RE: link fest on fingerprint biometrics

2006-09-09 Thread Dave Korn 
On 08 September 2006 00:38, Travis H. wrote:


 At home I have an excellent page on making fake fingerprints, but I
 cannot find it
 right now.  It used gelatin (like jello) and was successful at fooling a
 sensor. 

http://search.theregister.co.uk/?q=gummi should be a start.


cheers,
  DaveK
-- 
Can't think of a witty .sigline today


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: link fest on fingerprint biometrics

2006-09-09 Thread Jens Kubieziel 
* Travis H. schrieb am 2006-09-08 um 01:37 Uhr:
 If anyone can give me any fingerprint-related links, particularly
 about spoofing/breaking them, I would be grateful.

http://www.ccc.de/biometrie/fingerabdruck_kopieren?language=en

-- 
Jens Kubieziel   http://www.kubieziel.de
Man muss Rekursion verstanden haben, um Rekursion zu verstehen.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: link fest on fingerprint biometrics

2006-09-09 Thread Krister Walfridsson 


On Thu, 7 Sep 2006, Travis H. wrote:


At home I have an excellent page on making fake fingerprints, but I
cannot find it
right now.  It used gelatin (like jello) and was successful at fooling a 
sensor.


I did find this, which reports success with gummi bears:
http://msn.pcworld.com/article/id,116573-page,5/article.html

[...]

If anyone can give me any fingerprint-related links, particularly
about spoofing/breaking
them, I would be grateful.


I have never understood the hype around creating fake fingers; looking
at the technology behind the sensors makes it rather obvious that
it is possible -- in fact, there is a discussion within ISO JTC1/SC37
(the ISO group standardizing biometrics) about evaluating the quality
of images produced by fingerprint scanners by using a synthetic finger 
created following a standardized procedure [1] in order to get 
reproduceable results.


But I agree that it is sounds cute that you can create fake fingers out
of gummy bears...

One IMHO more interesting question is the FAR (False Accept Rate = the
probability that an impostor is accepted) of the algorithm.  (And I
note that some of the gummy finger articles I have read have been done
with algorithms with low enough FAR that the author could have got a match
by inviting ~5 friends to try to match against his finger...  This is
probably a more realistic attack, but it also mean that the fake finger
may work even if it look rather different from the real fingerprint.)

It can be a bit hard to get relevant numbers from vendors, but NIST has
recently done extensive testing using real world data.  The result [2]
gives a detailed picture about the performance of fingerprint systems
(the Minex test was however done using standardized templates; the result
of each vendor is in general much better when using proprietary templates.
See e.g. [3] for an older test using proprietary templates).

The NIST image group web site [4] has more nice stuff, including a rather
good implementation of a fingerprint matcher.  I can also highly recommend
the book [5] in case you are really interested in algorithms for 
fingerprint recognition...


   /Krister


[1] Document 37N0847 and 37N1661 in case you have access to the SC37
document archive.

[2] http://fingerprint.nist.gov/minex04/index.html

[3] http://fpvte.nist.gov/index.html

[4] http://fingerprint.nist.gov/

[5] Handbook of Fingerprint Recognition
Davide Maltoni, Dario Maio, Anil K. Jain, Salil Prabhakar

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]