Hacking Book | Free Online Hacking Learning


fingerprint recognition principle and universal fingerprint attack conjecture

Posted by verstraete at 2020-02-27

Lei Feng's web press: the last open class mentioned the fingerprint sensing method. The sensor collects the real fingerprint as an image, and the algorithm identifies the consistency of the fingerprint. But the omnipotent fingerprint is an attack method that has not been studied yet.

In the last hard creation open class of Lei feng.com, Li Yangyuan, founder of Mindray microelectronics, shared the content of fingerprint sensor principle and fake fingerprint attack and defense technology for you. Among them, it was mentioned that at the system level, there are three levels of fake fingerprint attack, all of which have different technical requirements for fingerprint identification:

Rank 1, the false fingerprint of the known fingerprint entity duplication;

Rank 2, according to the characteristics of the false fingerprint restored;

Rank 3, not based on the specific fingerprint characteristics of the "omnipotent fingerprint".

So, as like as two peas, you should have known that the hacker is going to attack a mobile phone and equipment. In addition to copying a fingerprint that is exactly the same as yours, will they steal your fingerprint data and push back your fingerprints, or even create a universal fingerprint like a master key to crack your device?

In the face of such security risks, we need to recognize the following problems, so as to prepare for the future: what is the principle of fingerprint identification? What are the attack methods of fingerprint identification? Do universal fingerprints really exist? Lei Feng net (official account: Lei Feng net) has invited Li Yangyuan again to answer the above questions for you.

Guest introduction

Li Yangyuan is the founder of Suzhou Mindray microelectronics; the only practitioner in fingerprint recognition field who can run through algorithm, sensor and IC design; one of the earliest developers in cryptochip field; based on the "c-q-t" circuit invented by Li Yangyuan, Suzhou Mindray microelectronics has become the second largest supplier of capacitive fingerprint sensor in Mainland China with only three years of establishment.

pattern recognition

Fingerprint recognition is a kind of pattern recognition. Pattern recognition is to describe each individual of an object. The sum of these descriptions is the feature space. The richer the dimensions of the feature space, the easier it is to identify individuals. For example: male, medium-sized, thin, lewd face, but it's difficult to locate someone only with these information. If we add some features in the above example, such as a mole on the chin and a scar on the left corner of the eye, we can describe the individual more accurately.

When the feature space is established, there will be some uncertainty when the individual is abstracted into a feature sequence. For example, some people think that he is ugly, while others think that he is handsome. In order to transform the description of feature space into meaningful classification and discrimination, algorithms are needed.

Pattern classification is to divide the feature space into several regions, so as to realize the individual classification;

Settlement scoring can be regarded as the simplest classification, which combines multiple feature dimensions into one dimension;

A more general classification of more than two categories does not form a continuous score sequence first.

Fingerprint is not a typical pattern recognition

Why do you say that? There are two main reasons:

1. The feature space is not clear

If there is an accurate coordinate system, fingerprint features can be described by feature space

• fine nodes, no matter the end point or the fork point, are mainly characterized by geometric position;

• features such as direction field and frequency field are based on coordinate system;

Unfortunately, the purpose of fingerprint matching is to find coordinate transformation:

• fingerprint matching score is defined as the matching score of two fingerprints under the coordinate transformation to achieve the maximum matching under the exhausting of any coordinate transformation;

• the position of the fingerprint relative to the finger is usually not collected, which is the reason for this attribute.

2. Model classification is not clear

Since 1823, there has been a discussion on fingerprint taxonomy. The figure above shows 9 types of fingerprints described by perkinger. Because the basic ring of fingerprint is very different, we can't customize a more reliable coordinate system for fingerprint. If there is only one fingerprint in the world, fingerprint identification will become very simple.

The goal of automatic fingerprint recognition technology is:

Identify whether a fingerprint is a specific registered fingerprint;

Identify whether a fingerprint is one of multiple registered fingerprints and which one.

Therefore, the classical fingerprint taxonomy has little help to fingerprint recognition technology.

In essence, it is more appropriate to regard fingerprint recognition as likelihood matching. Many people have studied the sliding window correlation method, which is the most basic likelihood matching. It only considers the geometric translation of two dimensions. But fingerprint recognition needs to consider more factors:

• rotation, skin creep (non rigid deformation);

• changes in the skin, such as peeling, wrinkling;

• noise and signal fading from sensors.

Therefore, these factors make fingerprint recognition a challenging field:

• can't get knowledge support directly from classic large fields;

• it involves a wide range of fields and lacks theory, so the voice of application is very high;

As the source of information, the fingerprint sensor's design method is open, which makes the research and development of the whole fingerprint identification field more open.

Other biometric technologies

At present, in addition to fingerprint recognition, biometrics includes face recognition and iris recognition, but the latter two have clear geometric coordinate system

• the five senses have a clear structural relationship, and the iris has a clear structure and direction;

• both face and iris can be expressed in feature space, and iris even has classic Coding;

• with HD camera, the stability of the sensor itself is better.

