Before a few days ago, I had never heard of MasterPrints. Of course, there are many things that I have never heard about. MasterPrints, of course, have to do with security. Have you ever heard of MasterPrints?
Here is the story. Everyone is familiar with fingerprint sensors on cell phones and other devices. They are used to make credit card payments, unlock phones, disable alarms and perform other sensitive transactions.
But how do these fingerprint sensors work?
Well it turns out that the sensor is so small that it cannot capture the entire fingerprint, so, instead, it captures multiple partial pieces of the fingerprint – say maybe 6. If the system allows you to “enroll” more than one finger, you might have 12 or 18 partials.
Since fingerprint security is more about convenience than it is about security, the system will consider it a match if any piece matches any one of the stored pieces.
The Apple Touch ID is said to have a 1 in 50,000 chance of a false match. That makes it more secure than the old, discarded, 4 digit Apple PIN. And twenty times less secure than a 6 digit PIN.
There have been many ways that people have tried to attack password authentication before, but this is a new way.
What if one of the parts of one of the fingerprints was a match to many fingerprints – maybe some of which are yours and some are not yours. The MasterPrint concept is born.
Not much research has been done regarding this small fingerprint sensors on phones. Yet.
What if an attacker was able to lift a partial fingerprint from the owner of the device – say off a glass. What happens to the probability of success then.
What if a researcher – or a hacker – could synthesize a MasterPrint – kind of like a skeleton key, but for fingerprints. What then?
The team did a series of tests and was able to create matches when matches did not exist for a significant percentage of their test (around 7 percent). That is a much higher false positive rate than a 1 in 10,000 on a 4 digit PIN or 1 in 1,000,000 for a 6 digit PIN.
This area of fingerprint science is relatively new. Compared to traditional fingerprint forensics where the scientist has most or all of the fingerprint, this is very different. In one test they used 12 partials. That means that if only 8% of the total finger matches, that would be considered a match.
Of course you could increase the rejection rate; that would improve security, but it would also increase the rejection rate of fingerprints that should have matched. Security or convenience – pick one. Likely the smart thing to do in high security situations is to raise the rejection rate. Assuming the system even allows the user to control the rejection rate. Most do not allow that.
Alternatively, vendors could build larger and more precise fingerprint sensors. That likely will happen, but it will take time.
In the meantime, users and system security pros need to consider the consequences of a false match and make decisions based on those consequences. Security is never simple.
Information for this post came from a team at Michigan State University.