ABSTRACT
Fingerprint recognition has been a vital security guard for various applications whose vulnerability has been explored by different works. However, previous works on spoofing fingerprint recognition rely on prior knowledge (e.g., photos and minutiae) of the target fingerprint, which fails to implement in practical scenarios. In this paper, we design a fingerprint spoofing attack, namely FingerFaker, to explore the vulnerability of fingerprint recognition, which can spoof automated fingerprint recognition systems (AFRSs) without prior knowledge of target fingerprints. Specifically, we propose a novel concept of "pseudo-minutiae-set" as an effective optimization object and design a two-stage scheme to optimize "pseudo-minutiaeset" leveraging a two-factor evolutionary strategy. In addition, we use a GAN-based training strategy with a minutiae loss function to pre-train a fingerprint generator to map a "pseudo-minutiae-set" into a fingerprint. We use 6342 fingerprint images to verify the performance of FingerFaker on spoofing the open-source AFRS, which shows a high attack success rate (ASR) of 97.78%. Meanwhile, we conduct a realistic case study on commercial off-the-shelf (COTS) AFRS, where FingerFaker also shows 94.22% ASR. Finally, we explore the impact of different conditions to guide the attack and propose countermeasures to mitigate the harm.
- Inayat Ali, Sonia Sabir, and Zahid Ullah. 2019. Internet of things security, device authentication and access control: a review. arXiv preprint arXiv:1901.07309 (2019).Google Scholar
- Mouad MH Ali, Vivek H Mahale, Pravin Yannawar, and AT Gaikwad. 2016. Overview of fingerprint recognition system. In 2016 international conference on electrical, electronics, and optimization techniques (ICEEOT). IEEE, 1334--1338.Google ScholarCross Ref
- Sunpreet S Arora, Kai Cao, Anil K Jain, and Nicholas G Paulter. 2016. Design and fabrication of 3D fingerprint targets. IEEE Transactions on Information Forensics and Security 11, 10 (2016), 2284--2297.Google ScholarDigital Library
- M Arul Selvan and S Selvakumar. 2019. Malicious node identification using quantitative intrusion detection techniques in MANET. Cluster computing 22, 3 (2019), 7069--7077.Google Scholar
- Aware. 2023. Aware. https://www.aware.com/identification-verification/.Google Scholar
- Roli Bansal, Priti Sehgal, and Punam Bedi. 2011. Minutiae extraction from finger-print images-a review. arXiv preprint arXiv:1201.1422 (2011).Google Scholar
- Daniel Bichler, Guido Stromberg, Mario Huemer, and Manuel Löw. 2007. Key generation based on acceleration data of shaking processes. In UbiComp 2007: Ubiquitous Computing: 9th International Conference, UbiComp 2007, Innsbruck, Austria, September 16--19, 2007. Proceedings 9. Springer, 304--317.Google Scholar
- BioKey. 2023. BioKey. https://www.bio-key.com/portalguard/.Google Scholar
- BioKey. 2023. BioKey Case Study. https://www.bio-key.com/resources/?type=case-studies.Google Scholar
- Philip Bontrager, Aditi Roy, Julian Togelius, Nasir Memon, and Arun Ross. 2018. Deepmasterprints: Generating masterprints for dictionary attacks via latent variable evolution. In 2018 IEEE 9th International Conference on Biometrics Theory, Applications and Systems (BTAS). IEEE, 1--9.Google ScholarDigital Library
- Rafael Bouzaglo and Yosi Keller. 2022. Synthesis and reconstruction of fingerprints using generative adversarial networks. arXiv preprint arXiv:2201.06164 (2022).Google Scholar
- Kai Cao and Anil K Jain. 2014. Learning fingerprint reconstruction: From minutiae to image. IEEE Transactions on information forensics and security 10, 1 (2014), 104--117.Google ScholarCross Ref
