Security analysis of multimodal biometric systems against spoof attacks

Abstract

Biometrics, referred as the science of recognizing a person based on his or her physical or behavioral traits, has been widely accepted and deployed in various applications. However, recent researches show that many biometric traits are susceptible to spoof attacks. Moreover, a recent work showed that, contrary to a common claim, multimodal systems can be broken even if only one trait is spoofed. The result was obtained, using simulated spoofed samples, under the assumption that the spoofed and genuine samples are indistinguishable, which is not true for all biometric traits. We further investigate this security issue, focusing on behavior of fixed and trained score fusion rules, using real spoof attack samples. Preliminary empirical results on real biometric systems made up of face, fingerprint and iris confirm that multimodal biometric systems are not intrinsically robust against spoof attacks as believed so far. In particular, most used fixed rules can be even less robust than trained one. We found that trained rules are not only more flexible and accurate but more robust, also, against spoof attacks as compare to fixed rules. We also empirically observed that multimodal systems are more robust, under spoof attacks, than unimodal biometric systems, robustness increases as the number of matchers being fused increases. © 2011 Springer-Verlag.