[Dailydave] Fingerprint biometrics attack paper...

Robin.Lowe at forces.gc.ca Robin.Lowe at forces.gc.ca
Tue Apr 12 17:45:40 EDT 2016

If I understand biometrics correctly, one part of the system compares the input with a database of known fingerprints and returns a confidence value that the input is indeed part of the database. This value is then processed by the main system which probably determines if it's within a certain tolerance in order to grant access to whatever the system is protecting.

What the paper describes seems to be the acquisition of this confidence value after inputting a false fingerprint and making changes to its input based on that. In the paper it shows pictures of minutiae and the simulated inputs, as well as the original fingerprints. The simulated minutiae don't, in my opinion, come close to the originals, but are enough to return a confidence value high enough to pass the tolerance value of the system. So, to answer your question, if you kept running the program indefinitely in order to receive a perfect score then, yes, you can retrieve the raw data. But it'd take a helluva long time... Hence the idea of computationally secure systems.


Leading Seaman/Matelot de 1re classe Robin Lowe

Naval Communicator, HMCS EDMONTON
Department of National Defence / Government of Canada
Robin.Lowe at forces.gc.ca / Tel: 250-363-7940

Communicateur Naval, NCSM EDMONTON
Ministère de la Défense nationale / Gouvernement du Canada
Robin.Lowe at forces.gc.ca / Tel: 250-363-7940

"The quieter you are, the more you are able to hear."

-----Original Message-----
From: dailydave-bounces at lists.immunityinc.com [mailto:dailydave-bounces at lists.immunityinc.com] On Behalf Of dave aitel
Sent: April-12-16 1:32 PM
To: uludagum at yahoo.com; dailydave at lists.immunityinc.com; jain at cse.msu.edu
Subject: [Dailydave] Fingerprint biometrics attack paper...


I want everyone to click on this paper and then maybe help explain it to me! From what I understand they got a fingerprint reader to tell them how hot/cold they were to an acceptable fingerprint. So they they modify a fingerprint to get closer and closer until it matches.

DOES THAT EVER HAPPEN IN REAL LIFE? I'm so confused at what security system gives you a "hot/cold" value so you can use this algorithm. Could this paper be summed up to say in one sentence "Obviously if you give a matching score from your biometric, you can use a model of that biometric to retrieve the raw data with enough tries?"


Dailydave mailing list
Dailydave at lists.immunityinc.com

More information about the Dailydave mailing list