ProxyPrints: From Database Breach to Spoof, A Plug-and-Play Defense for Biometric Systems

TL;DR

ProxyPrints tackles the irreversibility of fingerprint data by inserting a matcher-agnostic aliasing layer between capture and matching. It uses a deterministic, key-seeded encoder-aligner-decoder pipeline to generate revocable aliases that preserve intra‑identity similarity while unlinking identities across deployments. The approach enables breach detection and revocation without changes to proprietary ABIS backends, and is validated with end-to-end threat simulations, including deepfake synthesis and physical spoof fabrication. Practically, ProxyPrints offers a scalable, open-source framework for protecting fingerprint data in modern cloud and on‑premise biometric systems, with minimal latency and strong breach-resilience.

Abstract

Fingerprint recognition systems are widely deployed for authentication and forensic applications, but the security of stored fingerprint data remains a critical vulnerability. While many systems avoid storing raw fingerprint images in favor of minutiae-based templates, recent research shows that these templates can be reverse-engineered to reconstruct realistic fingerprint images, enabling physical spoofing attacks that compromise user identities with no means of remediation. We present ProxyPrints, the first practical defense that brings cancellable biometrics to existing fingerprint recognition systems without requiring modifications to proprietary matching software. ProxyPrints acts as a transparent middleware layer between the fingerprint scanner and the matching algorithm, transforming each scanned fingerprint into a consistent, unlinkable alias. This transformation allows biometric identities to be revoked and replaced in the event of a breach, without affecting authentication accuracy. Additionally, ProxyPrints provides organizations with breach detection capabilities by enabling the identification of out-of-band spoofing attempts involving compromised aliases. We evaluate ProxyPrints on standard benchmark datasets and commercial fingerprint recognition systems, demonstrating that it preserves matching performance while offering strong security and revocability. Our open-source implementation includes tools for alias generation and deployment in real-world pipelines, making ProxyPrints a drop-in, scalable solution for fingerprint data protection.

Figures (15)

• Figure 1: An example demonstrating that templates do not ensure security. Left: The registered fingerprint image. Center: The stored minutiae template. Right: A deepfaked fingerprint image we reconstructed from the template using a custom Pix2Pix model.
• Figure 2: TOP: Illustration of the fingerprint deepfake attack pipeline. An attacker first steals a fingerprint template from a target organization's database. Using a deep generative model, the attacker reconstructs a plausible fingerprint image, which is then 3D printed and cast into a silicone spoof. The spoof is used to unlock fingerprint-based authentication systems by mimicking the legitimate user. BOTTOM: The same attack is thwarted by ProxyPrints as the stolen template will not produce a match.
• Figure 3: The Pix2Pix framework used to perform the fingerprint template to fingerprint image translation task.
• Figure 4: The complete attack process: (1) a stolen fingerprint template is used to generate a matching fingerprint image, (2) a 3D mesh mold is created, (3) the mold is printed using a high-resolution resin printer, (4) silicone is poured into the mold and cures, (5) the resulting spoof is used to deceive biometric scanners.
• Figure 5: A sample of the fingerprints used in the evaluation. From left to right: the original fingerprint, its template, the reconstructed fingerprint (deepfake), the silicone film of the fingerprint, the scan of the deepfake fingerprint. The numbers are the Bozorth3 match scores of each fingerprint image to the original $x_p$