Abstract
Fingerprints have been used for decades to verify the identity of an individual for various security reasons. Attackers have developed many approaches to deceive a fingerprint verification system, ranging from the sensor level, where gummy fingers are created, to gaining access to the decision-maker level, where the decision is made based on low matching criteria. Even though fingerprint sensor-level countermeasures have developed advanced metrics to detect any attempt to dupe the system, attackers still manage to outwit a fingerprint verification system. In this paper, we present the Micro-behavioral Fingerprint Analysis System (MFAS), a system that records the micro-behavior of the user's fingertips over time as they are placing their fingerprint on the sensor. The system captures the stream of ridges as they are formed while placed on a sensor to combat the attacks that deceive the sensor. An experiment on 24 people was conducted, wherein the fingerprints and the behavior of the fingertip as it is placed were collected. Subsequently, a gummy finger was created to try to fool the system. Further, a legitimate user was chosen to participate in an experiment that mimicked an attempt to use their fingertip unwillingly to detect coerced fingerprint placement. After applying the micro-behavior, the system reported 100% true positives and 0% false-negatives when providing legitimate vs. gummy-based fingerprints to authenticate a malicious user. The system also reported a 100% accuracy in differentiating between a voluntary and a coerced fingerprint placement. The results improve the fingerprint robustness against attacks on a fingerprint sensor by factoring in micro-behavior, thus helping to overcome fake and coerced fingerprint attacks.