research-article

FingerFaker: Spoofing Attack on COTS Fingerprint Recognition Without Victim's Knowledge

Authors:
Yijie Shen

Zhejiang University, Hangzhou, China

Zhejiang University, Hangzhou, China

https://orcid.org/0000-0003-1202-2525
View Profile

,
Zhe Ma

Zhejiang University, Hangzhou, China

Zhejiang University, Hangzhou, China

https://orcid.org/0009-0008-8852-0516
View Profile

,
Feng Lin

Zhejiang University, Hangzhou, China

Zhejiang University, Hangzhou, China

https://orcid.org/0000-0001-5240-5200
View Profile

,
Hao Yan

Zhejiang University, Hangzhou, China

Zhejiang University, Hangzhou, China

https://orcid.org/0009-0003-0195-0446
View Profile

,
Zhongjie Ba

Zhejiang University, Hangzhou, China

Zhejiang University, Hangzhou, China

https://orcid.org/0000-0003-0921-8869
View Profile

,
Li Lu

Zhejiang University, Hangzhou, China

Zhejiang University, Hangzhou, China

https://orcid.org/0000-0001-5230-3749
View Profile

,
Wenyao Xu

SUNY Buffalo, Buffalo, United States of America

SUNY Buffalo, Buffalo, United States of America

https://orcid.org/0000-0001-6444-9411
View Profile

,
Kui Ren

Zhejiang University, Hangzhou, China

Zhejiang University, Hangzhou, China

https://orcid.org/0000-0003-3441-6277
View Profile

SenSys '23: Proceedings of the 21st ACM Conference on Embedded Networked Sensor SystemsNovember 2023Pages 167–180https://doi.org/10.1145/3625687.3625783

Published:26 April 2024Publication History

SenSys '23: Proceedings of the 21st ACM Conference on Embedded Networked Sensor Systems

Pages 167–180

ABSTRACT

Fingerprint recognition has been a vital security guard for various applications whose vulnerability has been explored by different works. However, previous works on spoofing fingerprint recognition rely on prior knowledge (e.g., photos and minutiae) of the target fingerprint, which fails to implement in practical scenarios. In this paper, we design a fingerprint spoofing attack, namely FingerFaker, to explore the vulnerability of fingerprint recognition, which can spoof automated fingerprint recognition systems (AFRSs) without prior knowledge of target fingerprints. Specifically, we propose a novel concept of "pseudo-minutiae-set" as an effective optimization object and design a two-stage scheme to optimize "pseudo-minutiaeset" leveraging a two-factor evolutionary strategy. In addition, we use a GAN-based training strategy with a minutiae loss function to pre-train a fingerprint generator to map a "pseudo-minutiae-set" into a fingerprint. We use 6342 fingerprint images to verify the performance of FingerFaker on spoofing the open-source AFRS, which shows a high attack success rate (ASR) of 97.78%. Meanwhile, we conduct a realistic case study on commercial off-the-shelf (COTS) AFRS, where FingerFaker also shows 94.22% ASR. Finally, we explore the impact of different conditions to guide the attack and propose countermeasures to mitigate the harm.

