Here is your fingerprint! actual risk versus user perception of latent fingerprints and smudges remaining on smartphones

Hoyeon Lee, Seungyeon Kim, Taekyoung Kwon

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Citations (Scopus)

Abstract

A small touch sensor employed in smartphones can only capture a partial limited portion of the full .ngerprint, and so it is more vulnerable to fingerprint spoofing attacks that leverage a user's firm impression. However, it is still unknown whether daily smudges remaining on the smartphone surface can be exploited to circumvent the small touch sensor. In this paper, we first study how to exploit the .ngerprint smudges le. on the smartphone surface in daily use, and present the so-called .ngerprint SCRAP attack, which uses smudges remaining on the home bu.on and touch screen to reconstruct an image of the enrolled .ngerprint in good quality.We conduct an experimental study to show the actual risk regarding this attack. We collect 403 latent fingerprints from the smudges le. on the touch screens (361) and home bu.ons (42) by seven users in six conditions (tapping, passcode-Typing, text-Typing, facebook, in-pocket, wiping). Using them, we perform our attack and evaluate the results in comparison with the firmly impressed fingerprints. .e study results indicate that our attack is actual risk to the small touch sensors. We then investigate the user's touch behavior and perception gap. We conduct in-person surveys involving 82 participants, and ask about their touch behaviors and also their risk perception regarding the latent fingerprints. The survey results show that the fingers most frequently used on a touch screen and a home buffon are the same, and the user's risk perception is very low. We finally discuss mitigation methods and future directions.

Original languageEnglish
Title of host publicationProceedings - 33rd Annual Computer Security Applications Conference, ACSAC 2017
PublisherAssociation for Computing Machinery
Pages512-527
Number of pages16
ISBN (Electronic)9781450353458
DOIs
Publication statusPublished - 2017 Dec 4
Event33rd Annual Computer Security Applications Conference, ACSAC 2017 - Orlando, United States
Duration: 2017 Dec 42017 Dec 8

Publication series

NameACM International Conference Proceeding Series
VolumePart F132521

Other

Other33rd Annual Computer Security Applications Conference, ACSAC 2017
CountryUnited States
CityOrlando
Period17/12/417/12/8

    Fingerprint

All Science Journal Classification (ASJC) codes

  • Software
  • Human-Computer Interaction
  • Computer Vision and Pattern Recognition
  • Computer Networks and Communications

Cite this

Lee, H., Kim, S., & Kwon, T. (2017). Here is your fingerprint! actual risk versus user perception of latent fingerprints and smudges remaining on smartphones. In Proceedings - 33rd Annual Computer Security Applications Conference, ACSAC 2017 (pp. 512-527). (ACM International Conference Proceeding Series; Vol. Part F132521). Association for Computing Machinery. https://doi.org/10.1145/3134600.3134643