Navigation Links
So You Think You Can Secure Your Mobile Phone with a Fingerprint?
Date:4/11/2017

BROOKLYN, N.Y., April 11, 2017 /PRNewswire-USNewswire/ -- No two people are believed to have identical fingerprints, but researchers at the New York University Tandon School of Engineering and Michigan State University College of Engineering have found that partial similarities between prints are common enough that the fingerprint-based security systems used in mobile phones and other electronic devices can be more vulnerable than previously thought.

The vulnerability lies in the fact that fingerprint-based authentication systems feature small sensors that do not capture a user's full fingerprint. Instead, they scan and store partial fingerprints, and many phones allow users to enroll several different fingers in their authentication system. Identity is confirmed when a user's fingerprint matches any one of the saved partial prints. The researchers hypothesized that there could be enough similarities among different people's partial prints that one could create a "MasterPrint."

Researchers at NYU Tandon and Michigan State University found enough similarities in partial fingerprints that they could match between 26 and 65 percent of mobile phone users in their experiments. The number differed according to the number of prints stored by the mobile device.
Researchers at NYU Tandon and Michigan State University found enough similarities in partial fingerprints that they could match between 26 and 65 percent of mobile phone users in their experiments. The number differed according to the number of prints stored by the mobile device.

Nasir Memon, a professor of computer science and engineering at NYU Tandon and the research team leader, explained that the MasterPrint concept bears some similarity to a hacker who attempts to crack a PIN-based system using a commonly adopted password such as 1234. "About 4 percent of the time, the password 1234 will be correct, which is a relatively high probability when you're just guessing," said Memon. The research team set out to see if they could find a MasterPrint that could reveal a similar level of vulnerability. Indeed, they found that certain attributes in human fingerprint patterns were common enough to raise security concerns.

Memon and his colleagues, NYU Tandon Postdoctoral Fellow Aditi Roy and Michigan State University Professor of Computer Science and Engineering Arun Ross, undertook their analysis using 8,200 partial fingerprints. Using commercial fingerprint verification software, they found an average of 92 potential MasterPrints for every randomly sampled batch of 800 partial prints. (They defined a MasterPrint as one that matches at least 4 percent of the other prints in the randomly sampled batch.)

They found, however, just one full-fingerprint MasterPrint in a sample of 800 full prints. "Not surprisingly, there's a much greater chance of falsely matching a partial print than a full one, and most devices rely only on partials for identification," said Memon.

The team analyzed the attributes of MasterPrints culled from real fingerprint images, and then built an algorithm for creating synthetic partial MasterPrints. Experiments showed that synthetic partial prints have an even wider matching potential, making them more likely to fool biometric security systems than real partial fingerprints. With their digitally simulated MasterPrints, the team reported successfully matching between 26 and 65 percent of users, depending on how many partial fingerprint impressions were stored for each user and assuming a maximum number of five attempts per authentication. The more partial fingerprints a given smartphone stores for each user, the more vulnerable it is.

Roy emphasized that their work was done in a simulated environment. She noted, however, that improvements in creating synthetic prints and techniques for transferring digital MasterPrints to physical artifacts in order to spoof a device pose significant security concerns. The high matching capability of MasterPrints points to the challenges of designing trustworthy fingerprint-based authentication systems and reinforces the need for multi-factor authentication schemes.  She said this work may inform future designs.

"As fingerprint sensors become smaller in size, it is imperative for the resolution of the sensors to be significantly improved in order for them to capture additional fingerprint features," Ross said. "If resolution is not improved, the distinctiveness of a user's fingerprint will be inevitably compromised. The empirical analysis conducted in this research clearly substantiates this."

Memon noted that the results of the team's research are based on minutiae-based matching, which any particular vendor may or may not use. Nevertheless, as long as partial fingerprints are used for unlocking devices and multiple partial impressions per finger are stored, the probability of finding MasterPrints increases significantly, he said.

"NSF's investments in cybersecurity research build the foundational knowledge base needed to protect us in cyberspace," said Nina Amla, program director in the Division of Computing and Communication Foundations at the National Science Foundation. "Much as other NSF-funded research has helped identify vulnerabilities in everyday technologies, such as cars or medical devices, investigating the vulnerabilities of fingerprint-based authentication systems informs continuous advancements in security, ensuring more reliable protection for users."