- Raffaele Cappelli, Dario Maio, Alessandra Lumini, and Davide Maltoni. 2007. Fingerprint image reconstruction from standard templates. IEEE transactions on pattern analysis and machine intelligence 29, 9 (2007), 1489--1503.Google ScholarDigital Library
- Guangke Chen, Sen Chenb, Lingling Fan, Xiaoning Du, Zhe Zhao, Fu Song, and Yang Liu. 2021. Who is real bob? adversarial attacks on speaker recognition systems. In 2021 IEEE Symposium on Security and Privacy (SP). IEEE, 694--711.Google ScholarCross Ref
- Jiansheng Chen and Yiu Sang Moon. 2008. The statistical modelling of fingerprint minutiae distribution with implications for fingerprint individuality studies. In 2008 IEEE Computer Society Conference on Computer Vision and Pattern Recognition (CVPR 2008), 24--26 June 2008, Anchorage, Alaska, USA. IEEE Computer Society.Google Scholar
- Yu Chen, Yang Yu, and Lidong Zhai. 2023. InfinityGauntlet: Expose Smartphone Fingerprint Authentication to Brute-force Attack. In 32nd USENIX Security Symposium (USENIX Security 23). USENIX Association, Anaheim, CA, 2027--2041. https://www.usenix.org/conference/usenixsecurity23/presentation/chen-yuGoogle Scholar
- Minhao Cheng, Thong Le, Pin-Yu Chen, Jinfeng Yi, Huan Zhang, and Cho-Jui Hsieh. 2018. Query-efficient hard-label black-box attack: An optimization-based approach. arXiv preprint arXiv:1807.04457 (2018).Google Scholar
- Ana Cholakoska, Bjarne Pfitzner, Hristijan Gjoreski, Valentin Rakovic, Bert Arnrich, and Marija Kalendar. 2021. Differentially Private Federated Learningfor Anomaly Detection in eHealth Networks. In Adjunct Proceedings of the 2021 ACM International Joint Conference on Pervasive and Ubiquitous Computing and Proceedings of the 2021 ACM International Symposium on Wearable Computers. 514--518.Google ScholarDigital Library
- CloudABIS. 2023. CloudABIS. https://www.m2sys.com/.Google Scholar
- CloudABIS. 2023. CloudABIS Case Study. https://www.m2sys.com/biometric-fingerprint-software-case-studies/.Google Scholar
- Kalyanmoy Deb, Ram Bhushan Agrawal, et al. 1995. Simulated binary crossover for continuous search space. Complex systems 9, 2 (1995), 115--148.Google Scholar
- Kalyanmoy Deb, Amrit Pratap, Sameer Agarwal, and TAMT Meyarivan. 2002. A fast and elitist multiobjective genetic algorithm: NSGA-II. IEEE transactions on evolutionary computation 6, 2 (2002), 182--197.Google Scholar
- Yinpeng Dong, Hang Su, Baoyuan Wu, Zhifeng Li, Wei Liu, Tong Zhang, and Jun Zhu. 2019. Efficient decision-based black-box adversarial attacks on face recognition. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition. 7714--7722.Google ScholarCross Ref
- Yinpeng Dong, Hang Su, Baoyuan Wu, Zhifeng Li, Wei Liu, Tong Zhang, and Jun Zhu. 2019. Efficient decision-based black-box adversarial attacks on face recognition. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition. 7714--7722.Google ScholarCross Ref
- Joshua J Engelsma, Sunpreet S Arora, Anil K Jain, and Nicholas G Paulter. 2018. Universal 3D wearable fingerprint targets: Advancing fingerprint reader evaluations. IEEE Transactions on Information Forensics and Security 13, 6 (2018), 1564--1578.Google ScholarDigital Library
- Jianjiang Feng and Anil K Jain. 2010. Fingerprint reconstruction: from minutiae to phase. IEEE transactions on pattern analysis and machine intelligence 33, 2 (2010), 209--223.Google Scholar
- FVC2002. 2002. Fingerprint Verification Competition. http://bias.csr.unibo.it/fvc2002/.Google Scholar
- Sanjam Garg, Craig Gentry, Shai Halevi, Mariana Raykova, Amit Sahai, and Brent Waters. 2016. Candidate indistinguishability obfuscation and functional encryption for all circuits. SIAM J. Comput. 45, 3 (2016), 882--929.Google ScholarDigital Library
- Luca Ghiani, David A. Yambay, Valerio Mura, Gian Luca Marcialis, Fabio Roli, and Stephanie Schuckers. 2017. Review of the Fingerprint Liveness Detection (LivDet) competition series: 2009 to 2015. Image Vis. Comput. 58 (2017), 110--128.Google ScholarDigital Library
