DeepMasterPrints: Generating MasterPrints for Dictionary Attacks via Latent Variable Evolution by Philip Bontrager et al.
Abstract:
Recent research has demonstrated the vulnerability of fingerprint recognition systems to dictionary attacks based on MasterPrints. MasterPrints are real or synthetic fingerprints that can fortuitously match with a large number of fingerprints thereby undermining the security afforded by fingerprint systems. Previous work by Roy et al. generated synthetic MasterPrints at the feature-level. In this work we generate complete image-level MasterPrints known as DeepMasterPrints, whose attack accuracy is found to be much superior than that of previous methods. The proposed method, referred to as Latent Variable Evolution, is based on training a Generative Adversarial Network on a set of real fingerprint images. Stochastic search in the form of the Covariance Matrix Adaptation Evolution Strategy is then used to search for latent input variables to the generator network that can maximize the number of impostor matches as assessed by a fingerprint recognizer. Experiments convey the efficacy of the proposed method in generating DeepMasterPrints. The underlying method is likely to have broad applications in fingerprint security as well as fingerprint synthesis.
One review of this paper concludes:
…
At the highest level of security, the researchers note that the master print is “not very good” at spoofing the sensor—the master prints only fooled the sensor less than 1.2 percent of the time.While this research doesn’t spell the end of fingerprint ID systems, the researchers said it will require the designers of these systems to rethink the tradeoff between convenience and security in the future.
But fingerprint ID systems are only one use case for DeepMasterPrints.
The generated fingerprints, for all intents and purposes, appear to be human fingerprints. If used to intentionally “leave” fingerprints for investigators to discover, there is no immediate “tell” these are artificial fingerprints.
If your goal is to delay or divert authorities for a few hours or even days with “fake” fingerprints, then DeepMasterPrints may be quite useful.
The test for any security or counter-security measure isn’t working forever or without fail but only for as long as needful. (For example, encryption that defeats decryption until after an attack has served its purpose. It need not do more than that.)