces a new anti-spoofing technique that extends the application of LD.
Functionally, every biometric spoofing attack involves presentation of fake traits to the biometric scanner, occurring at an attack node -those vulnerable points in a biometric system where attacks are usually targeted at.Although there are multiple attack nodes, the scanner is mostly vulnerable to direct attacks.Direct attacks [26] on the scanner come in the form of supplying the scanner with a fake biometric trait in order to circumvent it.Figure 1 gives a pictorial view of twelve attack nodes (numbered 1 through 12) and indicates that attack Node 1 on the sensor is the first direct attack, outside the digital limits of the biometric system using the impostor's presentation of an artefact (a fake trait) to the scanner.Other nodes in Figure 1 are indirect attacks against the system's digital limits using sophisticated techniques to bypass the feature extractor, the comparator (matcher), or the communications channels connecting them.This paper focuses on direct attacks on Node 1.   Attacker places a fake finger fabricated from the impersonated person's fingerprint impression made from gelatin [27], [28] or other materials on a fingerprint scanner.Impostor places a lifeless mold of the legitimate person's eyeball made from silicon, PVC, mud, gelatine, EcoFlex, latex, silgum, wood glue or other synthetic materials [29], [30], [31] before an iris recognition system.

Iris pattern 6
Attacker presents a photographed portrait of the legitimate user before an iris recognition camera.

Iris pattern 7
Attacker wears a contact lens or an image printout of the authentic enrolee's eye in front of an iris scanner.Iris pattern Almost all the Node 1 attacks documented in Table I above may be reasonably mitigated using techniques that involve the detection of life such as detecting real human voice or genuine living human finger.In most Biometric systems, Liveness Detection (LD) or SPD is applied in the traditional manner simply to test for the presence of elements of liveness and other vitality signs, including pulse, temperature, oxymetry, spectroscopy, etc. Unfortunately contemporary applications of LD to mitigate Suspicious Presentation attacks in the traditional manner are faced with some major drawbacks: they are often implemented in a unimodal manner using predefined tests.This makes them highly predictable and easily circumvented as attackers are able to easily develop specific spoofing artefacts against the known single modality in advance to bypass the biometric LD process.
In the next section therefore, we present the Multi-Modal Random Trait Biometric Liveness Detection System (MMRTBLDS): a framework that addresses the weaknesses of traditional LD methods and improves mitigation of suspicious presentation attacks through randomization and combination of several different SPD techniques in a multimodal fashion.

IV. MULTI-MODAL RANDOM TRAIT BIOMETRIC LIVENESS DECTECTION SYSTEM (MMRTBLDS)
The Multi-Modal Random Trait Biometric Liveness Detection System (MMRTBLDS) framework is designed to significantly improve accuracy in preventing biometric spoofing.The framework functions by subjecting a series of trait parameters derived from multiple biometric modalities of the same subject to random liveness tests.The application of randomness in the selection of liveness parameters for testing minimizes the impostor's ability to predict the pattern while the multimodal approach optimizes authentication security.
Contrary to the single modality design of most liveness detection implementations, the MMRTBLDS executes in a well-defined multi-modal structure illustrated in Figure 2 showing digital logic circuits of the framework's decision sub-system.The output (decision) only produces a positive when two or more inputs are positive.
Table II presents our analysis of fifteen (15) different liveness parameters that are commonly used for the detection of live (SPD techniques) during the capture of biometric traits.The choice of parameters listed in Table II was governed by ease of obtaining suitable measurements during enrolment or verification.We limit our considerations to five (5) biomedical properties of human liveness from each of the three (3) modalities adopted for the study: finger, face and iris.In the framework, a minimum of three parameters are randomly selected during capture.The underlying condition on the randomization process is that each parameter must DOI 10.5013/IJSSST.a.19  12 Iris Spectroscopy Measurement of the rate of reflectivity and absorptivity of radiation on the iris of a living human eye as indicative of biometric liveness.

Ocular fluid density
The fluid contained in the sclera portion of the human eyeball is called the aqueous humour.Its density is the Ocular fluid density measured as a ratio of mass per unit volume (kg/m3).Unit of measurement is ρ which is the Greek small letter Rho.For all liquids, water is a reference standard fluid with density ρ = 1000kg/m 3 , while for gases air or O2 is a standard fluid with density ρ = 1.293 kg/m 3 .The aqueous humour is made of 98% water and its density is often quoted as 1.0 x10 3 = 1000kg/m 3 [32].In general, the MMRTBLDS framework requires the ability to measure x different liveness detection parameters each from y different modalities.During biometric capture, SPD decision is based on obtaining positive result from at least y-1 randomly selected parameters with a constraint that the randomization maximizes the selection spread over the y different modalities.

