Really interesting work. Snippet from the paper's summary for the lazy:
> The proposed method [...] is based on training a Generative Adversarial Network on a set of real fingerprint images. Stochastic search [...] is then used to search for latent input variables to the generator network that can maximize the number of impostor matches as assessed by a fingerprint recognizer.
So I hadn't heard about "MasterPrints"; the idea that there are fingerprints (synthetic or otherwise) that just happen to have a lot of false matches. That's not intuitive, at least for people like me who know nothing about fingerprint matching algorithms.
Also an interesting application of GANs.
As noted, this research was done in software. I'm not sure if you can apply something similar to physical sensor hardware. Especially since you only get a couple attempts on real hardware before most phones lock out to your pin code. And attacking real hardware would require either A) some kind of physical fingerprint simulator to interface with the sensor or B) opening the phone to get direct access to the I/O (which might then fall afoul of tamper detection, if such a thing exists on phones). But it's cool research regardless.
Now I'm curious if similar techniques can be applied to faces. Are there "MasterFaces"? Do some people have faces that generate more false positives than others?
There has been a lot of research on on the "zoo" of biometrics. Doddington's zoo or the biometric menagerie make reasonable search terms.
The idea is that you have a few classes of errors in any calibrated heuristic system, and biometrics fall prey to the same ones. The individuals that trigger these errors were given animal names.
Given a large enough population, most of the population will be "sheep" - the system works as intended for these.
Some individuals will be prone to false positives. They will pass the system even though they should fail. We'll call these wolves.
Others will be prone to false negatives - they will fail even when they should pass. Goats.
Lambs are a group that is easy to mimic - so others will be mistaken for them once they are in the system, so they sort of perpetuate wolves by having a really generic set of distinguishing traits.
I think this zoo was extended for other unique cases and other animals, but I'm having trouble finding links to the most popular research papers in this series.
The research prompting the posted article seems to be about identifying "wolves" - a good demonstration of the validity of Doddington's theories.
* Wolves are technically just good mimickers, I'm simplifying a bit above.
I imagine to make it to the real world you only need a 3d printer (that can print at sufficiently high density) using a gel substance. After that you can simply lick it and apply.
Why would it? Eigen-faces tend to not even look like faces (which makes sense, given that the goal is to represent a collection of real faces as linear combinations of the orthogonal eigen-faces). One possibility would be to generate random faces as random linear combinations of the eigen-face basis, but this type of attack could be thwarted by rate limiting.
A real "master face" would be a face that looks like many people, and it seems like you could try to obtain faces like that by playing a two-player game between a recognizer and a face generator (as is done when training GANs).
The images that screw up image recognition systems to get very high confidence of very wrong classifications don't look like the thing they're mistaken for at all. All the GANs I've seen produce what looks like colorful static to a human eye. I'm not sure where you're getting the info that it would look like an average face because I've never seen ML systems defeated with GANs like that.
Yes, but you need more than one face. An average face doesn't much look like any particular person. You'd need maybe a few hundred faces.
Facial matching usually reduces search space by assuming something about the input. I.e. you don't match a face against the whole world, just the friends of a person uploading a photo. Otherwise you'd run into matching a similar face to some stranger on the other side of the world.
> Biometric IDs seem to be about as close to a perfect identification system as you can get.
This seems a massive assertion that’s not qualified at all in the article. It was my understanding that biometrics in consumer hardware have always been easily circumvented and are largely about convenience.
I've personally never considered them secure because of stuff like the gummi bear hack [0] popping up semi-regularly [1]. That they say "in recent years" researchers have demonstrated ways to fool them tells me these occurrences are less well-known than I thought.
I believe everybody knows fingerprints or face are not a perfect solution for unlocking mobile phones, but so far they seem to be the best option currently available (taking into account the ease of shoulder surfing and inconvenience of entering secure passwords on small screen).
I'm not going to dispute shoulder surfing is a big problem for unlock patterns, but if you do not care about that attack vector patterns are super efficient and freakingly hard to brute-froce. Considering about 400k combinations [1] on a 3x3 board with a 30sec lockdown every 5 tries it will take on average about 14 days to unlock (given that the pattern is random enough). The average 4 digit pin is doable in about 8 hours on average.
