Synthetic fingerprints can fool sensors

November 23, 2018 //By Rich Pell
Synthetic fingerprints can fool sensors
Researchers at the New York University Tandon School of Engineering (Brooklyn, NY) have created synthetic fingerprints that are capable of spoofing smartphone fingerprint sensors.

The researchers used a neural network trained to synthesize human fingerprints to create a fake fingerprint that could potentially fool a touch-based authentication system for up to one in five people. Such a "DeepMasterPrint" - similar to a master key that can unlock every door in a building - uses artificial intelligence (AI) to match a large number of prints stored in fingerprint databases and can thus theoretically unlock a large number of devices.

The term "MasterPrint" - used to describe a set of real or synthetic fingerprints that can fortuitously match with a large number of other fingerprints - was coined by Nasir Memon, professor of computer science and engineering and associate dean for online learning at NYU Tandon, who has done previous research on fingerprint-based systems. Such systems use partial fingerprints, rather than full ones, to confirm identity.

Devices typically allow users to enroll several different finger images, and a match for any saved partial print is enough to confirm identity. As such partial fingerprints are less likely to be unique than full prints, Memon's work demonstrated that enough similarities exist between partial prints to create MasterPrints capable of matching many stored partials in a database.

Taking this concept further, the latest research trained a machine-learning algorithm to generate synthetic fingerprints as MasterPrints. The researchers then created complete images of these synthetic fingerprints.

The process, say the researchers, is yet another step toward assessing the viability of MasterPrints against real devices, which the researchers have yet to test. In addition, because these images replicate the quality of fingerprint images stored in fingerprint-accessible systems, they could potentially be used to launch a brute force attack against a secure cache of these images.

"Fingerprint-based authentication is still a strong way to protect a device or a system, but at this point, most systems don't verify whether a fingerprint or other biometric is coming from a real person or a replica," says


Vous êtes certain ?

Si vous désactivez les cookies, vous ne pouvez plus naviguer sur le site.

Vous allez être rediriger vers Google.