[liberationtech] iPhone5S Fingerprint and 5th amendment
Eugen Leitl
eugen at leitl.org
Wed Sep 11 09:35:36 PDT 2013
On Wed, Sep 11, 2013 at 09:20:56AM -0700, Peat Bakke wrote:
> > This is likely subject to a precompiled hash lookup table attack,
> > as the number of all possible fingerprints, quantized via a classification
> > vector is not that large.
>
> Can you give us a better idea of how large "not that large" is?
I thought there was insufficient variability so there could
be dupes within the world population of mere 7 gigamonkeys,
but that might be wrong,
given http://lwn.net/Articles/276318/
See FBI Appendix F specifications in
http://www.fbibiospecs.org/fbibiometric/docs/EBTS%20V8.00...
500 pixels per inch or 1000 ppi at 8 bits per pixel. Capture size 1.6" x 1.5" (600 Kpixels)
for roll finger or 1" x 2" for thumb (500 Kpixels).
But once you threshold the images, you effectively get rather less than 1 bit per pixel, as
there's a lot of correlation between pixels. Also rotations all count the same. My fingers
have more like 50 ridges per inch. But that's still a *lot* of possible values.
After extracting the minutiae, there's rather less information held. One finger reader I have
states the software extracts between 10 and 70 minutiae points, held as (x,y) vectors, in a
transform claimed to be non-reversible. If coordinates are accurate to 6 bits, that means 10 x
(6+6) bits = 120 bits minimum. Still allows for significantly more possible prints than the
world population.
See also Sir James Crosby's report,
http://www.hm-treasury.gov.uk/media/6/7/identity_assuranc..., suggesting that only
non-unique digital representations should be stored. This would allow the master copy in the
database to be replaced with another version, so would provide some limited options to
"change" a compromised fingerprint.
Uniqueness of fingerprints?
Posted Apr 6, 2008 11:32 UTC (Sun) by man_ls (guest, #15091) [Link]
Hmmm... doesn't the principle behind the Birthday paradox apply here? Even if there are 366 days in a year, the probability of two people having the same birthday reach 0.5 with a group of only 23 people. Therefore you would only need roughly the square root of the number of possibilities to find a collision.
With 120 bits you are still safe, since the world population is about 2^32. But the security factor is not as high as it would seem. Surely we don't expect all values to be as likely, as with birthdays; if they tend to cluster around certain values (some kinds of fingerprint configurations are more probable than others) then collisions become increasingly likely.
> Rainbow tables are always a problem, but I suspect that there's more
> diversity in those vectors than in user generated passwords.
More information about the liberationtech
mailing list