BioLeak: Exploiting Cache Timing to Recover Fingerprint Minutiae Coordinates

Owen Pemberton; David Oswald

doi:10.1145/3605769.3623994

BioLeak: Exploiting Cache Timing to Recover Fingerprint Minutiae Coordinates

Owen Pemberton^*, David Oswald

^*Corresponding author for this work

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

14 Downloads (Pure)

Abstract

The wide deployment of biometric authentication and particularly fingerprint matching on mobile devices and laptops raises the question about their security. While respective algorithms have been extensively analysed regarding their ability to correctly identify a specific individual (and reject others), little attention has been paid to their secure implementation, especially on multi-user and multi-process systems. In this paper, we focus on this aspect and show that cache attacks on real-world biometric algorithms are a viable way to extract the user's fingerprint minutiae coordinates using a single side-channel trace. Specifically, we analyse NIST's MindTCT library that is used by the Linux fprintd fingerprint authentication system to identify suitable addresses for a Flush+Reload attack, then devise post-processing techniques to recover minutiae information. Using 1000 synthetic test fingerprints, our method succeeds in approximately 9% of cases to recover minutiae from a single cache trace. Our work proves that there is side-channel leakage from a widely used biometric algorithm and therefore more research should be performed on hardening biometric algorithms against such attacks.

Original language	English
Title of host publication	ASHES '23
Subtitle of host publication	Proceedings of the 2023 Workshop on Attacks and Solutions in Hardware Security
Publisher	Association for Computing Machinery (ACM)
Pages	61–72
Number of pages	12
ISBN (Electronic)	9798400702624
DOIs	https://doi.org/10.1145/3605769.3623994
Publication status	Published - 26 Nov 2023
Event	2023 Workshop on Attacks and Solutions in Hardware Security (ASHES ’23) - Copenhagen, Denmark Duration: 30 Nov 2023 → … http://ashesworkshop.org/workshop-program

Publication series

Name	CCS: Computer and Communications Security

Workshop

Workshop	2023 Workshop on Attacks and Solutions in Hardware Security (ASHES ’23)
Abbreviated title	ASHES '23
Country/Territory	Denmark
City	Copenhagen
Period	30/11/23 → …
Internet address	http://ashesworkshop.org/workshop-program

Keywords

biometry
fingerprint matching
cache attacks
Flush+Reload
sidechannel attacks

Access to Document

10.1145/3605769.3623994Licence: Creative Commons: Attribution (CC BY)

PembertonO2023BioLeakFinal published version, 13.4 MBLicence: Creative Commons: Attribution (CC BY)

Cite this

@inproceedings{f49865ecd6be427ba90c184c9ffbcbaf,

title = "BioLeak: Exploiting Cache Timing to Recover Fingerprint Minutiae Coordinates",

abstract = "The wide deployment of biometric authentication and particularly fingerprint matching on mobile devices and laptops raises the question about their security. While respective algorithms have been extensively analysed regarding their ability to correctly identify a specific individual (and reject others), little attention has been paid to their secure implementation, especially on multi-user and multi-process systems. In this paper, we focus on this aspect and show that cache attacks on real-world biometric algorithms are a viable way to extract the user's fingerprint minutiae coordinates using a single side-channel trace. Specifically, we analyse NIST's MindTCT library that is used by the Linux fprintd fingerprint authentication system to identify suitable addresses for a Flush+Reload attack, then devise post-processing techniques to recover minutiae information. Using 1000 synthetic test fingerprints, our method succeeds in approximately 9% of cases to recover minutiae from a single cache trace. Our work proves that there is side-channel leakage from a widely used biometric algorithm and therefore more research should be performed on hardening biometric algorithms against such attacks.",

keywords = "biometry, fingerprint matching, cache attacks, Flush+Reload, sidechannel attacks",

