TWC: Small: Collaborative: The Master Print: Investigating and Addressing Vulnerabilities in Fingerprint-based Authentication Systems

TWC：小：协作：主打印：调查和解决基于指纹的身份验证系统中的漏洞

• 批准号: 1618750
• 负责人: Nasir Memon
• 金额: $ 25万
• 依托单位: New York University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2016
• 资助国家: 美国
• 起止时间: 2016-10-01 至 2020-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1618750&HistoricalAwards=false
• 关键词: TWC; Small; Collaborative; Master; Print

The objective of this project is to investigate the security of fingerprint authentication systems, especially those using partial fingerprints. A number of consumer electronic devices, such as smartphones, are beginning to incorporate fingerprint sensors for user authentication. The sensors embedded in these devices are generally very small and the resulting images are, therefore, limited in size. To compensate for the limited size, these devices often acquire multiple partial impressions (templates) of a single finger during enrollment to ensure that at least one of them will successfully match with the image obtained from the user during authentication. In some cases, the user may even be allowed to enroll multiple fingers, and the templates pertaining to these multiple fingers are associated with the same identity (i.e., one user). A user is deemed to be successfully authenticated if the partial fingerprint obtained during authentication matches with any one of the stored templates. This project is investigating the possibility of generating a "Master Print," a synthetic or real partial fingerprint that serendipitously matches with a large number of partial impressions pertaining to multiple users. This is akin to having a Master Password that can unlock a diverse set of user accounts. In this regard, the following tasks are being conducted: (a) Analyzing the vulnerability of fingerprint authentication systems that use partial fingerprints by developing methods to generate Master Prints; (b) Models for computing the distinctiveness or uniqueness of partial fingerprints compared to full prints; (c) Methods for mitigating the vulnerability associated with the adversarial use of Master Prints.

该项目的目的是研究指纹身份验证系统的安全性，尤其是使用部分指纹的系统。许多消费电子设备（例如智能手机）开始合并用于用户身份验证的指纹传感器。这些设备中嵌入的传感器通常很小，因此所得图像的尺寸受到限制。为了补偿有限的尺寸，这些设备在注册过程中通常会获得单个手指的多个部分印象（模板），以确保其中至少一个将成功与身份验证期间从用户获得的图像匹配。在某些情况下，甚至可以允许用户注册多个手指，并且与这些多个手指有关的模板与相同的身份相关联（即一个用户）。如果在身份验证匹配中与任何一个存储的模板中获得的部分指纹获得，则认为用户被认为可以成功验证。该项目正在研究生成“主打印”的可能性，这是一种合成或实际的部分指纹，该指纹与与多个用户有关的大量部分印象偶然匹配。这类似于拥有可以解锁各种用户帐户的主密码。在这方面，正在执行以下任务：（a）分析指纹身份验证系统的脆弱性，这些验证系统通过开发生成主打印的方法来使用部分指纹； （b）与完整印刷相比，用于计算部分指纹的独特性或独特性的模型； （c）减轻与主印刷的对抗使用相关的漏洞的方法。