BioLeak: Exploiting Cache Timing to Recover Fingerprint Minutiae Coordinates

Owen Pemberton*, David Oswald

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contribution

34 Downloads (Pure)

Abstract

The wide deployment of biometric authentication and particularly fingerprint matching on mobile devices and laptops raises the question about their security. While respective algorithms have been extensively analysed regarding their ability to correctly identify a specific individual (and reject others), little attention has been paid to their secure implementation, especially on multi-user and multi-process systems. In this paper, we focus on this aspect and show that cache attacks on real-world biometric algorithms are a viable way to extract the user's fingerprint minutiae coordinates using a single side-channel trace. Specifically, we analyse NIST's MindTCT library that is used by the Linux fprintd fingerprint authentication system to identify suitable addresses for a Flush+Reload attack, then devise post-processing techniques to recover minutiae information. Using 1000 synthetic test fingerprints, our method succeeds in approximately 9% of cases to recover minutiae from a single cache trace. Our work proves that there is side-channel leakage from a widely used biometric algorithm and therefore more research should be performed on hardening biometric algorithms against such attacks.
Original languageEnglish
Title of host publicationASHES '23
Subtitle of host publicationProceedings of the 2023 Workshop on Attacks and Solutions in Hardware Security
PublisherAssociation for Computing Machinery (ACM)
Pages61–72
Number of pages12
ISBN (Electronic)9798400702624
DOIs
Publication statusPublished - 26 Nov 2023
Event2023 Workshop on Attacks and Solutions in Hardware Security (ASHES ’23) - Copenhagen, Denmark
Duration: 30 Nov 2023 → …
http://ashesworkshop.org/workshop-program

Publication series

NameCCS: Computer and Communications Security

Workshop

Workshop2023 Workshop on Attacks and Solutions in Hardware Security (ASHES ’23)
Abbreviated titleASHES '23
Country/TerritoryDenmark
CityCopenhagen
Period30/11/23 → …
Internet address

Keywords

  • biometry
  • fingerprint matching
  • cache attacks
  • Flush+Reload
  • sidechannel attacks

Fingerprint

Dive into the research topics of 'BioLeak: Exploiting Cache Timing to Recover Fingerprint Minutiae Coordinates'. Together they form a unique fingerprint.

Cite this