References

Inayat Ali, Sonia Sabir, and Zahid Ullah. 2019. Internet of things security, device authentication and access control: a review. arXiv preprint arXiv:1901.07309 (2019).Google Scholar
Mouad MH Ali, Vivek H Mahale, Pravin Yannawar, and AT Gaikwad. 2016. Overview of fingerprint recognition system. In 2016 international conference on electrical, electronics, and optimization techniques (ICEEOT). IEEE, 1334--1338.Google ScholarCross Ref
Sunpreet S Arora, Kai Cao, Anil K Jain, and Nicholas G Paulter. 2016. Design and fabrication of 3D fingerprint targets. IEEE Transactions on Information Forensics and Security 11, 10 (2016), 2284--2297.Google ScholarDigital Library
M Arul Selvan and S Selvakumar. 2019. Malicious node identification using quantitative intrusion detection techniques in MANET. Cluster computing 22, 3 (2019), 7069--7077.Google Scholar
Aware. 2023. Aware. https://www.aware.com/identification-verification/.Google Scholar
Roli Bansal, Priti Sehgal, and Punam Bedi. 2011. Minutiae extraction from finger-print images-a review. arXiv preprint arXiv:1201.1422 (2011).Google Scholar
Daniel Bichler, Guido Stromberg, Mario Huemer, and Manuel Löw. 2007. Key generation based on acceleration data of shaking processes. In UbiComp 2007: Ubiquitous Computing: 9th International Conference, UbiComp 2007, Innsbruck, Austria, September 16--19, 2007. Proceedings 9. Springer, 304--317.Google Scholar
BioKey. 2023. BioKey. https://www.bio-key.com/portalguard/.Google Scholar
BioKey. 2023. BioKey Case Study. https://www.bio-key.com/resources/?type=case-studies.Google Scholar
Philip Bontrager, Aditi Roy, Julian Togelius, Nasir Memon, and Arun Ross. 2018. Deepmasterprints: Generating masterprints for dictionary attacks via latent variable evolution. In 2018 IEEE 9th International Conference on Biometrics Theory, Applications and Systems (BTAS). IEEE, 1--9.Google ScholarDigital Library
Rafael Bouzaglo and Yosi Keller. 2022. Synthesis and reconstruction of fingerprints using generative adversarial networks. arXiv preprint arXiv:2201.06164 (2022).Google Scholar
Kai Cao and Anil K Jain. 2014. Learning fingerprint reconstruction: From minutiae to image. IEEE Transactions on information forensics and security 10, 1 (2014), 104--117.Google ScholarCross Ref
Raffaele Cappelli, Dario Maio, Alessandra Lumini, and Davide Maltoni. 2007. Fingerprint image reconstruction from standard templates. IEEE transactions on pattern analysis and machine intelligence 29, 9 (2007), 1489--1503.Google ScholarDigital Library
Guangke Chen, Sen Chenb, Lingling Fan, Xiaoning Du, Zhe Zhao, Fu Song, and Yang Liu. 2021. Who is real bob? adversarial attacks on speaker recognition systems. In 2021 IEEE Symposium on Security and Privacy (SP). IEEE, 694--711.Google ScholarCross Ref
Jiansheng Chen and Yiu Sang Moon. 2008. The statistical modelling of fingerprint minutiae distribution with implications for fingerprint individuality studies. In 2008 IEEE Computer Society Conference on Computer Vision and Pattern Recognition (CVPR 2008), 24--26 June 2008, Anchorage, Alaska, USA. IEEE Computer Society.Google Scholar
Yu Chen, Yang Yu, and Lidong Zhai. 2023. InfinityGauntlet: Expose Smartphone Fingerprint Authentication to Brute-force Attack. In 32nd USENIX Security Symposium (USENIX Security 23). USENIX Association, Anaheim, CA, 2027--2041. https://www.usenix.org/conference/usenixsecurity23/presentation/chen-yuGoogle Scholar
Minhao Cheng, Thong Le, Pin-Yu Chen, Jinfeng Yi, Huan Zhang, and Cho-Jui Hsieh. 2018. Query-efficient hard-label black-box attack: An optimization-based approach. arXiv preprint arXiv:1807.04457 (2018).Google Scholar
Ana Cholakoska, Bjarne Pfitzner, Hristijan Gjoreski, Valentin Rakovic, Bert Arnrich, and Marija Kalendar. 2021. Differentially Private Federated Learningfor Anomaly Detection in eHealth Networks. In Adjunct Proceedings of the 2021 ACM International Joint Conference on Pervasive and Ubiquitous Computing and Proceedings of the 2021 ACM International Symposium on Wearable Computers. 514--518.Google ScholarDigital Library