V. METHODOLOGY
A software/simulation implementation of the MMRTBLDS framework was developed.The simulation focused on the randomized trait selection algorithm that selects and checks distinct liveness detection methods from dissimilar traits of the same enrollee.Table III shows the measurement ranges that were adopted for each parameter during implementation along-side their individual or traditional thresholds.
For ocular Fluid density measurements, we assume a traditional range of 980 -1000kg/m 3 , and simulation threshold of 950 -1000kg/m 3 (lower than assumed traditional) as the aqueous humour is 98% water in composition.The simulation software also implemented the decision process in line with Figure 1

VI. RESULTS
Table IV shows the results from the simulation software discussed in the previous section.The simulation software is developed for three (3) different modalities (finger, face and eye), each with five (5) LD parameters.The final MMRTBLDS decision is based on obtaining a positive output from two (2) out of three (3) randomly selected tests.Table IV presents the results from five (5) different iterations (instances), where each successive iteration is based on a freshly-obtained randomized set of traits satisfying the randomization conditions.
As shown in Table IV above, during the 1 st instance the MMRTBLDS framework returned a failure to detect live despite a positive measurement by the hippus parameter from the eye modality.The 2 nd instance shows the situation where the MMRTBLDS framework returned a positive detection of live despite the failure to detect live by the iris spectroscopy parameter from the eye modality.The 3 rd and 4 th instances show the situation where all randomly selected parameters agree on the detection of life, falling within threshold limits.While during the 5th instance, LD failure was based on a combined failure from all tested parameters as all their values fell outside the threshold range.Figure 3, Figure 4 and Figure 5 below show screenshots from simulations corresponding to the 1 st , 3 rd and 5 th instances respectively.The MMRTBLDS framework presented in this work is highly beneficial to many industrial usages especially where a high degree of access control is required to validate authentic subjects into a facility.Such industrial applications require a well-designed implementation mechanism to ensure that the uniqueness of the framework is utilized in practical terms.
A. Healthcare Access: It is desirous for hospital encounter management information systems to exhibit a secure patient authentication mechanism.Application of the MMRTBLDS guarantees the highest level of biometric-based validation checks that ensure that only legitimate patients are properly identified, fully authenticated and correctly diagnosed.

B. Immigration and Border Control:
The MMRTBLDS is ideal for border environments and facilities where the possibility of criminal migration is high.It is uniquely suited for border checks as an integral part of criminal database look up to prevent false accept consequences of granting access to criminal suspects on the wanted list.By optimizing the process of detecting fake biometric samples, the framework helps border and access control systems to prevent spoofing associated with criminal presentation of counterfeit traits before weak biometric systems.
C. Highly-Sensitive Production Factories: Environments requiring strict identification and certification of users such as pharmaceutical laboratories, nuclear facilities, food processing factories, identity repositories, and aviation systems often experience spoof attacks resulting in severe consequences, loss of data and occasional fatalities.Sensitive environments require a foolproof mechanism to maintain non-repudiation of transactions and digital operations.The MMRTBLDS comes to the rescue as a secure mechanism that guarantees all-round detection of spoof attempts.Application of the framework in such environments complements other access control measures and eliminates the attacker's chances of success.

A. Automated Randomization:
There is a likelihood that the design of the MMRTBLDS framework's decision sub-system presented in Figure 1 could become increasingly complex to implement when using more than three liveness detection parameters as inputs.We hope to address this by switching to a micro-controller based design to automate the randomization pattern and selection of biomedical signals for processing of liveness instead of the simple logic gates as in Figure 1.Our projection is strengthened by recent successful experiments and research in micro-controller based biometric systems already applied in Biometric Attendance [33], [34], Fingerprint based Automated Teller Machine (ATM) [35] and embedded authentication systems [36].
B. Vendor-Neutral Implementation: Incorporating the MMRTBLDS framework into existing biometric systems may be difficult, limited or impossible especially for unimodal systems.Our future work will involve investigating ways to integrate the MMRTBLDS framework into existing biometric systems especially in a vendor neutral manner to ensure interoperability.
C. Scalable Operation: It is very clear that the purposely developed simulation software described in this paper is quite basic in functionality supporting welldefined input parameters.To introduce scalability, a possible future version will allow the use of randomization also on input values as this will allow flexibility and better simulation of measurements suitably influenced by other external factors.This also widens the scope of the framework's application.

