Fingering Security Spoofers

Whether driven by one-upmanship or by criminal intent, there always seem to be people who want to outsmart any new technology. Biometric identity systems are being used increasingly for security access and privacy protection, and attempts to thwart them — called “spoofing” — have become a rising concern.

A $3.1 million investigation backed by the National Science Foundation and other government agencies hopes to nip this type of fraud in the bud. Researchers from several universities, led by engineering specialist Stephanie C. Schuckers at Clarkson University in Potsdam, N.Y., used fingers severed from cadavers and false fingers molded from clay and dental materials to test fingerprint scanning devices. They found that the devices were hoodwinked by the fakes 90 percent of the time.

To combat this vulnerability, they developed a computer algorithm that recognizes patterns made by perspiration from the pores to distinguish live fingers from dead or fraudulent ones. Integrating this system into the detectors brought the verification error down to 10 percent. Until some determined hacker finds a way to wring moisture from dubious digits, fingering suspect ones should be “no sweat.”