CloudABIS. 2023. CloudABIS. https://www.m2sys.com/.Google Scholar
CloudABIS. 2023. CloudABIS Case Study. https://www.m2sys.com/biometric-fingerprint-software-case-studies/.Google Scholar
Kalyanmoy Deb, Ram Bhushan Agrawal, et al. 1995. Simulated binary crossover for continuous search space. Complex systems 9, 2 (1995), 115--148.Google Scholar
Kalyanmoy Deb, Amrit Pratap, Sameer Agarwal, and TAMT Meyarivan. 2002. A fast and elitist multiobjective genetic algorithm: NSGA-II. IEEE transactions on evolutionary computation 6, 2 (2002), 182--197.Google Scholar
Yinpeng Dong, Hang Su, Baoyuan Wu, Zhifeng Li, Wei Liu, Tong Zhang, and Jun Zhu. 2019. Efficient decision-based black-box adversarial attacks on face recognition. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition. 7714--7722.Google ScholarCross Ref
Yinpeng Dong, Hang Su, Baoyuan Wu, Zhifeng Li, Wei Liu, Tong Zhang, and Jun Zhu. 2019. Efficient decision-based black-box adversarial attacks on face recognition. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition. 7714--7722.Google ScholarCross Ref
Joshua J Engelsma, Sunpreet S Arora, Anil K Jain, and Nicholas G Paulter. 2018. Universal 3D wearable fingerprint targets: Advancing fingerprint reader evaluations. IEEE Transactions on Information Forensics and Security 13, 6 (2018), 1564--1578.Google ScholarDigital Library
Jianjiang Feng and Anil K Jain. 2010. Fingerprint reconstruction: from minutiae to phase. IEEE transactions on pattern analysis and machine intelligence 33, 2 (2010), 209--223.Google Scholar
FVC2002. 2002. Fingerprint Verification Competition. http://bias.csr.unibo.it/fvc2002/.Google Scholar
Sanjam Garg, Craig Gentry, Shai Halevi, Mariana Raykova, Amit Sahai, and Brent Waters. 2016. Candidate indistinguishability obfuscation and functional encryption for all circuits. SIAM J. Comput. 45, 3 (2016), 882--929.Google ScholarDigital Library
Luca Ghiani, David A. Yambay, Valerio Mura, Gian Luca Marcialis, Fabio Roli, and Stephanie Schuckers. 2017. Review of the Fingerprint Liveness Detection (LivDet) competition series: 2009 to 2015. Image Vis. Comput. 58 (2017), 110--128.Google ScholarDigital Library
Marta Gomez-Barrero, Emanuele Maiorana, Javier Galbally, Patrizio Campisi, and Julian Fiérrez. 2017. Multi-biometric template protection based on Homomorphic Encryption. Pattern Recognit. 67 (2017), 149--163.Google ScholarDigital Library
Ian J Goodfellow, Jonathon Shlens, and Christian Szegedy. 2014. Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572 (2014).Google Scholar
Google. 2023. Android-12-cdd biometric sensors. https://source.android.com/docs/security/features/biometric.Google Scholar
Lin Hong, Yifei Wan, and Anil Jain. 1998. Fingerprint image enhancement: Algorithm and performance evaluation. IEEE transactions on pattern analysis and machine intelligence 20, 8 (1998), 777--789.Google Scholar
Zhichao Huang and Tong Zhang. 2019. Black-box adversarial attack with transferable model-based embedding. arXiv preprint arXiv:1911.07140 (2019).Google Scholar
Innovatrics. 2023. Innovatrics. https://www.innovatrics.com/innovatrics-abis/.Google Scholar
Xudong Jiang and Wei-Yun Yau. 2000. Fingerprint minutiae matching based on the local and global structures. In Proceedings 15th international conference on pattern recognition. ICPR-2000, Vol. 2. IEEE, 1038--1041.Google ScholarCross Ref
Nick Kanopoulos, Nagesh Vasanthavada, and Robert L Baker. 1988. Design of an image edge detection filter using the Sobel operator. IEEE Journal of solid-state circuits 23, 2 (1988), 358--367.Google ScholarCross Ref
Sieeka Khan. 2019. Samsung Galaxy S10 Fingerprint Scanner Hacked. https://www.sciencetimes.com/articles/19758/20190406/samsung.htm.Google Scholar
Diederik P Kingma and Jimmy Ba. 2014. Adam: A method for stochastic optimization. arXiv preprint arXiv:1412.6980 (2014).Google Scholar
Zoe Kleinman. 2014. Politician's fingerprint 'cloned from photos' by hacker. https://www.bbc.com/news/technology-30623611.Google Scholar
