insights and news

Biometric Liveness, What, Why and How?

31 March 2021

What is Biometric Liveness?

Biometric data is the unique information that can be used to identify a person with accuracy. It includes uniquely identifiable features such as fingerprint, face recognition, iris, voice recognition. The increased acceptance of biometrics by consumers has encouraged the uptake of these systems on a wider scale.

 

While larger businesses and organisations have embraced the use of biometric systems to have the added security to their systems, it also more cost-effective in the long run not having to use cards and FOBs for access. There is however a need to take biometric systems further so to mitigate against the potential risks of spoofing. This is where biometric liveness will help, a term coined by Dorothy E. Denning in 2001 when she envisioned biometric systems to have an added Liveness element for authentication.

 

“A good biometrics system should not depend on secrecy,” and,

 

“… biometric prints need not be kept secret, but the validation process must check for liveness of the readings.”

 

Liveness is a system ability to detect whether a biometric is from a live person or a spoof, so artefact or lifeless body part. By using AI systems in biometric detection it can help to make a much more secure system. 

 

Why is it required?

Its’ never been as important to have tools to prevent spoof attacks when biometric systems are used significantly more often in critical infrastructures such as border control, law enforcement, health organisations and voter registrations. Systems need to be designed to protect against current and future spoof attacks. As technology is quickly advancing and developing it brings with it upgrades to security but also potential tools with which security can be compromised. Technology such as 3D printers that can produce highly accurate reconstructions of faces or fingers to be used against biometric systems, the threat of spoofing is serious. 

 

How is it done?

Biometric system detection algorithms are not set up to detect ‘live’ from not live, they only need to match what is presented to the enrolled data and so granting or denying authentication. Liveness will not match but will look for other markers that ‘prove’ live presentation and so significantly reduce risks of a spoof attack.

 

There are 3 categories of liveness algorithms that can be used;

 

  • Active Liveness detection. This requires a challenge and response, for example, the user will be prompted to make a facial action during a facial recognition capture, like a smile or blink. Users are fully aware of the liveness detection measure and so is less secure and poses more risk to fraud.
  • Passive liveness detection. This will rely on background algorithms that assess artefacts in an image, such as an edge or skin texture as well as motion detection. This process does not require the user’s active participation and so is hidden to them so making it the most secure as it’s more difficult for fraudsters to attempt to circumvent it.
  • Hybrid is also one that does not require user interaction but is not opaque and is observable by the fraudsters, making it potentially more vulnerable.

 

Machine learning has allowed for biometric data matching algorithms to become extremely accurate and it’s expected that liveness algorithms will follow suit. It’s important to note that as with biometric matching algorithms, liveness detection must consistently and reliably work for anyone regardless of appearance, device use or environmental factors such as lighting.