- Marta Gomez-Barrero, Emanuele Maiorana, Javier Galbally, Patrizio Campisi, and Julian Fiérrez. 2017. Multi-biometric template protection based on Homomorphic Encryption. Pattern Recognit. 67 (2017), 149--163.Google ScholarDigital Library
- Ian J Goodfellow, Jonathon Shlens, and Christian Szegedy. 2014. Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572 (2014).Google Scholar
- Google. 2023. Android-12-cdd biometric sensors. https://source.android.com/docs/security/features/biometric.Google Scholar
- Lin Hong, Yifei Wan, and Anil Jain. 1998. Fingerprint image enhancement: Algorithm and performance evaluation. IEEE transactions on pattern analysis and machine intelligence 20, 8 (1998), 777--789.Google Scholar
- Zhichao Huang and Tong Zhang. 2019. Black-box adversarial attack with transferable model-based embedding. arXiv preprint arXiv:1911.07140 (2019).Google Scholar
- Innovatrics. 2023. Innovatrics. https://www.innovatrics.com/innovatrics-abis/.Google Scholar
- Xudong Jiang and Wei-Yun Yau. 2000. Fingerprint minutiae matching based on the local and global structures. In Proceedings 15th international conference on pattern recognition. ICPR-2000, Vol. 2. IEEE, 1038--1041.Google ScholarCross Ref
- Nick Kanopoulos, Nagesh Vasanthavada, and Robert L Baker. 1988. Design of an image edge detection filter using the Sobel operator. IEEE Journal of solid-state circuits 23, 2 (1988), 358--367.Google ScholarCross Ref
- Sieeka Khan. 2019. Samsung Galaxy S10 Fingerprint Scanner Hacked. https://www.sciencetimes.com/articles/19758/20190406/samsung.htm.Google Scholar
- Diederik P Kingma and Jimmy Ba. 2014. Adam: A method for stochastic optimization. arXiv preprint arXiv:1412.6980 (2014).Google Scholar
- Zoe Kleinman. 2014. Politician's fingerprint 'cloned from photos' by hacker. https://www.bbc.com/news/technology-30623611.Google Scholar
- Kenneth Ko et al. 2007. User's guide to nist biometric image software (nbis). (2007).Google Scholar
- John R Koza and Riccardo Poli. 2005. Genetic programming. In Search methodologies. Springer, 127--164.Google Scholar
- Cai Li and Jiankun Hu. 2016. A Security-Enhanced Alignment-Free Fuzzy Vault-Based Fingerprint Cryptosystem Using Pair-Polar Minutiae Structures. IEEE Trans. Inf. Forensics Secur. 11, 3 (2016), 543--555.Google ScholarDigital Library
- Sheng Li and Alex C Kot. 2012. An improved scheme for full fingerprint reconstruction. IEEE Transactions on Information Forensics and Security 7, 6 (2012), 1906--1912.Google ScholarDigital Library
- Zhenguang Liu, Peng Qian, Xiaoyang Wang, Yuan Zhuang, Lin Qiu, and Xun Wang. 2021. Combining Graph Neural Networks with Expert Knowledge for Smart Contract Vulnerability Detection. TKDE (2021). Google ScholarCross Ref
- Aleksander Madry, Aleksandar Makelov, Ludwig Schmidt, Dimitris Tsipras, and Adrian Vladu. 2017. Towards deep learning models resistant to adversarial attacks. arXiv preprint arXiv:1706.06083 (2017).Google Scholar
- Davide Maltoni, Dario Maio, Anil K Jain, and Salil Prabhakar. 2009. Synthetic fingerprint generation. Handbook of fingerprint recognition (2009), 271--302.Google ScholarCross Ref
- Anna Mikaelyan and Josef Bigun. 2012. Ground truth and evaluation for latent fingerprint matching. In 2012 IEEE Computer Society Conference on Computer Vision and Pattern Recognition Workshops. IEEE, 83--88.Google ScholarCross Ref
- Takeru Miyato, Toshiki Kataoka, Masanori Koyama, and Yuichi Yoshida. 2018. Spectral normalization for generative adversarial networks. arXiv preprint arXiv:1802.05957 (2018).Google Scholar
