19

I've been considering the security of the iPhone 5S fingerprint feature. My main concern is, not that someone could replicate my fingerprint in the physical world and bypass the phone, however that someone could reconstruct my fingerprint based on the digital signature that is stored in the phone.

Is the fingerprint stored as a one-way hash (or equivalent)? How realistic would the possibility of reverse engineering it be to create the original signature?

I imagine a rainbow table for a set of fingerprint hash signatures would be next to impossible with today's computing power.

Adi
  • 43,808
  • 16
  • 135
  • 167
Seth
  • 301
  • 2
  • 6

3 Answers3

22

Fingerprints cannot be hashed. Well, you can hash any sequence of bits, but that would not be interesting at all. Fingerprint readers, like all biometric applications, make physical measures which are never exactly reproducible. Instead, the reader must detect the positions of some "characteristic points" on the finger image (where ridges meet, mostly), and then look for a match with fingerprints recorded in the phone. The match is never exact, due to the limited precision of the measure and unavoidable threshold effects.

Bottom-line is that the phone necessarily stores the information about the locations of the "characteristic points" in a reversible way, not as a hash. This may not be the complete finger image, but it would be enough to design a fake finger which would fool your iPhone.

Now that should not be that much a concern. The iPhone may contain some information about your fingerprints, but its case is also covered with a lot of accurate copies of the same fingerprints, simply because you hold the phone with your hands. If someone steals your phone, then he can have your fingerprints without even bothering to power up the phone.

More generally, you leave your fingerprints everywhere, e.g. on the knob of every door that you go through. Your fingerprints cannot be considered secret (correspondingly, their use for unlocking a computer or a phone has always seemed to be a rather poor idea to me, at least from the security point of view).

Thomas Pornin
  • 320,799
  • 57
  • 780
  • 949
  • 2
    Or put another way, you could cryptographically hash fingerprint [minutiae](http://en.wikipedia.org/wiki/Minutiae) but reliable reduction, encoding and reproduction of minutiae is so fuzzy, you would be hashing ten of thousands of possible permutations. Not exactly space efficient. – LateralFractal Oct 09 '13 at 23:30
  • Perhaps not a concern for phones, that (hopefully) only store the data locally, but for other applications where it might be necessary to authenticate centrally, it would be a big issue like storing passwords in plain text. – Rick Jun 17 '16 at 19:02
14

Not using a cryptographic hash - no.

But you could use a Fuzzy Hash or Locality-sensitive Hashing. Fuzzy hashes are different from normal hashes in that they allow similar content to cluster together in the hash collision space*.

Typically one-way means you can not infer what was hashed - but with fuzzy hashes, if you know a similar file (fingerprint image) that matches the hash (collides) then you know what generally was being hashed.

Whether any functional one-way property can exist for a fuzzy hash depends on whether the attacker has to resort to brute force guessing of inputs to find a matching fuzzy hash. This is called pre-image resistance.

Consider that many unique fingerprints exist, at least as many as the current population of earth (~233) and that a fingerprint fuzzy hash exists that collapses reliably (a very tall order) down to this collision space or larger. You want attackers to have to brute force across 233 entries instead of simply invert the hash.

If such a fuzzy hash existed, you could protect against straight-up inversion by passing the hash through a secondary cryptographic hash. Providing the fuzzy hash collapsed reliably and consistently in the first place, you will lose no matching accuracy after rehashing against a cryptographic hash with a much larger collision space. So good luck knowing what the interim fuzzy hash was, providing that secondary hashing appended a random salt.

The fuzzy component makes it a non-cryptographic one-way hash as the "fuzziness" of the image matches contradicts the property of strong collision resistance.

fuzz() = Mythical_perfectly_consistent_fuzzy_hash_function_for_fingerprints();
salt = application's public random salt
hash_result = SHA-512(salt, fuzz(fingerprint.input))

* At this point, all the cryptographers in the room should scream cold-blooded murder and pull out their Uzis :-)

Community
  • 1
LateralFractal
  • 5,143
  • 18
  • 41
  • Why would you pass the fuzzy hash through a secondary cryptographic hash? With the fuzzy hash, you are already protected against inversion, correct? Moreover, the collision space remains the same in case the attacker knows the details of the system: the cluster space. – Michael May 19 '15 at 10:14
  • @Michael but while brute forcing a lot of fuzzy-hashes might be easy, you will have to calculate the complex cryptographic hash for each brute-force candidate, and this might take a lot longer, making brute-force infeasible on current hardware. – Falco Aug 22 '16 at 10:53
0

According to Apple's official documentation it isn't possible to get back your fingerprint from the data stored:

Touch ID doesn't store any images of your fingerprint. It stores only a mathematical representation of your fingerprint. It isn't possible for someone to reverse engineer your actual fingerprint image from this mathematical representation.

So if Apple can be trusted your main concern seems unfounded.

Gruber
  • 1,084
  • 1
  • 8
  • 19
  • I wonder how this works. "A mathematical representation". What does that mean exactly, and what kinda one-way mathematical function could represent a fingerprint? – Awn Mar 10 '17 at 08:06
  • I always distrust this sort of claims. For example, see Thomas Pornin's answer: he claims it's simply not possible to use a one-way function (based on some reasoning that makes sense to me, so I believe it). They might not be able to recover an "image" of your fingerprint, but I'd not be surprised (at all) if they can recover a large part of it. As long as it's not pixel-perfect their statement pretty much holds. – Luc Sep 14 '17 at 16:22
  • @Luc: I take it you're not a fan of the upcoming Apple Face-ID that is claimed to work the same way as Touch ID. – Gruber Sep 15 '17 at 07:16
  • @Gruber Why? It certainly has its applications, depending on your threat model. I could go into detail but I don't see how your remark is relevant anyway, since the topic is about the reconstructability of fingerprints. – Luc Sep 15 '17 at 11:12