I'm willing to neglect the shoulder surfing attack vector as I feel I keep my phone sufficiently secure from pick pocketing and am not afraid of an "inside attack". Might definitely reconsider this, if I would have to carry a business phone with important secret information though.
"I'm not going to dispute shoulder surfing is a big problem for unlock patterns..."
I always liked the password alternative of showing the user a bunch of pictures or photos in random positions and have them select a number of them in sequence, perhaps showing a whole new set of pictures in between each selection.
Humans tend to have much better visual memory than verbal memory, so they're able to remember this kind of sequence better than a password, especially if the pictures they select are somehow meaningful to them. This is also very difficult for someone to shoulder surf effectively, as they'll be seeing these pictures for the first time and the pictures won't have any meaning for them.
I heard about this idea decades ago, but have never seen it implemented.
> Considering about 400k combinations [1] on a 3x3 board with a 30sec lockdown every 5 tries it will take on average about 14 days to unlock (given that the pattern is random enough).
Not very imaginative. One of my brother's friends got into my brother's phone on the very first try by holding it up to a light and looking at the smudge pattern on the screen. A tapped-out 4-digit PIN would at least stop this method from working so easily.
You’re right that usernames are an ID, the password allows the system to authenticate you are who you say you are (but it’s easily exploited).
There’s no reason why biometrics can’t both Id and authn at the same time, as long as both functions have a high degree of confidence.
Multi factor auth is probably always going to have its place. Where the confidence level is low in the authn, it must be increased by adding additional vectors.
And honestly they're not that convenient. The Touch ID in my iPhone 8+ rejects my print at least a dozen times a day. On some days it rejects it many times in a row, forcing me to key in my unlock code.
Research like this, while ostensibly threatening an increase in false positives (due to unauthorized use of fake prints), will in all likelihood cause vendors to tighten the confidence interval, leading to greatly increased false negatives. If my print is recognized less than half the time I'm just going to disable the feature.
Just for another piece of anecdata: mine used not to work if my finger was too dry... I resorted to everything up to and including licking the finger and retrying. Which, oddly, usually worked.
I didn't use it on my 5S, and thought FaceID and the fingerprint reading on the touch bar was very gimmicky until I got both of them. Now I can barely imagine living without them, unsafe or not.
Switching to Face ID was an enormous improvement for me. Like 99% success, with no special effort, vs 50% at best even if I remembered to wipe the touch sensor first.
I'm waiting for Apple to come out with a small version of the X, then I will switch for sure. I am really annoyed about this trend towards huge phones. I definitely regret getting the 8+.
Not enough detail in the article. There is no discussion of what sensors were used to "fool". Now everyone will assume it works on all actual devices using fingerprints, yet there is no information to support that conclusion. If this technique were applied to actual devices (with fingerprints not included in the study) and it worked reliably, then this would be a meaningful study.
So the experiment is done against VeriFinger [1], which seems like a software solution for fingerprint identification. No actual device is used in the paper, and I assume it is less sophisticated then Apple Touch ID or something.
Maybe "less sophisticated" is overreaction but I thought that because there is no dedicated hardware setup that can contribute to better accurarcy/security.
I'm fine with "casual" security like my fingerprints for my phone and laptop as primary authentication. It annoys me I have to enter a password first from a user experience perspective.
There's definitely need for very hardened phones from physical attack (journalists, canaries, whistleblowers, etc). I'm just not that important so I wish I could choose my security level.
This approach brings up a host of issues, such as: if you’re the only one with a strongly secured device, it raises suspicion; it requires much more effort to become a whistleblower etc, and people inclined to do it, won’t; if “casual” is deemed good enough for most people, strongly secured devices won’t be made or will be so expensive no one can reasonably obtain them; etc.
It's still very important to know that these owls aren't necessarily what they seem. People will hear the phrase "fingerprint recognition" and think "Oh that's clever because I'm the only one with these fingerprints!" and assume that that makes it secure. But of course the reality is more complicated than that, and personally I prefer a passphrase because I understand much better how that works and what the potential points of failure are.
Exactly, actually. My point being that swiping my fingerprints is a big enough pain in the butt for relatively low value of return, and it doesn't scale across users.
