Device manufacturers need to get smarter about security systems that rely on fingerprint recognition. The systems could be vulnerable to attack by artificial intelligence (AI), say researchers.
A team from New York University (NYU) School of Engineering in Brooklyn, NY created fake fingerprints that act like “master keys.”
Worldwide, millions of devices such as smartphones use fingerprint recognition for user authentication. Image: Pixabay.com
They trained an AI system capable of “machine learning” and with access to fingerprint libraries.
Such a system, they say, could potentially penetrate devices that use “touch-based authentication.”
Millions of consumer devices use fingerprint recognition
Consumers tend to trust systems that have fingerprint recognition. Worldwide, millions of devices such as smartphones use this form of “biometric authentication.”
The NYU study, however, reveals that these systems could be “surprisingly vulnerable” to security attacks by AI.
One common feature that makes them especially vulnerable is that they use a partial fingerprint for authentication.
To set up fingerprint recognition, devices typically ask users for several different finger images. The authentication system only needs to match any saved partial print to confirm identity.
Partial fingerprint recognition easier to fool
It is much easier to fool a system that uses partial fingerprints because they are less likely to be unique compared with full fingerprints.
Previous research has shown that partial prints have features in common.
An AI system with machine learning and access to sufficient samples can learn what these features are and create what the NYU team calls “MasterPrints.”
“MasterPrints,” they explain, “are real or synthetic fingerprints that can fortuitously match with a large number of fingerprints.”
New AI has much higher ‘attack accuracy’
The new study describes a more accurate system that the team calls “DeepMasterPrints.”
To create fake fingerprints using the MasterPrints method, the AI system “learns” from data.
The AI for DeepMasterPrints, on the other hand, learns from images. This takes the “attack accuracy” to another level.
The team ran a series of experiments in which they showed how their DeepMasterPrints could potentially unlock a touch-based authentication system for up to 1 in 5 users.
‘Wake-up call for device manufacturers’
“Fingerprint-based authentication,” says lead study author Philip Bontrager, a doctoral student at NYU, “is still a strong way to protect a device or a system, but at this point, most systems don’t verify whether a fingerprint or other biometric is coming from a real person or a replica.”
The results of their experiments, he adds, “should be a wake-up call for device manufacturers about the potential for artificial fingerprint attacks.”
He and his colleagues suggest that manufacturers should be thinking about using “multifactor authentication.”
What is machine learning?
Machine learning is a way of training computers to make predictions that have a much higher chance of success than just generating random choices.
First, engineers train computer algorithms by giving them lots of examples. Then the algorithms make a prediction based on what they have “learned” during the training phase.
Amazon, for instance, are using machine learning to improve online browsing for shoppers.
The aim of the service is to help shoppers to find the products they want much more quickly. It asks them to vote on a series of images and then recommends some products.
First, it shows the customer an image of the type of product they have keyed in – for example “table” – and asks them if they like it or not (they select thumb up or down).
Which image appears next depends on whether the customer liked the previous image or not. Again, the customer selects either thumb up or thumb down.
After a series of images, the machine learning algorithm extracts the common attributes of all those that the customer liked.
It then scans all the products in the database, finds those that most closely match the cluster of attributes, and presents the selection to the customer.
AI (artificial intelligence) refers to software technology that makes machines behave and think like human beings.