FB pixel

Faking vein scans is doable but maybe only after every single other option is exhausted

Categories Biometric R&D  |  Biometrics News
 

palm vein pattern

Researchers with access security player Duo Security have written about experiments they have conducted using near infrared light for authentication. They wanted some practical experience with near-IR in a biometrics role — specifically, imaging arm, hand and face veins.

Duo Security was bought by networking pioneer Cisco Systems in 2018 for $2.35 billion. Duo sells cloud-based unified access security and multi-factor authentication products.

The team’s work, laid out in a Duo post, found that a common digital, single lens reflex camera with various IR filters can be reconfigured to record veins relatively clearly in real time with an infrared light source of 940nm combined with a 950nm lens filter. The DIY vein scanner could then theoretically be used to capture images for use in spoof attacks.

But there remain serious complications to the process that in the short term likely will mean only the most determined attackers will even consider vein scanning.

In the post, Jeremy Erickson, senior R&D engineer with Duo, writes that the team was aware of “demonstrated working attacks” against near IR biometric security systems, but that no one seems to have followed up on the results.

Erickson said that it is hard to find information about general IR authentication. What they could find was specific to successful attacks. That limits useful insights.

The infrared spectrum as a whole typically is used to illuminate dark settings without using visible light. A prime example is lighting military environments. Some personal electronics use some of that spectrum, along with visible light, to authenticate a person by comparing a live face scan to stored images.

Near IR is the invisible spectrum adjacent to visible light, roughly from 700nm to 1,400nm. Veins in all of their unique branches beneath skin show up well in this range. Duo’s post spotlights multiple products the AccuView AV500, a med-tech system that uses near IR spectrum to scan veins and then display them as an overlay on a patient’s body to, for example, make phlebotomy a faster and less nauseating process.

The Duo researchers found that vein scanning is harder to accomplish than facial or fingerprint recognition. If nothing else, off-the-shelf hardware and software can image and process face and print images in their thousands. At the moment, capturing vein images takes a do-it-yourself effort, breaking down a digital camera, to get the endeavor underway.

And, finally, the security of vein-scanning is not certain. On the one hand, writes Erickson, it is not prohibitively hard to view a person’s vein structure. On the other, approximating the captured pattern in the experiment required printing it and covering the print with molded wax. As he points out, it is not unlike the tedious routine needed to fake fingerprints today, but even more strained.

Vein biometrics are forecast to be a $1 billion market by 2029.

Article Topics

 |   |   |   |   |   |   | 

Latest Biometrics News

 

World Economic Forum looks to get a GRIP on global regulatory environment

A new piece written by the World Economic Forum (WEF)’s head of digital inclusion, Kelly Ommundsen, looks at the gap…

 

Respected legal authority frames age assurance legislation as segregation, suppression

Language plays a fundamental role in how concepts and technologies are introduced into and evolve alongside society. The debate over…

 

New high scores in fingerprint biometrics accuracy for Dermalog, ROC, Innovatrics

New algorithms submitted to the U.S. National Institute of Standards and Technology for its Proprietary Fingerprint Template (PFT) Evaluation have…

 

Australia’s safety code for search tools takes effect, with age verification rules

Like its counterparts in the EU and UK, Australia’s digital regulator is beginning to formalize its online safety codes. The…

 

Age verification coming to major video game mod site in EU, UK

Want to make sweet love to that frost giant who lives in the fjord? You may have to prove your…

 

Ecuador upgrades border ID verification with Regula forensic devices

Ecuador is upgrading its border identity verification systems by deploying a range of Regula’s ID document examination devices. The deployment…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Biometric Market Analysis

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events