Kenneth Ko et al. 2007. User's guide to nist biometric image software (nbis). (2007).Google Scholar
John R Koza and Riccardo Poli. 2005. Genetic programming. In Search methodologies. Springer, 127--164.Google Scholar
Cai Li and Jiankun Hu. 2016. A Security-Enhanced Alignment-Free Fuzzy Vault-Based Fingerprint Cryptosystem Using Pair-Polar Minutiae Structures. IEEE Trans. Inf. Forensics Secur. 11, 3 (2016), 543--555.Google ScholarDigital Library
Sheng Li and Alex C Kot. 2012. An improved scheme for full fingerprint reconstruction. IEEE Transactions on Information Forensics and Security 7, 6 (2012), 1906--1912.Google ScholarDigital Library
Zhenguang Liu, Peng Qian, Xiaoyang Wang, Yuan Zhuang, Lin Qiu, and Xun Wang. 2021. Combining Graph Neural Networks with Expert Knowledge for Smart Contract Vulnerability Detection. TKDE (2021). Google ScholarCross Ref
Aleksander Madry, Aleksandar Makelov, Ludwig Schmidt, Dimitris Tsipras, and Adrian Vladu. 2017. Towards deep learning models resistant to adversarial attacks. arXiv preprint arXiv:1706.06083 (2017).Google Scholar
Davide Maltoni, Dario Maio, Anil K Jain, and Salil Prabhakar. 2009. Synthetic fingerprint generation. Handbook of fingerprint recognition (2009), 271--302.Google ScholarCross Ref
Anna Mikaelyan and Josef Bigun. 2012. Ground truth and evaluation for latent fingerprint matching. In 2012 IEEE Computer Society Conference on Computer Vision and Pattern Recognition Workshops. IEEE, 83--88.Google ScholarCross Ref
Takeru Miyato, Toshiki Kataoka, Masanori Koyama, and Yuichi Yoshida. 2018. Spectral normalization for generative adversarial networks. arXiv preprint arXiv:1802.05957 (2018).Google Scholar
Farid Ghareh Mohammadi, Farzan Shenavarmasouleh, M Hadi Amini, and Hamid R Arabnia. 2020. Malware detection using artificial bee colony algorithm. In Adjunct Proceedings of the 2020 ACM International Joint Conference on Pervasive and Ubiquitous Computing and Proceedings of the 2020 ACM International Symposium on Wearable Computers. 568--572.Google ScholarDigital Library
Seyed-Mohsen Moosavi-Dezfooli, Alhussein Fawzi, Omar Fawzi, and Pascal Frossard. 2017. Universal adversarial perturbations. In Proceedings of the IEEE conference on computer vision and pattern recognition. 1765--1773.Google ScholarCross Ref
Neurotechnology. 2021. Verifinger SDK. https://www.neurotechnology.com/verifinger.html.Google Scholar
Neurotechnology. 2022. Verifinger Case Studies. https://www.neurotechnology.com/cgi-bin/customers.cgi.Google Scholar
Dinh-Luan Nguyen, Sunpreet S Arora, Yuhang Wu, and Hao Yang. 2020. Adversarial light projection attacks on face recognition systems: A feasibility study. In Proceedings of the IEEE/CVF conference on computer vision and pattern recognition workshops. 814--815.Google ScholarCross Ref
NIST. 2010. NIST Biometric Image Software (NBIS). https://www.nist.gov/services-resources/software/nist-biometric-image-software-nbis.Google Scholar
Taesung Park, Ming-Yu Liu, Ting-Chun Wang, and Jun-Yan Zhu. 2019. Semantic image synthesis with spatially-adaptive normalization. In Proceedings of the IEEE/CVF conference on computer vision and pattern recognition. 2337--2346.Google ScholarCross Ref
Aditya Singh Rathore, Yijie Shen, Chenhan Xu, Jacob Snyderman, Jinsong Han, Fan Zhang, Zhengxiong Li, Feng Lin, Wenyao Xu, and Kui Ren. 2022. FakeGuard: Exploring Haptic Response to Mitigate the Vulnerability in Commercial Fingerprint Anti-Spoofing. Proceedings 2022 Network and Distributed System Security Symposium (2022).Google ScholarCross Ref
Arun Ross, Jidnya Shah, and Anil K Jain. 2007. From template to image: Reconstructing fingerprints from minutiae points. IEEE transactions on pattern analysis and machine intelligence 29, 4 (2007), 544--560.Google Scholar
Aditi Roy, Nasir Memon, and Arun Ross. 2017. Masterprint: Exploring the vulnerability of partial fingerprint-based authentication systems. IEEE Transactions on Information Forensics and Security 12, 9 (2017), 2013--2025.Google ScholarDigital Library
