MSU Team Works To Improve Fingerprint Security

Nov 15, 2017

Fingerprint identification technology has advanced to the point where you probably have it on the phone you carry. A team in the Michigan State University College of Engineering is working to improve the security of fingerprint recognition systems, and a big part of their effort aims to learn more about fake prints that could be used against you.


At a laboratory in the MSU Engineering Building, access is limited to those who have a fingerprint registered with the door’s locking system. Ph.D student Josh Engelsma of Grand Rapids demonstrates that someone with a fake, or “spoof,” replica of his fingerprint could let anyone into this lab. "We've taken some common household materials, in this case silicone, to create a replica of my living finger," he explains. "Now, we're going to use that finger to access my lab." With a touch of the spoof to the pad, the door unlocks.

Later, Engelsma uses a different spoof to open an iPhone.

This technology is found not just in labs but in all sorts of places, such as banks and border crossings, too.

Anil Jain (L) and Josh Engelsma with a phone they've just opened with a spoof fingerprint.
Credit Scott Pohl / WKAR-MSU

Fingerprints have been used for more than a century to identify criminals, and print recognition systems like the one protecting this lab go back decades. Apple brought them into our everyday lives with the first phones using print technology in 2013, technology that’s become almost universal on telephones.

Some fingerprint scanners are optical and only require a spoof that not only replicates the look of a fingerprint, but also the dimensions. These spoofs can be made from common household materials like silicone, gelatin, or wood glue. More sophisticated scanners require a material that replicates the conductivity of human skin. Fakes that include some silver particles, and even with pigment to mimic the optical properties of a fingerprint, can crack those scanners. This MSU project has produced at least a dozen of these spoofs.

Engelsma is working on this research with MSU Distinguished Professor of Computer Science and Engineering Anil Jain, a biometric expert who has spent years looking into the various forms spoof fingerprints can take, and how to block them. He hopes to stay at least one step ahead of the bad guys "or at least," he continues, "to stay abreast of them, so that they don't get an edge. Only if you bring the weakness in a security mechanism will the manufacturers take it seriously to come up with some counter-mechanisms."

In some arenas, fingerprint identification is giving way to facial and even iris recognition. The best security systems of the future may employ combinations of those elements to protect information and access.