The biggest difference between fingerprint recognition and these two biometrics is that they are not a category, so fingerprint recognition researchers have little in common.

Is fingerprint recognition an information security technology?

In Monday's open class, we mentioned the case of live fingerprint identification being cracked, but this idea is not reasonable. The security must be system level and measured by the attack cost.

To achieve security with a single technology and a single link is to cater to ignorance with ignorance, for example, to install a treasury level gate, but to open a window;

Because of the advantages of attack and defense, continuous progress, and the value of backward technology is zero, we can't cook cold dishes in the field of security;

It's a basic practice to nest cards and rings layer by layer; different technologies have different defense surfaces, so we can see the results together.

The reliability and attack cost of various security technologies must be quantified:

There are two requirements from system integration and quantitative estimation of system attack cost;

Never wait for a technology to be broken before you know its cost.

At present, fingerprint recognition has not developed into a security technology. It has always been a research of pattern recognition. When it is popularized and applied in the market, it really has the evolution to security technology, that is, industrialization first, research in the later stage.

Security of fingerprint identification

Fingerprint identification itself has not been quantified security assessment, and it can not be used as a security technology. Whether it can be developed into a security technology in the future is the responsibility of the current industry.

Far / FRR testing relies on data sets, which are obtained by collection:

• so far of fingerprint identification system is only random collision probability, not anti attack capability;

• it's like claiming that the security of a 6-digit password is equal to 10 ^ 6, which is very amateur;

• the definition of pattern recognition index cannot be used as the definition of information security.

Let's look at the potential attack methods of fingerprint recognition. In the last open lesson, we mentioned three attack methods related to fingerprint recognition technology:

• rank 1, make false fingerprint according to the real fingerprint, and the attack point is to cheat the sensor;

• rank 2, make false fingerprint according to fingerprint data, and the attack point is database;

• rank 3, no prior fingerprint data is needed to make false fingerprint, and the attack point is fingerprint identification algorithm.

If both the real fingerprint and the fingerprint data are protected, the sensor and the algorithm constitute a dual defense.

Security of other biometrics

Feature space is a double-edged sword for security attributes. On the one hand, security is easy to quantify, on the other hand, attack methods are easy to study. Rank 3's public face attack is the main difficulty of face recognition, while rank 1's iris extraction from photos and making beautiful pupil is the main difficulty of iris recognition.

When a method is generally accepted as a security responsibility, if there is value to be attacked, then there must be someone to study, someone to study and someone to implement, which is why we must put forward the research of "omnipotent fingerprint" attack method, and evaluate the cost of the lowest cost attack method, and then evaluate the security of fingerprint identification.

Challenges brought by small area image

Research ideas of traditional fingerprint identification

The technology of automatic fingerprint identification was established in the 1970s under the leadership of the FBI in the United States. The background of this era is that the technology of fingerprint acquisition is backward, the image quality is poor, and the operation platform is backward, and the algorithm research is also backward.

The only guarantee is that the image is relatively large, but the large features of the image are not accurate. To collect the fingerprint image as large as possible, the acquisition is far more than the necessary amount of information, so it is necessary to "fuzzy identify" the unreliable feature set.

Industrial premise of small area image

The amount of information needed to achieve a certain degree of accuracy is certain. However, the area of fingerprint sensor is reduced, and the total amount of information is also reduced accordingly, so in order to improve the accuracy of information, the information utilization rate also needs to be improved.

At the same time, the challenge of the sensor is to ensure higher image quality and fidelity; for the algorithm, it is necessary to make full use of the information contained in the fingerprint image.

Special finger problems are more serious

Fingerprint sensor is small in size and the image quality is suck.

For example, there is a rumor that an ultrasonic fingerprint mobile phone in China causes nearly 20% of the population to be unable to use it in winter, which is actually caused by a specific fingerprint:

• Asians have the least skin oil, especially dry skin in winter;

• Asian women are the most difficult, shallow and thin fingerprints in the world;

Add in the habit of washing clothes by hand in East Asia, which has created hundreds of millions of fingerprint killers.

In addition, there are many fingerprints that are not friendly to fingerprint identification, such as dry skin and prism optics, which can be felt at home with optical fingerprint lock; in addition, the recently popular Apple authorized new patent technology is also difficult to adapt in the East Asian market, because the shadow imaging of thin fingerprints to near light source is a nightmare; the thin skin paper is a nightmare in nightmares.

Traditional algorithm can't be used

According to statistics, in the past, there were 80000 people studying fingerprint recognition algorithm, but at present, only five companies in the world have realized the large-scale application of the algorithm, while the traditional fingerprint recognition algorithm is quite different from the current small area image fingerprint recognition algorithm.

Traditional fingerprint recognition algorithm for large area image:

Feature extraction is careless, but the original data is not reliable;

• fine adjustment of feature matching;

Fingerprint recognition algorithm of small area image:

• the original data must be reliable;

• feature extraction is exquisite, which can't be ignored at all;

• feature matching requires accuracy, where is fuzzy recognition?

