Everyone's fingerprint is unique, but researchers from new york University and Michigan State University found that the local characteristics between the two fingerprints are similar, so the fingerprint-based security system on mobile phones or other devices is much more fragile than expected.

The disadvantage of the system is that the fingerprint sensor used for authentication function does not capture the complete pattern of the user's fingerprint. On the contrary, it only scans part of the area where fingerprints are stored, and many mobile phones also allow users to input fingerprints of multiple fingers into the system. As long as the user's fingerprint matches the regional fingerprint stored in the system, the phone will be unlocked. According to the researchers' speculation, there may be enough similarity between fingerprint regions of different people to create a fake one. Super fingerprint? , thus fooling the fingerprint sensor of the mobile phone.

Arun Ross, a co-author of the study and a professor of computer science and engineering at Michigan State University, said that many electronic devices, such as smart phones, began to use fingerprint sensors for user authentication, but the size of fingerprint sensors on mobile phones was very small, and only a part of fingerprints could be scanned. In order to make up for this deficiency, electronic devices usually require users to input different regional points of a single finger fingerprint when registering, so as to ensure that at least one point will be successfully matched with the obtained fingerprint image during identity recognition. This makes things worse.

? As the size of the fingerprint sensor becomes smaller, it is necessary to improve the resolution of the sensor in order to capture additional feature points. Alan Ross said,? If the resolution is not improved, it will inevitably damage the uniqueness of the user's fingerprint. The empirical analysis in the research process also confirmed this point. ?

Ross said that the research team is currently studying how to solve this prominent loophole. These include the need to develop effective anti-electronic deception technology; Carefully select the number and type of fingerprints when users register; Improve the resolution of small sensors to extract more feature points; Improve the recognition technology of nodes and textures; And design a more effective comprehensive scheme to combine multiple fingerprint regions of users.

Nasir Memon, head of the computer science and engineering research group at new york University, said? Super fingerprint? It's a bit like a hacker, trying to crack the PIN code (personal identification number of mobile phone SIM card) with the universal password of 1234.

Memon said? The correct password rate of 1234 is about 40%. According to our estimation, the correct rate is a bit high. ?

The National Science Foundation funded researchers to analyze and test 8200 fingerprints. Through commercial fingerprint verification software, the researchers extracted 800 fingerprints in each batch, and the results showed that an average of 92 fingerprints became? Super fingerprint? Potential possibilities. (they will? Super fingerprint? It is designed to match at least 4% fake fingerprints in each batch randomly selected. )

On the contrary, among the 800 complete test samples, the researchers only found a complete one that can be used as? Super fingerprint? Artificial fingerprints. Memon said that it is not surprising that the success rate of matching partial fingerprints is much higher than that of matching the whole fingerprint, but most devices use partial fingerprints for matching.

What are researchers doing with real fingerprint images? Super fingerprint? Based on the analysis of features, an algorithm for generating synthesis is established. Super fingerprint? . Experiments show that synthetic fingerprints are easier to match and can fool the security identification system better than some real fingerprints. And it's made of real fingerprints? Super fingerprint? 26%-65% of users in the system have successfully matched their fingerprints, and the success rate depends on how many fingerprint images users have stored, and a limit of five matching attempts is set.

The more fingerprints users enter in their mobile phones, the more fragile the security system is.

Researchers emphasize that their work is done in a simulated environment, but it should be noted that the development of artificial fingerprint technology and the technology of transferring electronic fingerprints to entities may increase the possibility of attacking biometric devices, which is a very serious problem. Because? Super fingerprint? The design of a reliable authentication system based on fingerprint identification is facing challenges, and it is urgent to strengthen the design of the scheme, so as to use various factors for identity verification and improve the security of the system. Researchers believe that this research will affect the direction of future security system design. At the same time, Memon said that it is still safe to unlock the phone with a password.

Related papers have been published in the journal IEEE Information Authentication and Security.

?

Tadpole staff is compiled from scienceblog, translated by Dog Gege, and reproduced with authorization.

The copyright of the content signed "Tadpole Staff" belongs to Tadpole Staff, and any media, website or individual may not reprint it without authorization, otherwise the corresponding legal responsibility shall be investigated. Please send an email to editor@kedo.gov.cn to apply for reprinting authorization or cooperation. The signed articles published on this website only represent the author's views and have nothing to do with this website. If there is any infringement, you are responsible.

Author: Dog Gege/Compiled