Need 2 more main points added to thesis with reflection in conclusion. No other changes needed in paper.

 

 

forensic_crime_paper_final_revision.docx

 

 

 

 

 

 

                                                                       Fingerprint Liveness

                                                               

 

 

 

 

 

 

 

 

 

 

The emergence of cloud computing and other cutting edge information technology inventions has geared towards an open communication arena to different individuals. Organizations have invested heavily in this shared server facilities mainly to host web applications or other resources that need to be accessed remotely. This wave of information technology has undoubtedly revolutionized the information technology paradigm bringing a bunch of opportunities to the current digital society.

Everyone now is in the cyberspace world which is full of all possibilities.  This interweaving of computing technologies and platforms poses a security threat to every organization and individual involved in the cyberspace circle. Statistics has clearly shown that cyber offenses have escalated since the emergence of this shared technologies. This kind of devastating cybercrimes raises a great concern and anxiety on the communication infrastructure that we use and the authentication security measures put in place. Currently, incidences are reported on issues of stolen identity in system verification gateways.

Due to the increased rate of cybercrimes, the computer forensics field has been advancing to combat this illegal computing crimes. The computer forensics field aims at providing mechanisms to neutralize by launching systematic investigations on the abuse of computing technologies and facilities (Li, 2013).

One of the areas of forensics that has been abused is through fingerprint duplicating. Cyber criminals usually create a forgery image of particular individuals to steal the identity. This is a major security flaw that needs to be addressed in the computer forensics domain. The thesis of this paper aims to show that the use of finger liveliness can be used to prevent fingerprint spoofing.

Fingerprint spoofing has become a concern for the biometrics domain, since biometrics is the most effective method used in the field of computing. Like any other trusted technology, biometrics has its security loopholes. Biometrics spoofing is implemented through the following mechanisms.

Ø  An artificial object can be mounted on a biometrics authentication system to launch an attack to an existing system protected using the biometrics system.

Ø  An artificial object can be used to authenticate entrance to a system and thus fraudulently associating an audit path with an unwitting individual.

Ø  Artificial objects are being used to enroll into biometrics systems for login. The artificial objects can be delegated to different individuals in the organization and hence undermining the integrity implemented in the whole system.

Ø  Individual may deny transactions carried in their organizations claiming that they were as a result of an attack. This is basically due to the lack of detection of finger liveliness.

The use discriminant characteristic of the fingers can be used to over the trait of fingerprint replication. The power of spectrum can be used to differentiate between fake fingerprint images and genuine fingerprint images. If a genuine fingerprint images are used, then a good ring of patterns is seen while a replicated fingerprint image rings are usually diffused and unclear.

 The common materials use to produce this fake fingerprint models are gelatin, silicon rubber, and play-doh. This is due to their characteristics of dryness and elasticity associated with the finger.

 

Liveliness detection makes it difficult for technology criminals to perform successful attacks since the biometric systems will require a liveliness signature. The fingerprint process liveliness can be divided into two main domains. The hardware and the software part of the system. A biometric system can include odor detection and pulse oximetry.  The software part can be used to process the complex algorithms associated with finger liveliness by computing perspiration and image deformation.

A biometric system cannot solely depend on one kind of technology platform since the hardware domain out wins the software domain and vice versa.  The only thing that happens is to take the advantage of both the platforms and merge them together to come up with a hybrid involving the two platforms.

This involves using the best hardware technologies and combining them with the image processing techniques in the form of the software for a decision after the image is captured. Hardware techniques usually present more chances of fake fingerprint detection, unlike the software part that usually is cheap and robust since its implementation is transparent to the users.

The hardware platform lays the basis of the functionality of the software platform. If the biometric hardware system is good enough, then the software will give better results. The software part can also prevent other offences like an injection of reconstructed samples between the scanner and the feature extractor module channel.

