TWC: Small: Collaborative: The Master Print: Investigating and Addressing Vulnerabilities in Fingerprint-based Authentication Systems

TWC：小：协作：主打印：调查和解决基于指纹的身份验证系统中的漏洞

• 批准号: 1618750
• 负责人: Nasir Memon
• 金额: $ 25万
• 依托单位: New York University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2016
• 资助国家: 美国
• 起止时间: 2016-10-01 至 2020-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1618750&HistoricalAwards=false
• 关键词: TWC; Small; Collaborative; Master; Print

The objective of this project is to investigate the security of fingerprint authentication systems, especially those using partial fingerprints. A number of consumer electronic devices, such as smartphones, are beginning to incorporate fingerprint sensors for user authentication. The sensors embedded in these devices are generally very small and the resulting images are, therefore, limited in size. To compensate for the limited size, these devices often acquire multiple partial impressions (templates) of a single finger during enrollment to ensure that at least one of them will successfully match with the image obtained from the user during authentication. In some cases, the user may even be allowed to enroll multiple fingers, and the templates pertaining to these multiple fingers are associated with the same identity (i.e., one user). A user is deemed to be successfully authenticated if the partial fingerprint obtained during authentication matches with any one of the stored templates. This project is investigating the possibility of generating a "Master Print," a synthetic or real partial fingerprint that serendipitously matches with a large number of partial impressions pertaining to multiple users. This is akin to having a Master Password that can unlock a diverse set of user accounts. In this regard, the following tasks are being conducted: (a) Analyzing the vulnerability of fingerprint authentication systems that use partial fingerprints by developing methods to generate Master Prints; (b) Models for computing the distinctiveness or uniqueness of partial fingerprints compared to full prints; (c) Methods for mitigating the vulnerability associated with the adversarial use of Master Prints.

该项目的目标是研究指纹认证系统的安全性，特别是那些使用部分指纹的系统。许多消费电子设备（例如智能手机）开始采用指纹传感器来进行用户身份验证。这些设备中嵌入的传感器通常非常小，因此生成的图像尺寸有限。为了弥补尺寸的限制，这些设备通常在注册期间获取单个手指的多个部分印模（模板），以确保其中至少一个能够与身份验证期间从用户获得的图像成功匹配。在某些情况下，甚至可以允许用户注册多个手指，并且与这多个手指相关的模板与相同的身份（即，一个用户）相关联。如果认证时获得的部分指纹与存储的任一模板匹配，则认为用户认证成功。该项目正在研究生成“主指纹”的可能性，这是一种合成或真实的部分指纹，可以与多个用户的大量部分印象偶然匹配。这类似于拥有一个可以解锁一组不同用户帐户的主密码。在这方面，正在开展以下任务： (a) 通过开发生成主指纹的方法来分析使用部分指纹的指纹认证系统的脆弱性； (b) 计算部分指纹与完整指纹相比的显着性或唯一性的模型； (c) 减轻与对抗性使用主打印相关的漏洞的方法。