Re: Fingerprint biometrics attack paper...

[<Robin.Lowe () forces gc ca>]

If I understand biometrics correctly, one part of the system compares the input with a database of known fingerprints 
and returns a confidence value that the input is indeed part of the database. This value is then processed by the main 
system which probably determines if it's within a certain tolerance in order to grant access to whatever the system is 
protecting.

What the paper describes seems to be the acquisition of this confidence value after inputting a false fingerprint and 
making changes to its input based on that. In the paper it shows pictures of minutiae and the simulated inputs, as well 
as the original fingerprints. The simulated minutiae don't, in my opinion, come close to the originals, but are enough 
to return a confidence value high enough to pass the tolerance value of the system. So, to answer your question, if you 
kept running the program indefinitely in order to receive a perfect score then, yes, you can retrieve the raw data. But 
it'd take a helluva long time... Hence the idea of computationally secure systems.

Cheers,

Leading Seaman/Matelot de 1re classe Robin Lowe

Naval Communicator, HMCS EDMONTON
Department of National Defence / Government of Canada
Robin.Lowe () forces gc ca / Tel: 250-363-7940

Communicateur Naval, NCSM EDMONTON
Ministère de la Défense nationale / Gouvernement du Canada
Robin.Lowe () forces gc ca / Tel: 250-363-7940

"The quieter you are, the more you are able to hear."

-----Original Message-----
From: dailydave-bounces () lists immunityinc com [mailto:dailydave-bounces () lists immunityinc com] On Behalf Of dave 
aitel
Sent: April-12-16 1:32 PM
To: uludagum () yahoo com; dailydave () lists immunityinc com; jain () cse msu edu
Subject: [Dailydave] Fingerprint biometrics attack paper...

http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.10.7168&rep=rep1&type=pdf

I want everyone to click on this paper and then maybe help explain it to me! From what I understand they got a 
fingerprint reader to tell them how hot/cold they were to an acceptable fingerprint. So they they modify a fingerprint 
to get closer and closer until it matches.

DOES THAT EVER HAPPEN IN REAL LIFE? I'm so confused at what security system gives you a "hot/cold" value so you can use 
this algorithm. Could this paper be summed up to say in one sentence "Obviously if you give a matching score from your 
biometric, you can use a model of that biometric to retrieve the raw data with enough tries?"

-dave




_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave
_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave