Security Analysis and Improvement of Fingerprint Authentication for Smartphones

Currently, an increasing number of smartphones are adopting fingerprint verification as a method to authenticate their users. Fingerprint verification is not only used to unlock these smartphones, but also used in financial applications such as online payment. Therefore, it is very crucial to secure the fingerprint verification mechanism for reliable services. In this paper, however, we identify a few vulnerabilities in one of the currently deployed smartphones equipped with fingerprint verification service by analyzing the service application. We demonstrate actual attacks via two proof-of-concept codes that exploit these vulnerabilities. By the first attack, a malicious application can obtain the fingerprint image of the owner of the victimized smartphone through message-based interprocess communication with the service application. In the second attack, an attacker can extract fingerprint features by decoding a file containing them in encrypted form. We also suggest a few possible countermeasures to prevent these attacks.

[1]  Venu Govindaraju,et al.  A minutia-based partial fingerprint recognition system , 2005, Pattern Recognit..

[2]  Dieter Gollmann,et al.  Computer Security , 1979, Lecture Notes in Computer Science.

[3]  Nalini K. Ratha,et al.  Enhancing security and privacy in biometrics-based authentication systems , 2001, IBM Syst. J..

[4]  Mun-Kyu Lee,et al.  Vulnerability Analysis on Smartphone Fingerprint Templates , 2016 .

[5]  Nalini K. Ratha,et al.  Generating Cancelable Fingerprint Templates , 2007, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[6]  Anil K. Jain,et al.  Fingerprint Reconstruction: From Minutiae to Phase , 2011, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[7]  Anil K. Jain,et al.  Biometric Template Security , 2008, EURASIP J. Adv. Signal Process..

[8]  Alessandra Lumini,et al.  Fingerprint Image Reconstruction from Standard Templates , 2007, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[9]  Daesung Moon,et al.  Improved cancelable fingerprint templates using minutiae-based functional transform , 2014, Secur. Commun. Networks.

[10]  Anil K. Jain Technology: Biometric recognition , 2007, Nature.