Bugtraq mailing list archives
RE: Hacking USB Thumbdrives, Thumprint authentication
From: Charles Clancy <clancy () www missl cs umd edu>
Date: Mon, 9 Feb 2004 13:37:11 -0500 (EST)
Law enforcement agencies use some kind of algorithm to convert fingerprints to a numeric value, so that they can be easily compared.My understanding is that this is only an approximate representation -- it's not intended to be unique, it's only a method for quickly locating prints similar to the suspect print. The final comparison between a print that's on file and a suspect print is done by eye, and is actually somewhat subjective.
Most fingerprint systems convert the fingerprint image into what's called a template. This is a numeric representation, but comparision between two templates is not as simple as "==". Different portions of the template represent different minutae on the fingerprint, and an actual feature matching algorithm still needs to be used. Thus, we cannot hash these templates because there is no way to perform matching on the template hashes. So far nobody has produced an algorithm to reliably extract a symmetric key from a fingerprint without any side information. However, with some extra information it is possible to obscure a private key on a smartcard such that the key is only recoverable given a fingerprint that matches the original. This allows all the biometric processing to happen on a smartcard (and not on an untrusted terminal) without storing the fingerprint itself on the smartcard. An attacker needs both the card and your fingerprint to recover your key. [ t. charles clancy ]--[ tcc () umd edu ]--[ www.cs.umd.edu/~clancy ] [ computer science ]------[ university of maryland, college park ]
Current thread:
- RE: Hacking USB Thumbdrives, Thumprint authentication markus-1977 (Feb 05)
- RE: Hacking USB Thumbdrives, Thumprint authentication Navaneetharangan (Feb 06)
- Re: Hacking USB Thumbdrives, Thumprint authentication Eric 'MightyE' Stevens (Feb 11)
- Biometric systems security [WAS: Re: Hacking USB Thumbdrives, Thumprint authentication] Gadi Evron (Feb 07)
- Re: Hacking USB Thumbdrives, Thumprint authentication Dave Aronson (Feb 09)
- Re: Hacking USB Thumbdrives, Thumprint authentication Eric Murray (Feb 11)
- <Possible follow-ups>
- RE: Hacking USB Thumbdrives, Thumprint authentication David Brodbeck (Feb 09)
- RE: Hacking USB Thumbdrives, Thumprint authentication Charles Clancy (Feb 11)
- RE: Hacking USB Thumbdrives, Thumprint authentication Lyal Collins (Feb 16)
- RE: Hacking USB Thumbdrives, Thumprint authentication Charles Clancy (Feb 11)
- RE: Hacking USB Thumbdrives, Thumprint authentication David.Cross (Feb 11)
- RE: Hacking USB Thumbdrives, Thumprint authentication Navaneetharangan (Feb 06)