AI Case Study

Researchers generate fake fingerprints using neural networks and successfully trick fingerprint matching security systems

Researchers generate fake images of fingerprints to trick fingerprint identification systems. This exploits known weaknesses in the technology.

Industry

Technology

Software And It Services

Project Overview

"For a DeepMasterPrint, we need to create a synthetic fingerprint
image that can fool a fingerprint matcher. The matcher
should not only realize that the image is a fingerprint (visual
realism), but should also match that fingerprint image to
many different identities. Therefore, a generator network
has to be combined with a method of searching for DeepMasterPrints.

This technique uses a neural network to learn
to generate images of fingerprints. It then uses evolutionary
optimization to search the latent variable space of the
neural network for a DeepMasterPrint. The Covariance Matrix
Adaptation Evolution Strategy (CMA-ES) is used to
search the input space of the trained neural network for the
ideal fingerprint image. This unique combination of evolutionary
optimization and generative neural networks allows
the neural network to constrain the search space while the
evolutionary algorithm handles the discrete fitness function.
This is the first work that creates a synthetic Masterprint
at the image-level thereby further reinforcing the danger
of utilizing small-sized sensors with limited resolution in
fingerprint applications."

Reported Results

The fake fingerprints were "able to spoof 23% of the subjects
in the dataset at a 0.1% false match rate. At a 1% false match
rate, the generated DeepMasterPrints can spoof 77% of the
subjects in the dataset. Experiments with three different fingerprint matchers and two different datasets show that the method is robust and not dependent on the artifacts of any particular fingerprint matcher or dataset."

Technology

"This approach not only generates an image, but it also has
the potential to find a more effective solution than previous
approaches. To implement this approach, we developed a
new technique called Latent Variable Evolution.
There are two parts to Latent Variable Evolution (LVE);
(1) train a neural network to generate images of fingerprints, and (2) search over the latent variables of the network (the
input vector to the generator network) for a fingerprint that
results in the best DeepMasterPrint, i.e., a fingerprint image
that matches with a large number of other fingerprint images.

In this work we train two generator networks, both using
the WGAN algorithm. The networks are modeled after
deep convolutional GAN and defined in Figure1 [18]. One
network is trained on a dataset of fingerprints scanned with
a capacitive sensor, and the other on a dataset of inked and
rolled fingerprints. The networks are trained adversarially
with a Wasserstein loss function and RMSProp with a learning
rate of 0.00005 [2]. The generators are trained using
the minibatch gradient descent scheme. Each batch samples
64 images and 64 latent variable vectors. We trained each
generator for 120,000 updates, with the discriminator being
trained 5 times between each generator update. Using deconvolutions for the generator resulted in blocky artifacts
therefore we switched to upsampling with convolutions."

Function

Information Technology

Security

Background

"Fingerprints are increasingly being used to verify the
identity of an individual in a variety of applications ranging
from unlocking doors to securing smartphones to authorizing
payments. In some applications such as smartphones, the
fingerprint sensor is small in size for ergonomic reasons
and, therefore, these sensors obtain only partial images of a user’s fingerprint. Since small portions of a fingerprint are
not as distinctive as the full fingerprint, the chances of a partial
fingerprint (from one finger) being incorrectly matched
with another partial fingerprint (from a different finger) are
higher. Recent research has demonstrated the vulnerability of fingerprint recognition systems to dictionary attacks based on MasterPrints. MasterPrints are real or synthetic fingerprints that can fortuitously match with a large number of fingerprints thereby undermining the security afforded by fingerprint systems."

Benefits

Data

"To be verified, only one of the 12
partial fingerprint templates has to match with the input fingerprint. This is the fundamental weakness that MasterPrints
and DeepMasterPrins are exploiting. The fitness of a latent
variable involves converting each set of latent variables to an
image, checking images against all the partial prints in the
system, and then summing up the unique identities that have
at least one match. For our work, we use several different fingerprint matchers. We use the widely popular commercial fingerprint system, VeriFinger 9.0 SDK.

We model two types of fingerprint images; those scanned
from inked-and-rolled impressions and those obtained from
a capacitive sensor. Rolled fingerprints are produced by
applying ink to the finger and rolling the finger on paper.
The rolled fingerprints come from the publicly available
NIST Special Database 9 fingerprint dataset. The
dataset consists of all 10 fingerprints of 5400 unique subjects.
Each fingerprint is an 8-bit grayscale image. In our
work, the right thumbprint of each subject is selected. The
images are then preprocessed by removing the whitespace
and downscaling the resulting image to 256 × 256 pixels.
To obtain partial fingerprint samples, a random 128 × 128
region is extracted every time an image is selected.

The capacitive fingerprint images come from the FingerPass
DB7 dataset [13]. This dataset has 12 partial fingerprints
for each of 720 subjects."