Anush Sankaran, Tejas I Dhamecha, Mayank Vatsa, and Richa Singh. 2011. On matching latent to latent fingerprints. In 2011 international joint conference on biometrics (IJCB). IEEE, 1--6.Google Scholar
Mathew J. Schwartz. 2014. Apple iPhone 6 Touch ID Hacked. https://www.bankinfosecurity.com/apple-iphone-6-touchid-hacked-a-7348.Google Scholar
SecuGen. 2023. SecuGen. https://secugen.com/products/webapi/.Google Scholar
Mahmood Sharif, Sruti Bhagavatula, Lujo Bauer, and Michael K Reiter. 2016. Accessorize to a crime: Real and stealthy attacks on state-of-the-art face recognition. In Proceedings of the 2016 acm sigsac conference on computer and communications security. 1528--1540.Google ScholarDigital Library
Meng Shen, Zelin Liao, Liehuang Zhu, Ke Xu, and Xiaojiang Du. 2019. Vla: A practical visible light-based attack on face recognition systems in physical world. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies 3, 3 (2019), 1--19.Google ScholarDigital Library
Erez Shmueli, Ronen Vaisenberg, Ehud Gudes, and Yuval Elovici. 2014. Implementing a database encryption solution, design and implementation issues. Comput. Secur. 44 (2014), 33--50.Google ScholarCross Ref
Satya Narayan Shukla, Anit Kumar Sahu, Devin Willmott, and Zico Kolter. 2021. Simple and efficient hard label black-box adversarial attacks in low query budget regimes. In Proceedings of the 27th ACM SIGKDD conference on knowledge discovery & data mining. 1461--1469.Google ScholarDigital Library
G Edward Suh and Srinivas Devadas. 2007. Physical unclonable functions for device authentication and secret key generation. In 2007 44th ACM/IEEE Design Automation Conference. IEEE, 9--14.Google Scholar
S Supatmi and ID Sumitra. 2020. Fingerprint Matching Using Bozorth3 Algorithm and Parallel Computation on NVIDIA Compute Unified Device Architecture. In IOP Conference Series: Materials Science and Engineering, Vol. 879. IOP Publishing, 012109.Google ScholarCross Ref
Amirhosein Toosi, Andrea Bottino, Sandro Cumani, Pablo Negri, and Pietro Luca Sottile. 2017. Feature fusion for fingerprint liveness detection: a comparative study. IEEE Access 5 (2017), 23695--23709.Google ScholarCross Ref
Florian Tramèr, Alexey Kurakin, Nicolas Papernot, Ian Goodfellow, Dan Boneh, and Patrick McDaniel. 2017. Ensemble adversarial training: Attacks and defenses. arXiv preprint arXiv:1705.07204 (2017).Google Scholar
Dmitry Ulyanov, Andrea Vedaldi, and Victor Lempitsky. 2016. Instance normalization: The missing ingredient for fast stylization. arXiv preprint arXiv:1607.08022 (2016).Google Scholar
Ruxin Wang, Congying Han, and Tiande Guo. 2016. A novel fingerprint classification method based on deep learning. In 2016 23rd International Conference on Pattern Recognition (ICPR). IEEE, 931--936.Google Scholar
Ting-Chun Wang, Ming-Yu Liu, Jun-Yan Zhu, Andrew Tao, Jan Kautz, and Bryan Catanzaro. 2018. High-resolution image synthesis and semantic manipulation with conditional gans. In Proceedings of the IEEE conference on computer vision and pattern recognition. 8798--8807.Google ScholarCross Ref
Lei Zhang, Yan Meng, Jiahao Yu, Chong Xiang, Brandon Falk, and Haojin Zhu. 2020. Voiceprint mimicry attack towards speaker verification system in smart home. In IEEE INFOCOM 2020-IEEE Conference on Computer Communications. IEEE, 377--386.Google ScholarDigital Library
Qijun Zhao, Anil K Jain, Nicholas G Paulter, and Melissa Taylor. 2012. Fingerprint image synthesis based on statistical feature models. In 2012 IEEE Fifth International Conference on Biometrics: Theory, Applications and Systems (BTAS). IEEE, 23--30.Google ScholarCross Ref
Yongfang Zhu, Sarat C. Dass, and Anil K. Jain. 2007. Statistical Models for Assessing the Individuality of Fingerprints. IEEE Trans. Inf. Forensics Secur. 2, 3-1 (2007), 391--401.Google ScholarDigital Library
Yuan Zhuang, Zhenguang Liu, Peng Qian, Qi Liu, Xiang Wang, and Qinming He. 2020. Smart Contract Vulnerability Detection using Graph Neural Network. In IJCAI. 3283--3290. Google ScholarCross Ref
ZKTeco. 2021. ZKTeco LIVE 20R. https://www.ebay.com/itm/134070768618.Google Scholar

