Spoof Attacks on Multimodal Biometric Systems

Biometrics, referred as the science of recognizing an individual based on his or her physical or behavioral traits, has been widely employed as a security system in the awake of latest security issues. However, recent researches have shown that many biometric traits are vulnerable to spoof attacks. In addition, a latest results have questioned that, contrary to a common claim, multimodal systems can be cracked by spoofing only one trait. Those results were obtained using simulated spoof attacks, under the unrealistic assumption that the spoofed and genuine samples are identical, turned out to be the same outputs. We further investigate this significant security issue, focusing on behavior of fixed and trained score fusion rules, using real spoof attack samples under different spoof attack scenarios. Preliminary empirical results on real biometric systems made up of face, fingerprint and iris with twelve score fusion rules confirm that multimodal biometric systems are not intrinsically robust against spoof attacks as believed so far. In particular, most widely used fixed rules can be less robust, even if the quality of fake biometric trait is low. The false acceptance rate increases substantially under spoof attacks which means that an attacker might wrongly get authenticated by spoofing a subset of traits. In all considered spoofing scenarios, we also found that trained rules are more accurate, flexible and robust against spoof attacks as compare to fixed one.