- Farid Ghareh Mohammadi, Farzan Shenavarmasouleh, M Hadi Amini, and Hamid R Arabnia. 2020. Malware detection using artificial bee colony algorithm. In Adjunct Proceedings of the 2020 ACM International Joint Conference on Pervasive and Ubiquitous Computing and Proceedings of the 2020 ACM International Symposium on Wearable Computers. 568--572.Google ScholarDigital Library
- Seyed-Mohsen Moosavi-Dezfooli, Alhussein Fawzi, Omar Fawzi, and Pascal Frossard. 2017. Universal adversarial perturbations. In Proceedings of the IEEE conference on computer vision and pattern recognition. 1765--1773.Google ScholarCross Ref
- Neurotechnology. 2021. Verifinger SDK. https://www.neurotechnology.com/verifinger.html.Google Scholar
- Neurotechnology. 2022. Verifinger Case Studies. https://www.neurotechnology.com/cgi-bin/customers.cgi.Google Scholar
- Dinh-Luan Nguyen, Sunpreet S Arora, Yuhang Wu, and Hao Yang. 2020. Adversarial light projection attacks on face recognition systems: A feasibility study. In Proceedings of the IEEE/CVF conference on computer vision and pattern recognition workshops. 814--815.Google ScholarCross Ref
- NIST. 2010. NIST Biometric Image Software (NBIS). https://www.nist.gov/services-resources/software/nist-biometric-image-software-nbis.Google Scholar
- Taesung Park, Ming-Yu Liu, Ting-Chun Wang, and Jun-Yan Zhu. 2019. Semantic image synthesis with spatially-adaptive normalization. In Proceedings of the IEEE/CVF conference on computer vision and pattern recognition. 2337--2346.Google ScholarCross Ref
- Aditya Singh Rathore, Yijie Shen, Chenhan Xu, Jacob Snyderman, Jinsong Han, Fan Zhang, Zhengxiong Li, Feng Lin, Wenyao Xu, and Kui Ren. 2022. FakeGuard: Exploring Haptic Response to Mitigate the Vulnerability in Commercial Fingerprint Anti-Spoofing. Proceedings 2022 Network and Distributed System Security Symposium (2022).Google ScholarCross Ref
- Arun Ross, Jidnya Shah, and Anil K Jain. 2007. From template to image: Reconstructing fingerprints from minutiae points. IEEE transactions on pattern analysis and machine intelligence 29, 4 (2007), 544--560.Google Scholar
- Aditi Roy, Nasir Memon, and Arun Ross. 2017. Masterprint: Exploring the vulnerability of partial fingerprint-based authentication systems. IEEE Transactions on Information Forensics and Security 12, 9 (2017), 2013--2025.Google ScholarDigital Library
- Anush Sankaran, Tejas I Dhamecha, Mayank Vatsa, and Richa Singh. 2011. On matching latent to latent fingerprints. In 2011 international joint conference on biometrics (IJCB). IEEE, 1--6.Google Scholar
- Mathew J. Schwartz. 2014. Apple iPhone 6 Touch ID Hacked. https://www.bankinfosecurity.com/apple-iphone-6-touchid-hacked-a-7348.Google Scholar
- SecuGen. 2023. SecuGen. https://secugen.com/products/webapi/.Google Scholar
- Mahmood Sharif, Sruti Bhagavatula, Lujo Bauer, and Michael K Reiter. 2016. Accessorize to a crime: Real and stealthy attacks on state-of-the-art face recognition. In Proceedings of the 2016 acm sigsac conference on computer and communications security. 1528--1540.Google ScholarDigital Library
- Meng Shen, Zelin Liao, Liehuang Zhu, Ke Xu, and Xiaojiang Du. 2019. Vla: A practical visible light-based attack on face recognition systems in physical world. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies 3, 3 (2019), 1--19.Google ScholarDigital Library
- Erez Shmueli, Ronen Vaisenberg, Ehud Gudes, and Yuval Elovici. 2014. Implementing a database encryption solution, design and implementation issues. Comput. Secur. 44 (2014), 33--50.Google ScholarCross Ref
- Satya Narayan Shukla, Anit Kumar Sahu, Devin Willmott, and Zico Kolter. 2021. Simple and efficient hard label black-box adversarial attacks in low query budget regimes. In Proceedings of the 27th ACM SIGKDD conference on knowledge discovery & data mining. 1461--1469.Google ScholarDigital Library