author = "Owen Pemberton and David Oswald",

year = "2023",

month = nov,

day = "26",

doi = "10.1145/3605769.3623994",

language = "English",

series = "CCS: Computer and Communications Security",

publisher = "Association for Computing Machinery (ACM)",

pages = "61–72",

booktitle = "ASHES '23",

address = "United States",

note = "2023 Workshop on Attacks and Solutions in Hardware Security (ASHES {\textquoteright}23), ASHES '23 ; Conference date: 30-11-2023",

url = "http://ashesworkshop.org/workshop-program",

}

Pemberton, O & Oswald, D 2023, BioLeak: Exploiting Cache Timing to Recover Fingerprint Minutiae Coordinates. in ASHES '23: Proceedings of the 2023 Workshop on Attacks and Solutions in Hardware Security. CCS: Computer and Communications Security, Association for Computing Machinery (ACM), pp. 61–72, 2023 Workshop on Attacks and Solutions in Hardware Security (ASHES ’23), Copenhagen, Denmark, 30/11/23. https://doi.org/10.1145/3605769.3623994

BioLeak: Exploiting Cache Timing to Recover Fingerprint Minutiae Coordinates. / Pemberton, Owen; Oswald, David.
ASHES '23: Proceedings of the 2023 Workshop on Attacks and Solutions in Hardware Security. Association for Computing Machinery (ACM), 2023. p. 61–72 (CCS: Computer and Communications Security).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - BioLeak

T2 - 2023 Workshop on Attacks and Solutions in Hardware Security (ASHES ’23)

AU - Pemberton, Owen

AU - Oswald, David

PY - 2023/11/26

Y1 - 2023/11/26

N2 - The wide deployment of biometric authentication and particularly fingerprint matching on mobile devices and laptops raises the question about their security. While respective algorithms have been extensively analysed regarding their ability to correctly identify a specific individual (and reject others), little attention has been paid to their secure implementation, especially on multi-user and multi-process systems. In this paper, we focus on this aspect and show that cache attacks on real-world biometric algorithms are a viable way to extract the user's fingerprint minutiae coordinates using a single side-channel trace. Specifically, we analyse NIST's MindTCT library that is used by the Linux fprintd fingerprint authentication system to identify suitable addresses for a Flush+Reload attack, then devise post-processing techniques to recover minutiae information. Using 1000 synthetic test fingerprints, our method succeeds in approximately 9% of cases to recover minutiae from a single cache trace. Our work proves that there is side-channel leakage from a widely used biometric algorithm and therefore more research should be performed on hardening biometric algorithms against such attacks.

AB - The wide deployment of biometric authentication and particularly fingerprint matching on mobile devices and laptops raises the question about their security. While respective algorithms have been extensively analysed regarding their ability to correctly identify a specific individual (and reject others), little attention has been paid to their secure implementation, especially on multi-user and multi-process systems. In this paper, we focus on this aspect and show that cache attacks on real-world biometric algorithms are a viable way to extract the user's fingerprint minutiae coordinates using a single side-channel trace. Specifically, we analyse NIST's MindTCT library that is used by the Linux fprintd fingerprint authentication system to identify suitable addresses for a Flush+Reload attack, then devise post-processing techniques to recover minutiae information. Using 1000 synthetic test fingerprints, our method succeeds in approximately 9% of cases to recover minutiae from a single cache trace. Our work proves that there is side-channel leakage from a widely used biometric algorithm and therefore more research should be performed on hardening biometric algorithms against such attacks.

KW - biometry

KW - fingerprint matching

KW - cache attacks

KW - Flush+Reload

KW - sidechannel attacks

UR - https://dl.acm.org/conference/ccs/proceedings

U2 - 10.1145/3605769.3623994

DO - 10.1145/3605769.3623994

M3 - Conference contribution

T3 - CCS: Computer and Communications Security

SP - 61

EP - 72

BT - ASHES '23

PB - Association for Computing Machinery (ACM)

Y2 - 30 November 2023

ER -