TY - JOUR
T1 - MasterPrint
T2 - Exploring the Vulnerability of Partial Fingerprint-Based Authentication Systems
AU - Roy, Aditi
AU - Memon, Nasir
AU - Ross, Arun
N1 - Funding Information:
Arun Ross received the B.E. degree (Hons.) in computer science from the Birla Institute of Tech-nology and Science, Pilani, India, and the M.S. and Ph.D. degrees in computer science and engi-neering from Michigan State University. He was with the Faculty of West Virginia University from 2003 to 2012. He is currently a Professor with the Department of Computer Science and Engineering, Michigan State University, and the Director of the i-PRoBe Laboratory. He has coauthored the text-book Introduction to Biometrics and the monograph Handbook of Multibiometrics. He was a recipient of the IAPR JK Aggarwal Prize, the IAPR Young Biometrics Investigator Award, and the NSF CAREER Award, and was designated a Kavli Frontier Fellow by the National Academy of Sciences in 2006. He was a recipient of the 2005 Biennial Pattern Recognition Journal Best Paper Award and the Five Year Highly Cited BTAS 2009 Paper Award.
Funding Information:
Manuscript received August 1, 2016; revised December 6, 2016 and February 7, 2017; accepted March 13, 2017. Date of publication April 6, 2017; date of current version June 14, 2017. This work was supported by the National Science Foundation under Grant 1618750 and Grant 1617466. The associate editor coordinating the review of this manuscript and approving it for publication was Dr. Julien Bringer. (Corresponding author: Aditi Roy.) A. Roy and N. Memon are with the Department of Computer Science and Engineering, New York University Tandon School of Engineering, Brooklyn, NY 11201 USA (e-mail: ar3824@nyu.edu; memon@nyu.edu).
Publisher Copyright:
© 2005-2012 IEEE.
PY - 2017/9
Y1 - 2017/9
N2 - This paper investigates the security of partial fingerprint-based authentication systems, especially when multiple fingerprints of a user are enrolled. A number of consumer electronic devices, such as smartphones, are beginning to incorporate fingerprint sensors for user authentication. The sensors embedded in these devices are generally small and the resulting images are, therefore, limited in size. To compensate for the limited size, these devices often acquire multiple partial impressions of a single finger during enrollment to ensure that at least one of them will successfully match with the image obtained from the user during authentication. Furthermore, in some cases, the user is allowed to enroll multiple fingers, and the impressions pertaining to multiple partial fingers are associated with the same identity (i.e., one user). A user is said to be successfully authenticated if the partial fingerprint obtained during authentication matches any one of the stored templates. This paper investigates the possibility of generating a 'MasterPrint,' a synthetic or real partial fingerprint that serendipitously matches one or more of the stored templates for a significant number of users. Our preliminary results on an optical fingerprint data set and a capacitive fingerprint data set indicate that it is indeed possible to locate or generate partial fingerprints that can be used to impersonate a large number of users. In this regard, we expose a potential vulnerability of partial fingerprint-based authentication systems, especially when multiple impressions are enrolled per finger.
AB - This paper investigates the security of partial fingerprint-based authentication systems, especially when multiple fingerprints of a user are enrolled. A number of consumer electronic devices, such as smartphones, are beginning to incorporate fingerprint sensors for user authentication. The sensors embedded in these devices are generally small and the resulting images are, therefore, limited in size. To compensate for the limited size, these devices often acquire multiple partial impressions of a single finger during enrollment to ensure that at least one of them will successfully match with the image obtained from the user during authentication. Furthermore, in some cases, the user is allowed to enroll multiple fingers, and the impressions pertaining to multiple partial fingers are associated with the same identity (i.e., one user). A user is said to be successfully authenticated if the partial fingerprint obtained during authentication matches any one of the stored templates. This paper investigates the possibility of generating a 'MasterPrint,' a synthetic or real partial fingerprint that serendipitously matches one or more of the stored templates for a significant number of users. Our preliminary results on an optical fingerprint data set and a capacitive fingerprint data set indicate that it is indeed possible to locate or generate partial fingerprints that can be used to impersonate a large number of users. In this regard, we expose a potential vulnerability of partial fingerprint-based authentication systems, especially when multiple impressions are enrolled per finger.
KW - Authentication
KW - biometrics
KW - computer security
KW - dictionary attack
KW - fingerprint recognition
KW - hill climbing
KW - mobile applications
KW - mobile device authentication
KW - partial fingerprint
UR - http://www.scopus.com/inward/record.url?scp=85028326293&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85028326293&partnerID=8YFLogxK
U2 - 10.1109/TIFS.2017.2691658
DO - 10.1109/TIFS.2017.2691658
M3 - Article
AN - SCOPUS:85028326293
SN - 1556-6013
VL - 12
SP - 2013
EP - 2025
JO - IEEE Transactions on Information Forensics and Security
JF - IEEE Transactions on Information Forensics and Security
IS - 9
M1 - 7893784
ER -