Most of the smartphones you see today, including those from mid-range category, come with fingerprint sensor to secure the device. Fingerprint lock is surely one of the best methods to secure a mobile phone, but researchers have found out that it is not "extremely" secure and the sensors in your iPhone or Samsung Galaxy devices could get confused with the lines of your fingers.
No two people are believed to have identical fingerprints, but Professor Nasir Memon at NYU Tandon School of Engineering, Aditi Roy, Postdoctoral Fellow at the same college, and Professor of Computer Science and Engineering at Michigan State University, Arun Ross, have found that partial similarities between prints could make fingerprint-based security systems used in mobile phones and other electronic devices like biometric security system more vulnerable.
The research stands on the premise that fingerprint-based authentication systems feature small sensors that do not capture a user's full fingerprint, thus scanning and storing only a part of it. Many phones allow users to enrol several different fingers in their authentication system and the identity is confirmed when a user's fingerprint matches any one of the saved partial prints. The researchers hypothesized that there could be enough similarities among different people's partial prints that one could create a "MasterPrint" or one that matches at least four percent of the other prints in the randomly sampled batch.
The researchers found that certain attributes in human fingerprint patterns were common enough to raise security concerns. With the help of commercial fingerprint verification software, they found an average of 92 potential MasterPrints for every randomly sampled batch of 800 partial prints. However, they found that just one full-fingerprint MasterPrint in a sample of 800 full prints. They undertook their analysis using 8,200 partial fingerprints.
"Not surprisingly, there's a much greater chance of falsely matching a partial print than a full one, and most devices rely only on partials for identification," said Professor Memon.
The team analysed the attributes of MasterPrints culled from real fingerprint images before building an algorithm for creating synthetic partial MasterPrints. Experiments showed that synthetic partial prints have an even wider matching potential, making them more likely to fool biometric security systems than real partial fingerprints. With their digitally simulated MasterPrints, the team reported successfully matching between 26 and 65 percent of users, depending on how many partial fingerprint impressions were stored for each user and assuming a maximum number of five attempts per authentication.
The more partial fingerprints a given smartphone stores for each user, the more vulnerable it is.
Roy said that "improvements in creating synthetic prints and techniques for transferring digital MasterPrints to physical artefacts in order to spoof a device pose significant security concerns." It points out the need to design trustworthy fingerprint-based authentication systems and multi-factor authentication schemes.
"As fingerprint sensors become smaller in size, it is imperative for the resolution of the sensors to be significantly improved in order for them to capture additional fingerprint features," Ross said in a statement. "If resolution is not improved, the distinctiveness of a user's fingerprint will be inevitably compromised. The empirical analysis conducted in this research clearly substantiates this," he added.