The requirements for template fusion extension (self-learning function) are greatly improved.

Conjecture of omnipotent fingerprint attack

Whether universal fingerprints exist or not is a must for practitioners.

In the first case, it is possible to build omnipotent fingerprint for algorithm defects: for example, in 2010, Shenzhen customers reported that their chief engineer could use his thumb to open the fingerprint lock of an algorithm chip of a company in Hangzhou registered with other people's fingerprints.

This is caused by the defect of the traditional algorithm. Its idea is that some features are matched or not. If there is a big difference between features, it is often considered as an exception caused by image problems or extraction problems, and it is ignored. This brother's fingerprint is relatively rotten, and if the feature extraction algorithm is poor, it is easy to extract a lot of false features. The matching algorithm that matches the rotten feature extraction algorithm is more likely to ignore the influence of the mismatched features and only focus on the matching features.

The second case is characteristic space traversal. As shown in the figure above, we use the case of wireless network coverage to explain what is feature space traversal, similar to locksmith trying to unlock many keys. The red dot represents a route, each route covers a certain area, and these areas will have overlapping connections. We compare the false fingerprint to a route.

The decision rules of biometric algorithm allow a certain degree of distortion. If the feature space is very clear, the fault tolerance of the algorithm itself leads to a relatively large feature space area that can be judged to pass, and this area is defined as the pass area; a group of false fingerprints are made, and the pass area can cover the feature space, then there must be a false fingerprint that can pass.

Research value of universal fingerprint

Only by implementing the attack and evaluating its complexity and cost, can we quantify the security technology. In order to move from pattern recognition technology to security technology, fingerprint recognition must be further studied. From the perspective of attack, we can evaluate whether the characteristics of various algorithms constitute security defects. The second is to evaluate the feature space of fingerprint recognition. Although the feature space of fingerprint recognition is not clear, we also need to use the equivalent method to study the coverage.

Active attack is equivalent to reducing the decision threshold, so in addition to the far at the decision threshold, when the decision threshold is further reduced, the improvement curve of far is also very important.

The research value of universal fingerprint is how capable a fingerprint identification system is from the perspective of security evaluation.

Universal Fingerprint Test

With the evaluation standard, we need to establish the corresponding test method system and industrial standards. Considering the test cost, we can't use the false fingerprint of substance, but the false fingerprint image synthesized by software. Specifically, it has the following directions:

Research point 1, how can software synthesizer reflect the noise characteristics of specific fingerprint sensor?

Research point 2, how to design the distribution of false fingerprint features to targeted test algorithm?

Research point 3, how to adjust the synthesis strategy to generate different levels of test libraries?

Research point 4, how to unify the test results of different test libraries into quantitative security evaluation?

Wonderful questions and answers

Q: The ifstm technology of huiding can't see the end. Is it put into production at present? In addition, what are the key difficulties of mass production of this technology?

A: IFS is not the type of fingerprint sensor, but a direction of mobile phone industry design. Put the capacitive fingerprint sensor under the glass. Because huiding makes a touch screen. With such a combination, one glass and two products, there is nothing else. But for mobile phone design, this is not good.

Therefore, IFS is not a technical concept, but is involved in mobile phone design, but it is not accepted by mainstream mobile phones.

Q: In view of the difference of fingerprint itself and the diversity of fingerprint identification technology, should the industry form a standard?

A: Norms are necessary. Especially the participants with strong research background like me. After all, we are not good at Jianghu Kung Fu. We have a competitive advantage in accordance with the technical rules. The formation of norms is a long-term tug of war, the consequences of the game between the parties, who is the biggest? The traditional view is that whoever has a large share has a standard of fact.

But sometimes it may not be, because it involves safety, which is very rational and normative, otherwise it will encounter big compensation. Compared with the financial industry, fingerprint identification technology suppliers are not much control power. The financial industry is the demander of norms and does not have the technical ability to formulate norms. So this has to be done.

Q: Before, the industry was also calling for several schemes of biometric technology integration. In principle, the security should be improved. Is there any relevant case in the industry now? And where are the technical difficulties?

A: This is the same as the combination of Optics and capacitors to make living, the combination of one high and one low does not improve the safety. However, there is a file in the people's Bank of China. The security level is the number of technical means. From the perspective of risk control, if the scene is relatively safe, there will be fewer authentication means. At this time, choose the most convenient one to make consumers comfortable. If the scene itself is not reliable, there are more authentication means, which is valuable to improve the attack cost. So if there are multiple biometric means, there will be primary and secondary, high frequency and low frequency. And not contradict each other.

If we have to say the difficulties, there are only two non-technical ones: first, the safety quantification has not been achieved, and the financial industry cannot set standards. If multi-mode gives 1 million quota and single-mode gives 1000 quota, it will be multi-mode immediately. In addition, cost is not as important as open source.