Personally, I'm not at all surprised something like this can exist. We know object-recognizing neural networks have issues like this, why shouldn't fingerprint readers? It seems obvious that advanced, semi-opaque maths like what's in a fingerprint reader will have strange and unpredictable failure modes.
Speaking of biometrics: anyone remember that Vietnamese shop (Bkav) who made a big stir out of breaking Face ID a week after launch? Was that ever independently verified, or has anyone else broken Face ID a year later?
I remember there being a lot of skepticism about their claim because they didn’t go into that much technical detail, but rather seemed more interested in winning press and fame (as well as being incredibly boastful about it).
Hopefully someone knows about the current state of Face ID security better than I do, since I’ve been a little out of the loop.
I always get a kick out of technical methods like this because all you would really have to do is punch the owner in the face and use his or her fingerprint to unlock the device. It's sort of like the 5 dollar crowbar from xkcd.
True, although these methods can be used more clandestinely. If you punch someone in the face and use their fingerprint, they know it.
If you compromise their accounts from the other side of the world by tricking a fingerprint reader, they won’t know immediately. And you’ll have broken fewer laws, and possibly be located in a country without extradition.
Fingerprints, and especially the data captured by fingerprint sensors, is not unique, but it is so unlikely that two people will be recognized as the same one, that they are good enough.
There are no proofs of any kind about the natural world. However, it could be shown with a small population sample that fingerprint and dna signatures from the respective technologies are statistically unique.
So, for fingerprints, have actual similarity studied been performed on a sample size large enough to draw conclusions about the test of the population?
There’s a long history of fingerprint identification in law enforcement. That’s a far bigger sample size than any academic study could hope for.
On the other hand, the issue here seems to be less about how unique fingerprints are, and more about how unique the machine’s reading of a fingerprint is. That has more to do with the machine than the biology.
It is all based on the way the machines read our fingerprints. Only a very few specific data points are stored by the machines and not the entire fingerprint itself(guess it is called minutiae). This loss of information increases the probability for false positives.
Hashes are not unique by definition, though we can treat them as such in many practical situations. The same is true for anything with a fixed number of variables with finite states, e.g. DNA.
The DNA usually isn’t completely sequenced. Instead, they look at specific regions of the genome called short tandem repeats, or STRs. Each STR consists of a short pattern of a few bases that repeats over and over. The theory is that individuals have different numbers of repeats—you might have ten repeats of AATG at the TPOX locus, while I only have nine. Individually, this doesn’t tell you much, but if you combine information from multiple loci—six repeats there, seven here, and four there-you can rapidly find profiles that are unlikely to belong to more than one person. This works best if the set are statistically independent.
Still, one can be (un)lucky, or the statistical models could be wrong—maybe the number of repeats is different in a sub population or the STRs aren’tstatistically independent.
As a scientist I hate to find such mistakes in publications: "The test set is used for scoring the candidate DeepMasterPrints during optimization. The attack should be successful against these fingerprints as it is directly optimized for them." Even if that's a typo..
Disclaimer. My team at Neurotechnology develops fingerprint recognition algorithm VeriFinger which was used in this publication to look for vulnerabilities of small area fingerprint sensors.
> The proposed method [...] is based on training a Generative Adversarial Network on a set of real fingerprint images. Stochastic search [...] is then used to search for latent input variables to the generator network that can maximize the number of impostor matches as assessed by a fingerprint recognizer.
So I hadn't heard about "MasterPrints"; the idea that there are fingerprints (synthetic or otherwise) that just happen to have a lot of false matches. That's not intuitive, at least for people like me who know nothing about fingerprint matching algorithms.
Also an interesting application of GANs.
As noted, this research was done in software. I'm not sure if you can apply something similar to physical sensor hardware. Especially since you only get a couple attempts on real hardware before most phones lock out to your pin code. And attacking real hardware would require either A) some kind of physical fingerprint simulator to interface with the sensor or B) opening the phone to get direct access to the I/O (which might then fall afoul of tamper detection, if such a thing exists on phones). But it's cool research regardless.
Now I'm curious if similar techniques can be applied to faces. Are there "MasterFaces"? Do some people have faces that generate more false positives than others?