RT Journal Article
T1 Attack potential evaluation in desktop and smartphone fingerprint sensors: Can they be attacked by anyone?
A1 Goicoechea Telleria, Inés
A1 Sanchez-Reillo, Raul
A1 Liu Jiménez, Judith
A1 Blanco Gonzalo, Ramón
AB The use of biometrics keeps growing. Every day, we use biometric recognition to unlock our phones or to have access to places such as the gym or the office, so we rely on the security manufacturers offer when protecting our privileges and private life. It is well known that it is possible to hack into a fingerprint sensor using fake fingers made of Play-Doh and other easy-to-obtain materials but to what extent? Is this true for all users or only for specialists with a deep knowledge on biometrics? Are smartphone fingerprint sensors as reliable as desktop sensors? To answer these questions, we performed 3 separate evaluations. First, we evaluated 4 desktop fingerprint sensors of different technologies by attacking them with 7 different fake finger materials. All of them were successfully attacked by an experienced attacker. Secondly, we carried out a similar test on 5 smartphones with embedded sensors using the most successful materials, which also hacked the 5 sensors. Lastly, we gathered 15 simulated attackers with no background in biometrics to create fake fingers of several materials, and they had one week to attack the fingerprint sensors of the same 5 smartphones, with the starting point of a short video with the techniques to create them. All 5 smartphones were successfully attacked by an inexperienced attacker. This paper will provide the results achieved, as well as an analysis on the attack potential of every case. All results are given following the metrics of the standard ISO/IEC 30107-3.
PB Hindawi
SN 1530-8669
YR 2018
FD 2018-04-16
LK https://hdl.handle.net/10016/33806
UL https://hdl.handle.net/10016/33806
LA eng
NO This work was partially supported by the Spanish National Cybersecurity Institute (INCIBE) under the Grants Program "Excellence of Advanced Cybersecurity Research Teams.
DS e-Archivo
RD 1 jul. 2024