Here is your fingerprint! actual risk versus user perception of latent fingerprints and smudges remaining on smartphones

Hoyeon Lee, Seungyeon Kim, Taekyoung Kwon

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

A small touch sensor employed in smartphones can only capture a partial limited portion of the full .ngerprint, and so it is more vulnerable to fingerprint spoofing attacks that leverage a user's firm impression. However, it is still unknown whether daily smudges remaining on the smartphone surface can be exploited to circumvent the small touch sensor. In this paper, we first study how to exploit the .ngerprint smudges le. on the smartphone surface in daily use, and present the so-called .ngerprint SCRAP attack, which uses smudges remaining on the home bu.on and touch screen to reconstruct an image of the enrolled .ngerprint in good quality.We conduct an experimental study to show the actual risk regarding this attack. We collect 403 latent fingerprints from the smudges le. on the touch screens (361) and home bu.ons (42) by seven users in six conditions (tapping, passcode-Typing, text-Typing, facebook, in-pocket, wiping). Using them, we perform our attack and evaluate the results in comparison with the firmly impressed fingerprints. .e study results indicate that our attack is actual risk to the small touch sensors. We then investigate the user's touch behavior and perception gap. We conduct in-person surveys involving 82 participants, and ask about their touch behaviors and also their risk perception regarding the latent fingerprints. The survey results show that the fingers most frequently used on a touch screen and a home buffon are the same, and the user's risk perception is very low. We finally discuss mitigation methods and future directions.

Original languageEnglish
Title of host publicationProceedings - 33rd Annual Computer Security Applications Conference, ACSAC 2017
PublisherAssociation for Computing Machinery
Pages512-527
Number of pages16
ISBN (Electronic)9781450353458
DOIs
Publication statusPublished - 2017 Dec 4
Event33rd Annual Computer Security Applications Conference, ACSAC 2017 - Orlando, United States
Duration: 2017 Dec 42017 Dec 8

Publication series

NameACM International Conference Proceeding Series
VolumePart F132521

Other

Other33rd Annual Computer Security Applications Conference, ACSAC 2017
CountryUnited States
CityOrlando
Period17/12/417/12/8

Fingerprint

Touch screens
Smartphones
Risk perception
Sensors

All Science Journal Classification (ASJC) codes

  • Software
  • Human-Computer Interaction
  • Computer Vision and Pattern Recognition
  • Computer Networks and Communications

Cite this

Lee, H., Kim, S., & Kwon, T. (2017). Here is your fingerprint! actual risk versus user perception of latent fingerprints and smudges remaining on smartphones. In Proceedings - 33rd Annual Computer Security Applications Conference, ACSAC 2017 (pp. 512-527). (ACM International Conference Proceeding Series; Vol. Part F132521). Association for Computing Machinery. https://doi.org/10.1145/3134600.3134643
Lee, Hoyeon ; Kim, Seungyeon ; Kwon, Taekyoung. / Here is your fingerprint! actual risk versus user perception of latent fingerprints and smudges remaining on smartphones. Proceedings - 33rd Annual Computer Security Applications Conference, ACSAC 2017. Association for Computing Machinery, 2017. pp. 512-527 (ACM International Conference Proceeding Series).
@inproceedings{f027949cc03443ffa2e5f0d11879624c,
title = "Here is your fingerprint! actual risk versus user perception of latent fingerprints and smudges remaining on smartphones",
abstract = "A small touch sensor employed in smartphones can only capture a partial limited portion of the full .ngerprint, and so it is more vulnerable to fingerprint spoofing attacks that leverage a user's firm impression. However, it is still unknown whether daily smudges remaining on the smartphone surface can be exploited to circumvent the small touch sensor. In this paper, we first study how to exploit the .ngerprint smudges le. on the smartphone surface in daily use, and present the so-called .ngerprint SCRAP attack, which uses smudges remaining on the home bu.on and touch screen to reconstruct an image of the enrolled .ngerprint in good quality.We conduct an experimental study to show the actual risk regarding this attack. We collect 403 latent fingerprints from the smudges le. on the touch screens (361) and home bu.ons (42) by seven users in six conditions (tapping, passcode-Typing, text-Typing, facebook, in-pocket, wiping). Using them, we perform our attack and evaluate the results in comparison with the firmly impressed fingerprints. .e study results indicate that our attack is actual risk to the small touch sensors. We then investigate the user's touch behavior and perception gap. We conduct in-person surveys involving 82 participants, and ask about their touch behaviors and also their risk perception regarding the latent fingerprints. The survey results show that the fingers most frequently used on a touch screen and a home buffon are the same, and the user's risk perception is very low. We finally discuss mitigation methods and future directions.",
author = "Hoyeon Lee and Seungyeon Kim and Taekyoung Kwon",
year = "2017",
month = "12",
day = "4",
doi = "10.1145/3134600.3134643",
language = "English",
series = "ACM International Conference Proceeding Series",
publisher = "Association for Computing Machinery",
pages = "512--527",
booktitle = "Proceedings - 33rd Annual Computer Security Applications Conference, ACSAC 2017",

