Slashdot Mirror

← Back to Stories (view on slashdot.org)

Iris Scanners in Canadian Airports

Posted by Hemos on from the minority-report-where-are-you dept.

Ian_Bailey writes "The Toronto Star is reporting that the first biometrics (Iris-scanning specifically) devices in airport will be in place in Toronto and Vancouver starting in March. These devices are meant to speed-up the check-in process for frequent travellers, without compromising security. It is stressed that privacy advocates have nothing to worry about, because they are completely voluntary and cannot be used to scan without a person's knowledge, but there is a brief note about using it in the future for staff."

10 of 186 comments (clear)

  1. Foolable by e8johan · · Score: 3, Informative

    Biometrical systems are hard to fool, but it is not impossible.
    I hope that they have a proper system with personal digital (hard to hack) ID cards and such to make sure that it is foolproof.

  2. Re:Canada is not the first? by JaredOfEuropa · · Score: 4, Informative

    The article does mention Schiphol. The interesting thing to note is that Schiphol uses these devices to speed up passport control, not check-in or customs. For a fee, travellers can sign up for this program and bypass passport control completely. The scanner is placed next to the passport control booth so the officers can keep an eye on it, to help people resist the temptation to just hop over the barrier.

    --
    If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
  3. These things are notoriously poor by potcrackpot · · Score: 4, Informative
    Biometric eye-scanners are notoriously bad at recognising people, and very inaccurate. This article (about a trial of fingerprint-, iris- and face- scanning technology) quotes such figures as 47% accuracy!
    The system struggled to identify people if there were wearing spectacles, if the lighting was wrong or if they moved their heads too much.

    Apparently, people could fool face-scanning systems (yes, I know they're different) with photos or video images. It doesn't actually say how to fool iris-scanners - but suggests that the trial wasn't convinced of their greatness.

    Still, at least they're not going to use fingerprint scanners at the airport as they think they're too easily fooled - the BBC article reckons you can fool those by breathing on them.

    I'm not sure whether this kind of security is best placed in an airport - fine for lower-risk security such as getting into your office block, or maybe even for your home burglar alarm - but at an airport with (potentially) massive numbers of subscribers to the system - sounds like a poor idea.

  4. Schiphol system works but it�s unsafe by ginkelb · · Score: 5, Informative

    Sure we are using the irisscan program on schiphol airport to bypass customs.

    There is however an security risk with this system that can not be solved by placing the scan equipment next to a security officer.

    The scan of the iris is kept on personal digital medium and not on a central server due to privacy laws in holland. When a visitor arives he presents the machine with his card, look into the camera and the machine verifys that the presented iris is the same as stored on the card.

    The problem with this is obvious. Hack the card, upload youre own scan and you can get access while using the name of someone else.

    Sure privacy issues arise when you store the irir scans on a central server and only present the machine with youre identity. But untill you do it that way youll never get a really secure system.

    Greetz,
    Bas

    --
    Real programmers don't document.
    It was hard to write so it should be hard to understand.
    1. Re:Schiphol system works but it�s unsafe by Alsee · · Score: 3, Informative

      he problem with this is obvious. Hack the card, upload youre own scan

      Unless they are complete morons I'd assume they use a cryptographic signature, or encrypt the whole thing.

      Oops, easy to be wrong when assuming people aren't complete morons.

      Anyway, if designed properly it would be extremely difficult to crack the encryption. At a very minimum they would need to snatch a machine. A really smart system could even revoke all scans associated with the snatched machine.

      -

      --
      - - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
    2. Re:Schiphol system works but it�s unsafe by MarvinMouse · · Score: 3, Informative

      Hacking the card depends on a couple of things.

      Yes, some smart cards are easily hackable. But there do exist methods of coating the card to prevent even access to modification of the data (look up FIP Encryption Standards Level 4).

