Shostack + Friends Blog Archive

 

Fingerprint Privacy

fingerprint-stars.jpgThere have been a slew of stories lately about fingerprint readers being tied into payment mechanisms. I don’t particularly like the idea, but if you do, feel free. At least until your lack of care about privacy starts displaying externalities. Many of these vendors are making claims like

it is not possible to recreate the fingerprint from the stored template

However, as Ross, J. Shah, and A. K. Jain, “Towards Reconstructing Fingerprints from Minutiae Points,” that just ain’t so. You can reconstruct fingerprints from minutae, and they both describe and demonstrate that. Which is to say, the biometrics vendors who persist in making these claims are either ignorant or liars.

Andy Adler points out in “Images can be Regenerated From Quantized Biometric Match Score Data,” you can do the same with faces. Adler’s technique is very different, using the server for repeated queries. Cryptographers would call that an oracle.) Adler was also kind enough to respond to a query about fingerprints with a pointer to Ross, Shah, and Jain’s work. The Adler paper was pointed out to me by Daniel David Walker. And finally, the fingerprint is from Chir.ag.

4 comments on "Fingerprint Privacy"

  • more on biometrics

    Adam points to a recent academic work on reproducing fingerprints from the ‘templates’ of
    data points that most systems use (instead of a full image of the fingerprint). Adam has links
    to the studies. What is interesting to me is that biometrics has we…

  • Debunking biometric assumptions

    Chris Hill’s biometrics thesis: This is a very interesting development. It challenges a key assumption that people have made about…

  • Fingerprints at Disney: The Desensitization Imperative

    The Walt Disney Corporation has started fingerprinting all visitors to their parks. They claim, incorrectly, that the fingerprint scans can’t be turned into pictures of fingerprints. True Americans understand that fingerprinting is for criminals. A pr…

  • Who Has Fingers That Short?

    PaybyTouch has arrived, and that finger in their logo looks awfully short to me. Maybe subconsciously, they know the truth? See my “Fingerprint Privacy” or “A Picture is Worth A Thousand Words” for some actual analysis, rather than silly…

Comments are closed.