We were taught from a young age that no two fingerprints are like the other. Even identical twins, who share their DNA with each other, have different fingerprints. With their individuality making them an excellent way to secure private information, fingerprints have become an efficient replacement for typed passwords.
Artificially generated fingerprints, however, demonstrate a potential weakness in fingerprint security, according to The Guardian. A paper presented at a security conference in Los Angeles by New York University researchers introduced “DeepMasterPrints,” fake fingerprints that are able to imitate more than one in five real ones in a biometric system that is supposed to only have an error rate of one in a thousand.
Finding flaws in security measures is one of the best ways to develop methods of strengthening these measures. The researchers explain that “the underlying method is likely to have broad applications in fingerprint security as well as fingerprint synthesis.”
DeepMasterPrints capitalizes on two specific flaws in the finger authentication process. First, most scanners can’t scan a whole fingerprint, but rather only the part of the finger that touches it. So instead of merging multiple images to get a cohesive image of a full fingerprint, scanners compare a partial image against partial records.
Thus, attackers only have to match one partial image within a record of thousands of images. The second flaw—the fact that some fingerprint features are easier to imitate than others—exacerbates this problem. Thus, fake print could end up strongly resembling a partial image on record that has those easily copied features.
These circumstances make the “dictionary method”—in which an attacker “runs a pre-generated list of common passwords against a security system”—rather effective and applicable when trying to access fingerprint-secured information.
The researchers used a generative adversarial network in order to artificially create new fingerprints that matched many partial fingerprints. This method allowed them to create fake fingerprints that more closely resembled real ones than any other technology has been able to.