D. Performance Improvement and Error Corrector:
The limited design of the framework's computation logic is potentially challenging to its operations.Since biometric performance can be measured in terms of error rates (ER) [37], including the rate at which spoof-related errors occur, misapplication of the system could escalate inherent errors and cause performance issues.As a remedy, we will introduce an error correction module into future refinements of the MMRTBLDS framework to provide a balance between False Reject Rate (FRR) and False Accept Rate (FAR) and isolate conflicting performance issues [38], [39] and statistical errors [40].To implement the proposed error correction module, we will apply standard FAR threshold values shown in Table V to evaluate the error-handling strength of the framework.Since biometric performance matrix is relative and the matching process is only probabilistic, the introduction of an error corrector satisfy the requirement of very low FRR for a given FAR [41] in commercial fingerprint-based authentication system.framework for mitigating biometric spoofing based on a logical combination of randomly selected liveness detection parameters.By integrating a mix of randomization and the use of multiple traits from disparate modalities, the framework applies security by obscurity to increase the attacker's difficulty of accurately predicting the exact trait parameters to be prompted for liveness testing.The scalability of the framework's randomization strategy completely redefines the concept of spoof mitigating by addressing the limitations of traditional antispoofing countermeasures.
A simulation of the MMRTBLDS framework has also been described along with some preliminary results that highlight its strengths in significantly improving security of Biometric Authentication Systems.

Figure 1 :
Figure 1: Attack nodes in a biometric authenication system.

Fingerprint 2 Fingerprint 4 Fingerprint 5 Eye
Attacker presents a photographed 2D image of the legitimate person's finger before a fingerprint scanner.Fingerprint 3Attacker places a dismembered thumb or finger severed from a real living victim to a fingerprint scanner with the hope of acquring a genuine fingerprint impression .Attacker presents a dismembered thumb or finger from the cadaver (dead body) of the victim before a fingerprint scanner targeting to obtain a legitimate fingerprint sample match.
Figure2shows the logical implementation of the MMRTBLDS decision sub-system using digital logic circuits.The final decision is based on the combination of the results of three liveness detection tests and the output (decision) is only positive when two or more inputs are of positive value.

Figure 3 :
Figure 3: Screenshot of 1 st instance of Liveness Detection simulation showing detection of suspected fake trait.

Figure 4 :
Figure 4: Screenshot of 3 rd instance of Liveness Detection simulation showing detection of real live trait.

Figure 5 :
Figure 5: Screenshot of 5 th instance of Liveness Detection simulation showing detection of suspected fake trait.

Table I
below presents an expanded list of Node 1 direct attacks against five different biometric modalities together with some information on how such attacks occur.Subsequently the simulation shall focus on the finger, face and eye modalities.

8
Impostor wears and displays a crafted contact lens or fabricated eyeball of the real user in front of a retina scanner.
Facialprint 12Attacker replays a recorded video clip showing the face of the mimicked person captured with the help of a cell phone, video recorder or other handheld device before a facial recognition system.Facialprint 13Attacker compels a victim, through brute force, social engineering, or any other compelling manner to display own facial image before a facial recognition system.

TABLE II .
DESCRIPTIVE SUMMARY OF MEASURABLE LIVENESS PARAMETERS 11Hippus Involuntary vibration or pulsation of the pupil in a living human eye signifying biometric liveness.Measured as a frequency quantity in Hertz (Hz).

TABLE IV .
MMRTBLDS SIMULATION RESULTS FOR 5 INSTANCES

TABLE V .
FAR TRESHOLDS FOR BIOMETRIC STRENGTH EVALUATION attacks have been presented as major weakness of Biometric Authentication Systems as false acceptance is a severe problem with huge consequences, especially in mission critical applications such as healthcare, civic digital identity systems, border control, and crime investigation.This paper presented the Multi-Modal Random Trait Biometric Liveness Detection System (MMRTBLDS): a DOI 10.5013/IJSSST.a.19.05.05 5.7 ISSN: 1473-804x online, 1473-8031 print