 

 

 

No system that can offer 100% security to their systems but finger liveliness is one the key mechanisms that can reduce his vulnerable situations. Although the biometric systems use physiologic mechanisms to establish the identity of a person, this method rarely indicates the aspect of finger liveliness (Li & Jain, 2009). The major concern of liveliness isthis kind of advanced biometric procedure will help in capturing and in the use of the actual measurements and resources in determining if the biometric data being captured is from a live person present at the moment of capture.

The overview of determining finger liveliness is measured by live false reject rate and spoof false accept rate. The major design feature that needs to be integrated with biometrics devices is the ability to determine the actual flow of human blood in the figure. Once this is determined, then it can be judged if that was a genuine figure or another fair.

If the flow of the blood is not detected then, a suspected fingerprint spoof activity is logged to the system, and investigations are launched.

Many cases have been launched by clients claiming that they never engaged in some activities and in fact, their identity was stolen. This can be one of the fooling methods that are used by cunning clients. If this is not looked into well, the organizations can suffer losses from this cunning individuals.

Their major claim is that fingerprint models could have been created and used to log in to their accounts. To overcome this then special methods of obtaining evidence can be used to prove if what the client is saying is right or wrong.

 

 

Since in this claim the client may be right or wrong, biometrics liveliness can help give the right course of direction in this scenario. If the fingerprints were taken with a system that does not include liveliness detection, then there is a possibility that the right evidence will not be obtained.

If the system being used incorporates liveliness detection, then the organization owners will have confidence explaining the invalidity of the client’s dispute to him. This is because during the capture of the fingerprint images the biometric system can calculate the physiological data associated to the places finger. The same process will be used to determine if the person trying to access the target account is the expected person and if that the object of biometrics verification is an alive object or an object clone.

Through this then organizations can be able to deny false evidence that are being provided by cunning clients so as to benefit from the organization.

The identification and authenticating logic is done through the generation of a template proxy of the subject of identification (Pugliese, 2010). One of the new ways for recording fingerprints is by the measurement of the pulse based on optical measurement. The light emitted by LEDs, lasers, and other light emitting sources is usually scattered when it hits the surface of the skin. This makes it diffuse and enters the inner tissues of the body.

 

 

 

When light is illuminated on the surface of the finger, a portion of the light will penetrate the skin tissue and will be reflected back. This kind of reflection can be harnessed for useful bio information obtained from the body. This information includes blood flow, hemoglobin saturation and pulse rate that are some of the major characteristics of a live human being.

It does not present any great difficult to determine the blood flow or pulse of an object on the scan, but it remains a difficult task to match if the obtained results are from a live sample. This creates a difficult scenario for the system developers to create an acceptance range for the biometric verification system.

Another challenge in this is that a constant value cannot be set at the biometric system for determining pulse rate since this value changes from one person to another since this value depends on the emotional state of the person at the time the sample was being taken.

This kind of scenarios can create small errors that can be a challenge when determining the liveliness of fingerprints during a scan.

System resources need to be guarded with a lot of care and concise. This happens majorly regarding confidentiality and system integrity. Confidentiality is associated with the privacy of information to only the concerned personnel. The assigned person to a piece of information should be the only person to access that piece of information. If that is violated, then the system providing the information is said to lack confidentiality.

 

 

 

 

Integrity, on the other hand, can to involve the unauthorized modification and destruction of information. For all this to happen then, there is a necessity to have robust verification systems that cannot be easily compromised. Various methods have been used to carry out system verification. This method include:-

Fingerprint identification – Fingerprints are known to be very distinct in each human being (Newman, 2010). This forms a unique feature that can be applied in biometrics systems. Although loopholes may be formed to cripple the authentication methodology, strategies are being developed to make the method a more robust and safe one.

Face Recognition- Face recognition is a method that scans distinct facial characteristics to search for the identity of a person. These characteristics include the size of the nose, the distance between the eyes and the shape of the chin.

This remains to be the majorly used mechanisms to carry out authentication upon a system entry. Although cybercriminals have come with methodologies to overcome fingerprint identification, a major field of concern like fingerprint liveness can be used to contain this situation.