Index Terms

FingerFaker: Spoofing Attack on COTS Fingerprint Recognition Without Victim's Knowledge
1. Security and privacy
  1. Security services
    1. Authentication
      1. Biometrics

Recommendations

On the influence of fingerprint area in partial fingerprint recognition
CCBR'12: Proceedings of the 7th Chinese conference on Biometric Recognition

Conventional algorithms for fingerprint recognition are mainly based on minutiae information. However, the small number of minutiae in partial fingerprints is still a challenge in fingerprint matching. In fingerprint recognition systems, there are ...
Read More
Modelling fingerprint ridge orientation using Legendre polynomials

The estimation of fingerprint ridge orientation is an essential step in every automatic fingerprint verification system. The importance of ridge orientation can be deflected from the fact that it is inevitably used for detecting, describing and matching ...
Read More
Fingerprint orientation field reconstruction by weighted discrete cosine transform

Orientation field represents the topological structure of the interleaved ridge and valley flows in fingerprint images. Although a number of methods have been proposed for orientation estimation, reliable computation of orientation field is still a ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
SenSys '23: Proceedings of the 21st ACM Conference on Embedded Networked Sensor Systems
November 2023
574 pages
ISBN:9798400704147
DOI:10.1145/3625687
General Chair:
Rasit Eskicioglu,
Program Chair:
Polly Huang,
Program Co-chair:
Neal Patwari
Copyright © 2023 Copyright is held by the owner/author(s). Publication rights licensed to ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 26 April 2024
Check for updates
Author Tags
fingerprint recognition
spoofing attack
no prior-knowledge
Qualifiers
- research-article
Conference

Acceptance Rates
Overall Acceptance Rate174of867submissions,20%
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 0
  Total Citations
  View Citations
- 55
  Total Downloads
- Downloads (Last 12 months)55
- Downloads (Last 6 weeks)55
Other Metrics
View Author Metrics
Cited By
This publication has not been cited yet

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

FingerFaker: Spoofing Attack on COTS Fingerprint Recognition Without Victim's Knowledge

SenSys '23: Proceedings of the 21st ACM Conference on Embedded Networked Sensor Systems

ABSTRACT

References

Cited By

Index Terms

Recommendations

On the influence of fingerprint area in partial fingerprint recognition

Modelling fingerprint ridge orientation using Legendre polynomials

Fingerprint orientation field reconstruction by weighted discrete cosine transform