Machine Learning Masters the Fingerprint to Fool Biometric Systems
NYU Tandon researchers create synthetic fingerprints capable of spoofing ?smartphone fingerprint sensors
Fingerprint authentication systems are a widely trusted, ubiquitous form of biometric authentication, deployed on billions of smartphones and other devices worldwide. Yet a new study from New York University Tandon School of Engineering reveals a surprising level of vulnerability in these systems. Using a neural network trained to synthesize human fingerprints, the research team evolved a fake fingerprint that could potentially fool a touch-based authentication system for up to one in five people.
Much the way that a master key can unlock every door in a building, these “DeepMasterPrints” use artificial intelligence to match a large number of prints stored in fingerprint databases and could thus theoretically unlock a large number of devices.
The research team was headed by NYU Tandon associate professor of computer science and engineering Julian Togelius and doctoral student Philip Bontrager, the lead author of the paper, who presented it at the IEEE International Conference of Biometrics: Theory, Applications and Systems, where it won the Best Paper Award.
The work builds on earlier research led by Nasir Memon, professor of computer science and engineering and associate dean for online learning at NYU Tandon, and Arun Ross, Michigan State University professor of computer science and engineering. They coined the term “MasterPrint” to describe how fingerprint-based systems use partial fingerprints, rather than full ones, to confirm identity. Memon and Ross, who coined the term “MasterPrint,” described how fingerprint-based systems use partial fingerprints, rather than full ones, to confirm identity. Devices typically allow users to enroll several different finger images, and a match for any saved partial print is enough to confirm identity. Partial fingerprints are less likely to be unique than full prints, and Memon’s work demonstrated that enough similarities exist between partial prints to create MasterPrints capable of matching many stored partials in a database.
Bontrager and his collaborators, including Memon, took this concept further, training a machine-learning algorithm to generate synthetic fingerprints as MasterPrints. The researchers created complete images of these synthetic fingerprints, a process that has two-fold significance. First, it is yet another step toward assessing the viability of MasterPrints against real devices, which the researchers have yet to test; and second, because these images replicate the quality of fingerprint images stored in fingerprint-accessible systems, they could potentially be used to launch a brute force attack against a secure cache of these images.
“Fingerprint-based authentication is still a strong way to protect a device or a system, but at this point, most systems don’t verify whether a fingerprint or other biometric is coming from a real person or a replica,” said Bontrager. “These experiments demonstrate the need for multi-factor authentication and should be a wake-up call for device manufacturers about the potential for artificial fingerprint attacks.”
This research has applications in fields beyond security. Togelius noted that their Latent Variable Evolution method used here to generate fingerprints can also be used to make designs in other industries—notably game development. The technique has already been used to generate new levels in popular video games.