[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <005701c3f144$70e7dea0$92bd3dcb@kpllaptop>
Date: Thu, 12 Feb 2004 19:44:31 +1100
From: "Lyal Collins" <lyalc@...mail.com.au>
To: "'Charles Clancy'" <clancy@....missl.cs.umd.edu>,
"'David Brodbeck'" <DavidB@...l.interclean.com>
Cc: "'Dave Aronson'" <spamtrap.secfocus@....mailme.org>,
<bugtraq@...urityfocus.com>
Subject: RE: Hacking USB Thumbdrives, Thumprint authentication
[> Most fingerprint systems convert the fingerprint image into
[> what's called
[> a template. This is a numeric representation, but
[> comparision between
[> two templates is not as simple as "==". Different portions of the
[> template represent different minutae on the fingerprint, and
[> an actual
[> feature matching algorithm still needs to be used. Thus, we
[> cannot hash
[> these templates because there is no way to perform matching on the
[> template hashes.
There has been some interesting work done with facial biometrics that
leverages the predictability of facial features (most eyes look similar,
noses have a similar basic shape etc) to allow the generation of a
'false' facial image that will match to the template of a chosen target
template. This iterates the placement and subtle variations in the
faked facial image until this fake image results in an acceptable match
through the same template generation process. The image doesn't need to
be exactly the same (and the example images I saw were barely "human" to
the naked eye) - merely that theey result in a similar template as the
true image.
I suspect the same process of iteratively varying whorls, ridges etc
could, and would, result in a fales fingerprint that results in an
acceptable template match to the real finger.
Has anyone researched this with fingerprints?
Lyal
Powered by blists - more mailing lists