- G Edward Suh and Srinivas Devadas. 2007. Physical unclonable functions for device authentication and secret key generation. In 2007 44th ACM/IEEE Design Automation Conference. IEEE, 9--14.Google Scholar
- S Supatmi and ID Sumitra. 2020. Fingerprint Matching Using Bozorth3 Algorithm and Parallel Computation on NVIDIA Compute Unified Device Architecture. In IOP Conference Series: Materials Science and Engineering, Vol. 879. IOP Publishing, 012109.Google ScholarCross Ref
- Amirhosein Toosi, Andrea Bottino, Sandro Cumani, Pablo Negri, and Pietro Luca Sottile. 2017. Feature fusion for fingerprint liveness detection: a comparative study. IEEE Access 5 (2017), 23695--23709.Google ScholarCross Ref
- Florian Tramèr, Alexey Kurakin, Nicolas Papernot, Ian Goodfellow, Dan Boneh, and Patrick McDaniel. 2017. Ensemble adversarial training: Attacks and defenses. arXiv preprint arXiv:1705.07204 (2017).Google Scholar
- Dmitry Ulyanov, Andrea Vedaldi, and Victor Lempitsky. 2016. Instance normalization: The missing ingredient for fast stylization. arXiv preprint arXiv:1607.08022 (2016).Google Scholar
- Ruxin Wang, Congying Han, and Tiande Guo. 2016. A novel fingerprint classification method based on deep learning. In 2016 23rd International Conference on Pattern Recognition (ICPR). IEEE, 931--936.Google Scholar
- Ting-Chun Wang, Ming-Yu Liu, Jun-Yan Zhu, Andrew Tao, Jan Kautz, and Bryan Catanzaro. 2018. High-resolution image synthesis and semantic manipulation with conditional gans. In Proceedings of the IEEE conference on computer vision and pattern recognition. 8798--8807.Google ScholarCross Ref
- Lei Zhang, Yan Meng, Jiahao Yu, Chong Xiang, Brandon Falk, and Haojin Zhu. 2020. Voiceprint mimicry attack towards speaker verification system in smart home. In IEEE INFOCOM 2020-IEEE Conference on Computer Communications. IEEE, 377--386.Google ScholarDigital Library
- Qijun Zhao, Anil K Jain, Nicholas G Paulter, and Melissa Taylor. 2012. Fingerprint image synthesis based on statistical feature models. In 2012 IEEE Fifth International Conference on Biometrics: Theory, Applications and Systems (BTAS). IEEE, 23--30.Google ScholarCross Ref
- Yongfang Zhu, Sarat C. Dass, and Anil K. Jain. 2007. Statistical Models for Assessing the Individuality of Fingerprints. IEEE Trans. Inf. Forensics Secur. 2, 3-1 (2007), 391--401.Google ScholarDigital Library
- Yuan Zhuang, Zhenguang Liu, Peng Qian, Qi Liu, Xiang Wang, and Qinming He. 2020. Smart Contract Vulnerability Detection using Graph Neural Network. In IJCAI. 3283--3290. Google ScholarCross Ref
- ZKTeco. 2021. ZKTeco LIVE 20R. https://www.ebay.com/itm/134070768618.Google Scholar
Index Terms
- FingerFaker: Spoofing Attack on COTS Fingerprint Recognition Without Victim's Knowledge
Recommendations
On the influence of fingerprint area in partial fingerprint recognition
CCBR'12: Proceedings of the 7th Chinese conference on Biometric RecognitionConventional algorithms for fingerprint recognition are mainly based on minutiae information. However, the small number of minutiae in partial fingerprints is still a challenge in fingerprint matching. In fingerprint recognition systems, there are ...
Modelling fingerprint ridge orientation using Legendre polynomials
The estimation of fingerprint ridge orientation is an essential step in every automatic fingerprint verification system. The importance of ridge orientation can be deflected from the fact that it is inevitably used for detecting, describing and matching ...
Fingerprint orientation field reconstruction by weighted discrete cosine transform
Orientation field represents the topological structure of the interleaved ridge and valley flows in fingerprint images. Although a number of methods have been proposed for orientation estimation, reliable computation of orientation field is still a ...
Comments