Friday , April 23 2021

Demonstrate the ability to break fingerprint reader by fingerprints

Most fingerprints are genuine or synthetic fingerprints that temporarily match a large number of fingerprints by real people. In this work, the team created by researchers from the University of New York (NYU) and State University of Michigan (MSU) created main fingerprint images using a method called latent variable model and the use of engineering machine learning. These fingerprints, called "DeepMasterPrints", have an efficiency of 20% and allow to restore fingerprints used in recognition systems that can be exploited by an attack similar to "dictionary attacks".

In a paper presented at a biometric security conference (BTAS 2018), specialists explain that in order to create DeepMasterPrint, specialists took into account two things. On the other hand, fingerprint sensors for ergonomic reasons are many times very small (as in smartphones), which means they work with part of the image of a user's fingerprints. Since the identification of an identity by means of small pieces of fingerprints is not an easy task as it may be when reading a complete fingerprint, the possibility of a fingerprint part of the finger may not coincide with another part of the fingerprint of another finger is high. Researcher Aditi Roy took note of this and presented the concept of master fingerprints, which is a set of real or synthetic fingerprints that coincide with a large number of other fingerprints.

The other thing they took into account is that some fingerprints have common characteristics for each other. This means that a false fingerprint containing many common features has more real chances of matching other fingerprints.

From here, researchers used a type of artificial intelligence algorithm called "antagonistic review" to artificially create new fingerprints that can match as many partial fingerprints as possible. In this way, they managed to develop a library of artificial fingerprints that act as key keys for a particular biometric identification system. In addition, it is not necessary to get a fingerprints test belonging to a particular individual, but it can be done against anonymous subjects and still have a certain successful margin.

Although it is very difficult for an attacker to use something like DeepMasterPrint because it takes a lot of effort to optimize artificial intelligence for a particular system, because each system is different, it's an example of what might happen over time and something to be aware of. Something similar was seen this year at the Black Hat Security Conference, when IBM researchers showed evidence that it was possible to develop malicious code using artificial intelligence to perform attacks based on face recognition.

Source link