Masterprints: synthetic fingerprints that unlock up to 65% of phones (in theory)

When the touch-sensors on phones capture your fingerprint, they're really only taking a low-resolution, partial snapshot and loosely matching it to a stored image -- which is how a research team from MSU and NYU were able to synthesize their Masterprints ("a fingerprint that serendipitously matches a certain proportion of the fingerprint population"), which drastically reduce the space of possible "guesses" that an attacker has to make to unlock a phone or other device.

Other researcher have demonstrated that they can cheaply and quickly defeat countermeasures that try to establish that fingerprints are attached to living people.

The Masterprint paper lays out a bunch of different attack scenarios with different odds of success, the most optimistic being a 65% success rate at unlocking phones within the proscribed set of attempts before the OS locks up.

But the attack described is theoretical for now, and has not been validated against real phones, an obvious next step.

1) The work establishes the fact that it is indeed possible to perform a dictionary attack on a fingerprint dataset with substantial accuracy using a set of carefully chosen MasterPrints. The MasterPrints can be either full or partial fingerprints sampled from a dataset or designed synthetically using a hill climbing method. However, the probability of finding MasterPrints from a partial fingerprint dataset and the accuracy of the ensuing attack are much higher than that of a full fingerprint dataset.

2) With a dictionary of 5 partial fingerprint based MasterPrints, and assuming a maximum of 5 attempts to be authenticated, it was possible to attack 26.46% users (each having 12 impressions per finger) in the FingerPass DB7 capacitive fingerprint dataset and 65.20% users (each having 8 X 10 (average) ≅ 80 partial impressions per finger) in the FVC optical fingerprint at a FMR of 0.1%. The attack accuracy varied greatly with the FMR value and the number of impressions per finger (for details refer to Section V.B.1).

3) It was observed that the synthetic MasterPrints, generated by a simple first-order hill climbing algorithm, are able to improve the attack accuracy over the sampled MasterPrints. On the capacitive dataset, the average improvement over all FMR settings was ≅ 4% whereas on the optical dataset it was ≅ 3% (for details refer to Section V.B.2). Thus, it can be concluded that properly designed synthetic MasterPrints can be used to perform dictionary attack with higher accuracy.

4) The minutiae distribution of the selected MasterPrints reveals that regions of high minutiae activity usually occurred in the upper delta point of the fingerprints. According to Cao et al. [9], these minutiae generally have lower discriminative power, which may lead to a higher imposter match rate.

5) Detailed analysis of the results reveals that even if a MasterPrint matches with a small number of partial fingerprints, the percentage of subjects that it matches against can be quite high. This is because, for each subject, multiple partial prints may be stored. For example, at a 0.1% FMR, a single MasterPrint (from the capacitive dataset) matched only 1.4% of the partial fingerprints, but this corresponded to 10.6% of the subjects owing to the fact that every subject had 12 impressions. It is clear that this risk would increase if multiple fingers are enrolled for each subject. This observation indicates that the number as well as the type of partial fingerprint impressions to be stored for each finger should be judiciously chosen such that the chance of matching with an arbitrary finger is minimized as suggested in [37]

That Fingerprint Sensor on Your Phone Is Not as Safe as You Think [Vindu Goel/New York Times]

MasterPrint: Exploring the Vulnerability of Partial Fingerprint-based Authentication Systems [Aditi Roy and Arun Ross/IEEE Transactions on Information Forensics and Security] (Sci-Hub Mirror/Requires Tor Browser)

(via /.)

Notable Replies

  1. Pro tip: The fingerprint scan will register any unique pattern on skin. You could use your elbow, the ridges on the first joint beneath your fingertip, the sides of your fingers, a knuckle, your nose, etc.

    As a test, I let my daughter use my floppy hand to try an unlock my phone, and she couldn't get in. She's smarter than most border agents, too.

  2. Oooh, my chest hair whorl.

  3. It is easy enough to test with commodity fingerprint detection hardware or algorithms. The rest of the phone isn't going to change anything, other than making testing difficult. Also it seems more informative to keep the tests general than to publish that their results apply only to a specific model of phone or several.

  4. Not saying my vasectomy scar is unique, but I wanna try it anyway.

  5. One way to make those border crossings awkward.

    "Sir, I need you to unlock your phone."

    "Here?"

    "Yes, Sir, please comply."

    "Excuse me while I whip this out..."

Continue the discussion bbs.boingboing.net

4 more replies

Participants