KRUŽÍKOVÁ, Agáta and Václav MATYÁŠ. Fingerprint forgery training: Easy to learn, hard to perform. Online. In Proceedings of the 18th International Conference on Availability, Reliability and Security. Benevento, Italy: Association for Computing Machinery, 2023, p. 1307-1313. ISBN 979-8-4007-0772-8. Available from: https://dx.doi.org/10.1145/3600160.3604990.
Other formats:   BibTeX LaTeX RIS
Basic information
Original name Fingerprint forgery training: Easy to learn, hard to perform
Authors KRUŽÍKOVÁ, Agáta (203 Czech Republic, belonging to the institution) and Václav MATYÁŠ (203 Czech Republic, belonging to the institution).
Edition Benevento, Italy, Proceedings of the 18th International Conference on Availability, Reliability and Security, p. 1307-1313, 7 pp. 2023.
Publisher Association for Computing Machinery
Other information
Original language English
Type of outcome Proceedings paper
Field of Study 10200 1.2 Computer and information sciences
Country of publisher United States of America
Confidentiality degree is not subject to a state or trade secret
Publication form electronic version available online
WWW URL
RIV identification code RIV/00216224:14330/23:00131644
Organization unit Faculty of Informatics
ISBN 979-8-4007-0772-8
Doi http://dx.doi.org/10.1145/3600160.3604990
UT WoS 001122662500136
Keywords in English usable security; fingerprint forgery; spoofing; IT security; authentication
Tags International impact, Reviewed
Changed by Changed by: RNDr. Pavel Šmerk, Ph.D., učo 3880. Changed: 7/4/2024 23:22.
Abstract
Many services offer fingerprint authentication, including sensitive services such as mobile banking. This broad adoption could make an impression to the end-users that fingerprint authentication is secure. However, fingerprint authentication is vulnerable to various attacks performed even by not-very-sophisticated attackers, e.g., fingerprint forgery. Will participants perceive fingerprint authentication differently after relevant theory education and the creation of their fingerprint counterfeit to overcome misunderstandings, especially regarding security? How will they perceive the fingerprint forgery process? We prepared a hands-on seminar with fingerprint forgery simulation. We focused on the difference in perception before and after the theoretical lecture on biometrics and a practical seminar on forgery creation. We applied an uncommon approach, reconstructing the fingerprint from a photo of the actual finger rather than its print on some surface – to illustrate the case of an attack based merely on a “thumb-up” photograph. Our results show that 19\% of participants (out of 221) were successful in spoofing, according to the NIST Biometric Image Software, and 27\% of participants could register their counterfeit into the smartphone. Participants perceived fingerprint authentication as less secure after the simulation and reported their intention to use it less for mobile banking operations. They also perceived the forgery attack as easier to learn than before the simulation – but harder to perform. Our study implies that participants intend to change their behaviour based on their experience from our seminar, however, they did not consider two-factor authentication as an option.
PrintDisplayed: 4/10/2024 10:24