Are spoofs from latent fingerprints a real threat for the best state-of-art liveness detectors?

TL;DR

This study evaluates the threat of spoofing attacks using snapshot images of latent fingerprints against advanced liveness detection systems, revealing that such attacks pose a significant risk comparable to traditional spoofing methods.

Contribution

The paper introduces 'ScreenSpoof', a novel method using snapshot latent fingerprint images to fabricate high-quality spoofs, and assesses its threat level on top-performing liveness detectors.

Findings

ScreenSpoof spoofs are as effective as traditional spoofs.

State-of-the-art detectors are vulnerable to ScreenSpoof attacks.

The threat level of latent fingerprint spoofs is significant and previously unreported.

Abstract

We investigated the threat level of realistic attacks using latent fingerprints against sensors equipped with state-of-art liveness detectors and fingerprint verification systems which integrate such liveness algorithms. To the best of our knowledge, only a previous investigation was done with spoofs from latent prints. In this paper, we focus on using snapshot pictures of latent fingerprints. These pictures provide molds, that allows, after some digital processing, to fabricate high-quality spoofs. Taking a snapshot picture is much simpler than developing fingerprints left on a surface by magnetic powders and lifting the trace by a tape. What we are interested here is to evaluate preliminary at which extent attacks of the kind can be considered a real threat for state-of-art fingerprint liveness detectors and verification systems. To this aim, we collected a novel data set of live and spoof images fabricated with snapshot pictures of latent fingerprints. This data set provide a set of attacks at the most favourable conditions. We refer to this method and the related data set as "ScreenSpoof". Then, we tested with it the performances of the best liveness detection algorithms, namely, the three winners of the LivDet competition. Reported results point out that the ScreenSpoof method is a threat of the same level, in terms of detection and verification errors, than that of attacks using spoofs fabricated with the full consensus of the victim. We think that this is a notable result, never reported in previous work.