}

Lee, H, Kim, S & Kwon, T 2017, Here is your fingerprint! actual risk versus user perception of latent fingerprints and smudges remaining on smartphones. in Proceedings - 33rd Annual Computer Security Applications Conference, ACSAC 2017. ACM International Conference Proceeding Series, vol. Part F132521, Association for Computing Machinery, pp. 512-527, 33rd Annual Computer Security Applications Conference, ACSAC 2017, Orlando, United States, 17/12/4. https://doi.org/10.1145/3134600.3134643

Here is your fingerprint! actual risk versus user perception of latent fingerprints and smudges remaining on smartphones. / Lee, Hoyeon; Kim, Seungyeon; Kwon, Taekyoung.

Proceedings - 33rd Annual Computer Security Applications Conference, ACSAC 2017. Association for Computing Machinery, 2017. p. 512-527 (ACM International Conference Proceeding Series; Vol. Part F132521).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Here is your fingerprint! actual risk versus user perception of latent fingerprints and smudges remaining on smartphones

AU - Lee, Hoyeon

AU - Kim, Seungyeon

AU - Kwon, Taekyoung

PY - 2017/12/4

Y1 - 2017/12/4

N2 - A small touch sensor employed in smartphones can only capture a partial limited portion of the full .ngerprint, and so it is more vulnerable to fingerprint spoofing attacks that leverage a user's firm impression. However, it is still unknown whether daily smudges remaining on the smartphone surface can be exploited to circumvent the small touch sensor. In this paper, we first study how to exploit the .ngerprint smudges le. on the smartphone surface in daily use, and present the so-called .ngerprint SCRAP attack, which uses smudges remaining on the home bu.on and touch screen to reconstruct an image of the enrolled .ngerprint in good quality.We conduct an experimental study to show the actual risk regarding this attack. We collect 403 latent fingerprints from the smudges le. on the touch screens (361) and home bu.ons (42) by seven users in six conditions (tapping, passcode-Typing, text-Typing, facebook, in-pocket, wiping). Using them, we perform our attack and evaluate the results in comparison with the firmly impressed fingerprints. .e study results indicate that our attack is actual risk to the small touch sensors. We then investigate the user's touch behavior and perception gap. We conduct in-person surveys involving 82 participants, and ask about their touch behaviors and also their risk perception regarding the latent fingerprints. The survey results show that the fingers most frequently used on a touch screen and a home buffon are the same, and the user's risk perception is very low. We finally discuss mitigation methods and future directions.

AB - A small touch sensor employed in smartphones can only capture a partial limited portion of the full .ngerprint, and so it is more vulnerable to fingerprint spoofing attacks that leverage a user's firm impression. However, it is still unknown whether daily smudges remaining on the smartphone surface can be exploited to circumvent the small touch sensor. In this paper, we first study how to exploit the .ngerprint smudges le. on the smartphone surface in daily use, and present the so-called .ngerprint SCRAP attack, which uses smudges remaining on the home bu.on and touch screen to reconstruct an image of the enrolled .ngerprint in good quality.We conduct an experimental study to show the actual risk regarding this attack. We collect 403 latent fingerprints from the smudges le. on the touch screens (361) and home bu.ons (42) by seven users in six conditions (tapping, passcode-Typing, text-Typing, facebook, in-pocket, wiping). Using them, we perform our attack and evaluate the results in comparison with the firmly impressed fingerprints. .e study results indicate that our attack is actual risk to the small touch sensors. We then investigate the user's touch behavior and perception gap. We conduct in-person surveys involving 82 participants, and ask about their touch behaviors and also their risk perception regarding the latent fingerprints. The survey results show that the fingers most frequently used on a touch screen and a home buffon are the same, and the user's risk perception is very low. We finally discuss mitigation methods and future directions.

UR - http://www.scopus.com/inward/record.url?scp=85038945125&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85038945125&partnerID=8YFLogxK

U2 - 10.1145/3134600.3134643

DO - 10.1145/3134600.3134643

M3 - Conference contribution

AN - SCOPUS:85038945125

T3 - ACM International Conference Proceeding Series

SP - 512

EP - 527

BT - Proceedings - 33rd Annual Computer Security Applications Conference, ACSAC 2017

PB - Association for Computing Machinery

ER -

Lee H, Kim S, Kwon T. Here is your fingerprint! actual risk versus user perception of latent fingerprints and smudges remaining on smartphones. In Proceedings - 33rd Annual Computer Security Applications Conference, ACSAC 2017. Association for Computing Machinery. 2017. p. 512-527. (ACM International Conference Proceeding Series). https://doi.org/10.1145/3134600.3134643