 
Dailydave mailing list archives
Re: Fingerprint biometrics attack paper...
From: <Robin.Lowe () forces gc ca>
Date: Tue, 12 Apr 2016 21:45:40 +0000
If I understand biometrics correctly, one part of the system compares the input with a database of known fingerprints and returns a confidence value that the input is indeed part of the database. This value is then processed by the main system which probably determines if it's within a certain tolerance in order to grant access to whatever the system is protecting. What the paper describes seems to be the acquisition of this confidence value after inputting a false fingerprint and making changes to its input based on that. In the paper it shows pictures of minutiae and the simulated inputs, as well as the original fingerprints. The simulated minutiae don't, in my opinion, come close to the originals, but are enough to return a confidence value high enough to pass the tolerance value of the system. So, to answer your question, if you kept running the program indefinitely in order to receive a perfect score then, yes, you can retrieve the raw data. But it'd take a helluva long time... Hence the idea of computationally secure systems. Cheers, Leading Seaman/Matelot de 1re classe Robin Lowe Naval Communicator, HMCS EDMONTON Department of National Defence / Government of Canada Robin.Lowe () forces gc ca / Tel: 250-363-7940 Communicateur Naval, NCSM EDMONTON Ministère de la Défense nationale / Gouvernement du Canada Robin.Lowe () forces gc ca / Tel: 250-363-7940 "The quieter you are, the more you are able to hear." -----Original Message----- From: dailydave-bounces () lists immunityinc com [mailto:dailydave-bounces () lists immunityinc com] On Behalf Of dave aitel Sent: April-12-16 1:32 PM To: uludagum () yahoo com; dailydave () lists immunityinc com; jain () cse msu edu Subject: [Dailydave] Fingerprint biometrics attack paper... http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.10.7168&rep=rep1&type=pdf I want everyone to click on this paper and then maybe help explain it to me! From what I understand they got a fingerprint reader to tell them how hot/cold they were to an acceptable fingerprint. So they they modify a fingerprint to get closer and closer until it matches. DOES THAT EVER HAPPEN IN REAL LIFE? I'm so confused at what security system gives you a "hot/cold" value so you can use this algorithm. Could this paper be summed up to say in one sentence "Obviously if you give a matching score from your biometric, you can use a model of that biometric to retrieve the raw data with enough tries?" -dave _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Fingerprint biometrics attack paper... dave aitel (Apr 12)
- Re: Fingerprint biometrics attack paper... Adam Shostack (Apr 12)
- Re: Fingerprint biometrics attack paper... Robin.Lowe (Apr 12)
- Re: Fingerprint biometrics attack paper... Adrian Sanabria (Apr 13)
 