"MasterPrint: Exploring the Vulnerability of Partial Fingerprint-based Authentication Systems" appears in IEEE Transactions on Information Forensics & Security at http://ieeexplore.ieee.org/document/7893784. NSF funding supported this research to determine and address such vulnerabilities.

About the New York University Tandon School of Engineering
The NYU Tandon School of Engineering dates to 1854, the founding date for both the New York University School of Civil Engineering and Architecture and the Brooklyn Collegiate and Polytechnic Institute (widely known as Brooklyn Poly). A January 2014 merger created a comprehensive school of education and research in engineering and applied sciences, rooted in a tradition of invention and entrepreneurship and dedicated to furthering technology in service to society. In addition to its main location in Brooklyn, NYU Tandon collaborates with other schools within NYU, the country's largest private research university, and is closely connected to engineering programs at NYU Abu Dhabi and NYU Shanghai. It operates Future Labs focused on start-up businesses in downtown Manhattan and Brooklyn and an award-winning online graduate program. For more information, visit http://engineering.nyu.edu.

www.facebook.com/nyutandon 
@nyutandontweets



To view the original version on PR Newswire, visit:http://www.prnewswire.com/news-releases/so-you-think-you-can-secure-your-mobile-phone-with-a-fingerprint-300437892.html


'/>"/>
SOURCE NYU Tandon School of Engineering
Copyright©2017 PR Newswire.
All rights reserved


Related biology news :

1. NXT-IDs Wocket Smart Wallet Named Number One Best Tech Gift for 2015 by Rethink Modern
2. Think big! Bacteria breach cell division size limit
3. Speaking of chemistry: Rethinking football head injuries (video)
4. In asthma, its not just what you smell, but what you think you smell
5. Rethinking the reef
6. Stanford researchers rethink natural habitat for wildlife
7. How coughs and sneezes float farther than you think
8. Thinking it through: Scientists seek to unlock mysteries of the brain
9. Climate engineering -- what do the public think?
10. Hoyos Labs, a Digital Infrastructure Security Company, Launches; Rethinks How We Authenticate and Secure Identity
11. Fund launched to seed new thinking in sustaining the future of health
Post Your Comments:
*Name:
*Comment:
*Email:
(Date:4/11/2017)... N.Y. , April 11, 2017 ... fingerprints, but researchers at the New York University ... College of Engineering have found that partial similarities ... security systems used in mobile phones and other ... thought. The vulnerability lies in the ...
(Date:4/6/2017)... April 6, 2017 Forecasts by ... Document Readers, by End-Use (Transportation & Logistics, Government & ... Gas & Fossil Generation Facility, Nuclear Power), Industrial, Retail, ... Are you looking for a definitive report ... ...
(Date:4/5/2017)... April 5, 2017 Today HYPR Corp. ... the server component of the HYPR platform is officially ... the end-to-end security architecture that empowers biometric authentication across ... has already secured over 15 million users across the ... of connected home product suites and physical access represent ...
Breaking Biology News(10 mins):
(Date:10/9/2017)... ... ... At its national board meeting in North Carolina, ARCS® Foundation ... Physics and Astronomy, has been selected for membership in ARCS Alumni Hall of ... Breakthrough Prize in Fundamental physics for the discovery of the accelerating expansion of the ...
(Date:10/7/2017)... , ... October 06, 2017 ... ... experience providing advanced instruments and applications consulting for microscopy and surface analysis, ... in application consulting, Nanoscience Analytical offers a broad range of contract analysis ...
(Date:10/6/2017)... Boston, Mass. (PRWEB) , ... October 06, 2017 ... ... spotlight female entrepreneurship within the healthcare and technology sector at their fourth annual ... six panels featuring 30 inspiring speakers and the ELEVATE pitch competition showcasing early ...
(Date:10/5/2017)... ... , ... Understanding the microbiome, the millions of bacteria that live in our ... My Future, the newest exhibit on display at the University City Science Center’s Esther ... the lens of the gut microbiome. , Gut Love opens October 12, 2017, ...
Breaking Biology Technology: