Vše

Co hledáte?

Vše
Projekty
Výsledky výzkumu
Subjekty

Rychlé hledání

  • Projekty podpořené TA ČR
  • Významné projekty
  • Projekty s nejvyšší státní podporou
  • Aktuálně běžící projekty

Chytré vyhledávání

  • Takto najdu konkrétní +slovo
  • Takto z výsledků -slovo zcela vynechám
  • “Takto můžu najít celou frázi”

Fingerprint forgery training: Easy to learn, hard to perform

Identifikátory výsledku

  • Kód výsledku v IS VaVaI

    <a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14330%2F23%3A00131644" target="_blank" >RIV/00216224:14330/23:00131644 - isvavai.cz</a>

  • Výsledek na webu

    <a href="http://dx.doi.org/10.1145/3600160.3604990" target="_blank" >http://dx.doi.org/10.1145/3600160.3604990</a>

  • DOI - Digital Object Identifier

    <a href="http://dx.doi.org/10.1145/3600160.3604990" target="_blank" >10.1145/3600160.3604990</a>

Alternativní jazyky

  • Jazyk výsledku

    angličtina

  • Název v původním jazyce

    Fingerprint forgery training: Easy to learn, hard to perform

  • Popis výsledku v původním jazyce

    Many services offer fingerprint authentication, including sensitive services such as mobile banking. This broad adoption could make an impression to the end-users that fingerprint authentication is secure. However, fingerprint authentication is vulnerable to various attacks performed even by not-very-sophisticated attackers, e.g., fingerprint forgery. Will participants perceive fingerprint authentication differently after relevant theory education and the creation of their fingerprint counterfeit to overcome misunderstandings, especially regarding security? How will they perceive the fingerprint forgery process? We prepared a hands-on seminar with fingerprint forgery simulation. We focused on the difference in perception before and after the theoretical lecture on biometrics and a practical seminar on forgery creation. We applied an uncommon approach, reconstructing the fingerprint from a photo of the actual finger rather than its print on some surface – to illustrate the case of an attack based merely on a “thumb-up” photograph. Our results show that 19% of participants (out of 221) were successful in spoofing, according to the NIST Biometric Image Software, and 27% of participants could register their counterfeit into the smartphone. Participants perceived fingerprint authentication as less secure after the simulation and reported their intention to use it less for mobile banking operations. They also perceived the forgery attack as easier to learn than before the simulation – but harder to perform. Our study implies that participants intend to change their behaviour based on their experience from our seminar, however, they did not consider two-factor authentication as an option.

  • Název v anglickém jazyce

    Fingerprint forgery training: Easy to learn, hard to perform

  • Popis výsledku anglicky

    Many services offer fingerprint authentication, including sensitive services such as mobile banking. This broad adoption could make an impression to the end-users that fingerprint authentication is secure. However, fingerprint authentication is vulnerable to various attacks performed even by not-very-sophisticated attackers, e.g., fingerprint forgery. Will participants perceive fingerprint authentication differently after relevant theory education and the creation of their fingerprint counterfeit to overcome misunderstandings, especially regarding security? How will they perceive the fingerprint forgery process? We prepared a hands-on seminar with fingerprint forgery simulation. We focused on the difference in perception before and after the theoretical lecture on biometrics and a practical seminar on forgery creation. We applied an uncommon approach, reconstructing the fingerprint from a photo of the actual finger rather than its print on some surface – to illustrate the case of an attack based merely on a “thumb-up” photograph. Our results show that 19% of participants (out of 221) were successful in spoofing, according to the NIST Biometric Image Software, and 27% of participants could register their counterfeit into the smartphone. Participants perceived fingerprint authentication as less secure after the simulation and reported their intention to use it less for mobile banking operations. They also perceived the forgery attack as easier to learn than before the simulation – but harder to perform. Our study implies that participants intend to change their behaviour based on their experience from our seminar, however, they did not consider two-factor authentication as an option.

Klasifikace

  • Druh

    D - Stať ve sborníku

  • CEP obor

  • OECD FORD obor

    10200 - Computer and information sciences

Návaznosti výsledku

  • Projekt

  • Návaznosti

    S - Specificky vyzkum na vysokych skolach

Ostatní

  • Rok uplatnění

    2023

  • Kód důvěrnosti údajů

    S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Údaje specifické pro druh výsledku

  • Název statě ve sborníku

    Proceedings of the 18th International Conference on Availability, Reliability and Security

  • ISBN

    9798400707728

  • ISSN

  • e-ISSN

  • Počet stran výsledku

    7

  • Strana od-do

    1307-1313

  • Název nakladatele

    Association for Computing Machinery

  • Místo vydání

    Benevento, Italy

  • Místo konání akce

    Benevento, Italy

  • Datum konání akce

    1. 1. 2023

  • Typ akce podle státní příslušnosti

    WRD - Celosvětová akce

  • Kód UT WoS článku

    001122662500136