TWC: Small: Collaborative: The Master Print: Investigating and Addressing Vulnerabilities in Fingerprint-based Authentication Systems

TWC：小：协作：主打印：调查和解决基于指纹的身份验证系统中的漏洞

• 批准号: 1618750
• 负责人: Nasir Memon
• 金额: $ 25万
• 依托单位: New York University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2016
• 资助国家: 美国
• 起止时间: 2016-10-01 至 2020-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1618750&HistoricalAwards=false
• 关键词: TWC; Small; Collaborative; Master; Print

The objective of this project is to investigate the security of fingerprint authentication systems, especially those using partial fingerprints. A number of consumer electronic devices, such as smartphones, are beginning to incorporate fingerprint sensors for user authentication. The sensors embedded in these devices are generally very small and the resulting images are, therefore, limited in size. To compensate for the limited size, these devices often acquire multiple partial impressions (templates) of a single finger during enrollment to ensure that at least one of them will successfully match with the image obtained from the user during authentication. In some cases, the user may even be allowed to enroll multiple fingers, and the templates pertaining to these multiple fingers are associated with the same identity (i.e., one user). A user is deemed to be successfully authenticated if the partial fingerprint obtained during authentication matches with any one of the stored templates. This project is investigating the possibility of generating a "Master Print," a synthetic or real partial fingerprint that serendipitously matches with a large number of partial impressions pertaining to multiple users. This is akin to having a Master Password that can unlock a diverse set of user accounts. In this regard, the following tasks are being conducted: (a) Analyzing the vulnerability of fingerprint authentication systems that use partial fingerprints by developing methods to generate Master Prints; (b) Models for computing the distinctiveness or uniqueness of partial fingerprints compared to full prints; (c) Methods for mitigating the vulnerability associated with the adversarial use of Master Prints.

这个项目的目的是研究指纹认证系统的安全性，特别是那些使用部分指纹。许多消费电子设备，如智能手机，开始将指纹传感器用于用户身份验证。在这些设备中嵌入的传感器通常非常小，因此产生的图像在尺寸上是有限的。为了弥补有限的尺寸，这些设备通常在注册期间获取单个手指的多个部分印象（模板），以确保其中至少有一个与身份验证期间从用户获得的图像成功匹配。在某些情况下，甚至可以允许用户注册多个手指，并且与这些多个手指相关的模板与相同的身份（即一个用户）相关联。如果在身份验证过程中获得的部分指纹与存储的模板中的任何一个匹配，则认为用户身份验证成功。这个项目正在研究生成“主指纹”的可能性，这是一种合成的或真实的部分指纹，可以偶然地与多个用户的大量部分印象相匹配。这类似于拥有一个可以解锁各种用户帐户的主密码。在这方面，正在进行下列任务：(a)通过开发生成主指纹的方法，分析使用部分指纹的指纹鉴定系统的脆弱性；(b)计算部分指纹与全部指纹相比的独特性或唯一性的模型；(c)减轻与对抗性使用主打印相关的脆弱性的方法。