The team analyzed the attributes of MasterPrints culled from real fingerprint images, and then built an algorithm for creating synthetic partial MasterPrints. Experiments showed that synthetic partial prints have an even wider matching potential, making them more likely to fool biometric security systems than real partial fingerprints.
With their digitally simulated MasterPrints, the team reported successfully matching between 26 and 65 percent of users, depending on how many partial fingerprint impressions were stored for each user and assuming a maximum number of five attempts per authentication. The more partial fingerprints a given smartphone stores for each user, the more vulnerable it is.
Roy emphasized that their work was done in a simulated environment. She noted, however, that improvements in creating synthetic prints and techniques for transferring digital MasterPrints to physical artifacts in order to spoof a device pose significant security concerns.
The high matching capability of MasterPrints points to the challenges of designing trustworthy fingerprint-based authentication systems and reinforces the need for multi-factor authentication schemes. She said this work may inform future designs.
"As fingerprint sensors become smaller in size, it is imperative for the resolution of the sensors to be significantly improved in order for them to capture additional fingerprint features," Ross said. "If resolution is not improved, the distinctiveness of a user's fingerprint will be inevitably compromised. The empirical analysis conducted in this research clearly substantiates this."
Memon noted that the results of the team's research are based on minutiae-based matching, which any particular vendor may or may not use. Nevertheless, as long as partial fingerprints are used for unlocking devices and multiple partial impressions per finger are stored, the probability of finding MasterPrints increases significantly, he said.
"NSF's investments in cybersecurity research build the foundational knowledge base needed to protect us in cyberspace," said Nina Amla, program director in the Division of Computing and Communication Foundations at the National Science Foundation. "Much as other NSF-funded research has helped identify vulnerabilities in everyday technologies, such as cars or medical devices, investigating the vulnerabilities of fingerprint-based authentication systems informs continuous advancements in security, ensuring more reliable protection for users."
For more, see "MasterPrint: Exploring the Vulnerability of Partial Fingerprint-based Authentication Systems" in IEEE Transactions on Information Forensics & Security.
Fingerprint sensors to see steep growth, decreasing prices, says report
Fingerprint sensor also detects underlying veins
Ultrasonic fingerprint imaging technology under development
Biometrics market to double by 2021
Palm vein authentication technology could fit handhelds