If I understand biometrics correctly, one part of the system compares the input with a database of known fingerprints and returns a confidence value that the input is indeed part of the database. This value is then processed by the main system which probably determines if it's within a certain tolerance in order to grant access to whatever the system is protecting.
What the paper describes seems to be the acquisition of this confidence value after inputting a false fingerprint and making changes to its input based on that. In the paper it shows pictures of minutiae and the simulated inputs, as well as the original fingerprints. The simulated minutiae don't, in my opinion, come close to the originals, but are enough to return a confidence value high enough to pass the tolerance value of the system. So, to answer your question, if you kept running the program indefinitely in order to receive a perfect score then, yes, you can retrieve the raw data. But it'd take a helluva long time... Hence the idea of computationally secure systems. Cheers, Leading Seaman/Matelot de 1re classe Robin Lowe Naval Communicator, HMCS EDMONTON Department of National Defence / Government of Canada [email protected] / Tel: 250-363-7940 Communicateur Naval, NCSM EDMONTON Ministère de la Défense nationale / Gouvernement du Canada [email protected] / Tel: 250-363-7940 "The quieter you are, the more you are able to hear." -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of dave aitel Sent: April-12-16 1:32 PM To: [email protected]; [email protected]; [email protected] Subject: [Dailydave] Fingerprint biometrics attack paper... http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.10.7168&rep=rep1&type=pdf I want everyone to click on this paper and then maybe help explain it to me! From what I understand they got a fingerprint reader to tell them how hot/cold they were to an acceptable fingerprint. So they they modify a fingerprint to get closer and closer until it matches. DOES THAT EVER HAPPEN IN REAL LIFE? I'm so confused at what security system gives you a "hot/cold" value so you can use this algorithm. Could this paper be summed up to say in one sentence "Obviously if you give a matching score from your biometric, you can use a model of that biometric to retrieve the raw data with enough tries?" -dave _______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave _______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