Systems integrity and authentication have been undermined through the abuse of biometric operational mechanisms. Materials such as gelatin and play-doh have been used to mold dummy objects resembling the required login finger prints.

Workers have registered this faked fingerprints in the system as login identities. This makes the system recognize the dummy object as an individual who access the system. Workers can now share the dummy object fingerprints image to login to the system.

 

 

This creates a security vulnerability since the systems integrity is compromised. If someone gains access to the dummy object containing the fingerprints, he or she can log into the system and make changes to the data. Authentication is also compromised since everyone with access to the object can gain system entry. If anyone can enter the system, then the system lacks confidentiality to personal information to the different account.

This forms a chain of security loopholes that can render the system useless if an attack is carried out towards the system. This is because no one is to be held accountable if the object has been used to authenticate transactions.

Fingerprint liveliness comes in hand to save this situation. If a biometric system has this feature, it can detect a fake image and discard it and hence saving the organization a lot since no dummy systems can enter the system.

Biometrics systems are becoming the most reliable means of authentication since they use someone’s physiological process or behavior. This replaces the earlier systems that relied on tokens like passwords. Detecting fingerprint liveness can prevent future on systems. The earlier systems authentication methods could not differentiate between an impostor and the real person authorized to access the system. Furthermore, there isn’t the hustle of remembering passwords that have been forgotten.

 

 

 

 

In the hacking phases, it is known that an attacker launches an attack through the following phases:-

Ø  Reconnaissance - This is one of the most important and longest phases before launching an attack to a system. This may be achieved through a search on the internet or social engineering methods were workers are easily tricked to provide information (Krutz& Vines, 2007).

Ø  Scanning – This is where the hacker scans internal systems of an organization to establish the system loopholes and how he or she can exploit them. This includes the systems storage and authentication mechanisms.

Ø  Gaining Access – This is where the hacker gets a weak gateway to enter and access the system. At this level, the hacker can launch any attack in the form of data manipulation or stealing of confidential data.

Ø  Maintaining Access – At this level the attacker can take control of the system by manipulating data and denying the other system users rights to access the system.

Ø  Covering Attacks – At this level the attacker has accomplished his or her mission. He or she has the task of covering the entry means that were used to attack the system. At this point, mechanisms are used to hide evidence that may make him or her get suspected.

 

 

To avoid secondary attacks that usually come at the phase of maintaining access, fingerprint liveness can be used to help prevent an unauthorized system entry that comes as a result of cloned fingerprints.

If the attacker gains access to the image template, he or she can modify it to present values that he or she selects. The attack can be escalated to the extent of the matcher can generate a high score using the artificial values presented by the attacker (Psu,2015). At this level, the attacker is aiming at gaining control to the system.  The transmission mediums that links the scanner to the image template database can be attacked at this point leading to the manipulation of the image stored in the database. If this happens, then the attacker has gained control over the target account.

This implies that if fingerprint liveness was applied at the scanner then the fake fingerprints could have been denied and hence preventing the secondary attacks.

Liveness checking usually includes additional dynamic information apart from the one recorded in the template database (Bidgoli, 2006). This dynamic information can be used to detect if the person trying to get authenticated is an impostor or is the genuine user. Fingerprint liveliness is a great area in computer forensics that can help reduce and end fingerprint spoofing.

 

 

 

 

 

 

References

Krutz, R., & Vines, R. (2007).The CEH prep guide. Indianapolis, IN: Wiley.

Bidgoli, H. (2006). Handbook of information security. Hoboken, N.J.: John Wiley.

Newman, R. (2010). Security and access control using biometric technologies. Boston, Mass.: Course Technology.

Pugliese, J. (2010).Biometrics. New York: Routledge.

Li, C. (2013). Emerging digital forensics applications for crime detection, prevention, and security. Hershey, PA: Information Science Reference.

Li, S., & Jain, A. (2009).Encyclopedia of biometrics. New York: Springer.

(Psu, 2015). Retrieved 10 November 2015, from http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.10.7168&rep=rep1&type=pdf