      But also, if the smart cards are not changeable (IE not RAM style cards.) So, you can only put an ID and iris on there once, and not replace or change it. Then hacking the card directly will be meaningless since there is no way to change it. Since it is all hardcoded.

      Yet, there is the possibility of someone making their own cards. The only real way around this is to include some form of authentication on the card (perhaps a quick encryption algorithm where each card has their own encryption key). Then all that would need to be done is have some random signal sent to the card, and then the key will encrypt it returning an answer that can be tested against what should be expected for that card from the system.

      Now, even then hypothetically the card can still be created (if someone can figure out the key). But, I think it would start to become more a matter of hacking the main servers to get the key then just stealing a card and changing the iris from it.

      Just some thoughts.

      --
      ~ kjrose
  5. Linus predicted these problems years ago by wackybrit · · Score: 3, Informative

    Linus Torvalds is once quoted as saying, 'Iris scanners in airports are a really bad idea because people's privacy will be invaded and that is not good.'

    I, for one, agree. I don't think iris scanners are a good idea in airports because the invasion of the right to privacy of people in the airport is not good.

    One of the major problems with iris scanners is light refraction. The way iris scanners work is that they send out dense beams of infrared, and when they reflect back a pattern that can be recognized as an 'iris', this pattern is then stored and can be compared against a database of iris patterns.

    Few quiche eating Pascal programmers and Mac users would realize just how inaccurate this is. Everyone's eye has a different surface, and if the IR ray enters from different angles, different distorted iris patterns can be reported. This is why scanning the material that controls the entry of light to the eye would be more accurate, since this is not affected by these scientific properties.

    --
    mogorific carpentry experiments
  6. INSPASS uses hand geometry at airports by Anonymous Coward · · Score: 1, Informative

    The United States Immigration and Naturalization Service (INS) has a system called INSPASS for speeding up immigration processing at airports. It is used for frequent business travellers. This isn't exactly the same security problem, since the people are coming off the airplane, not getting on, but it is similar enough that I thought I would post it.

    From the INS site How Do I Apply For INSPASS:

    How Does INSPASS Work?
    Arriving at a Port-of-Entry, the traveler proceeds to an INSPASS inspection queue. There, the person inserts a card issued to them at enrollment to an INSPASS kiosk, similar to an automated bank teller machine. Automated inspection kiosks are not staffed, and INSPASS is only available at airports. Responding to messages on the kiosk's touch-screen display, the traveler is prompted to enter their flight number (certain persons only) and to place their hand in a hand geometry reader. Screen prompts are used to achieve correct alignment of the hand with the hand reader. The kiosk software automatically compares the live scan of the traveler's hand geometry biometric to the image captured at enrollment.

    If the traveler's identity is validated by this comparison, an I-94/receipt of his inspection is printed by the kiosk that directs the traveler to proceed to U.S. Customs inspection. If this check is not successful, a screen message refers the traveler to an Immigration Inspector in a nearby inspection booth. Processing times of 15-20 seconds are typical, and times as low as 11 seconds have been observed at existing INSPASS kiosks.

  7. THREE requirements for good security by Anonymous Coward · · Score: 1, Informative

    As a note to those people suggesting that biometrics information, although difficult to forge, is not impossible (and subsequently your security system breaks down),
    bear in mind that any good security system should require THREE things:

    1. something you have
    2. something you know
    3. something you are

    Think of a bank machine.. you have a card (1) and you know your PIN (2). To make such systems better, consider also adding an iris/hand/voice scan (3).
    Using less than three criteria and you weaken the system. (people regularly defraud automated bank machines).
    In fact many systems nowadays only require one criteria be met... a swipe card (1).

    scary

  8. TLV has that too by NaveWeiss · · Score: 2, Informative

    Ben Gurion airport (TLV*) has biometric passport control for Israeli citizens, but it scans fingerprints instead of the iris.

    (* It's called TLV, but actually it's 30 minutes drive from Tel Aviv)

    --
    Slashdot community, please notice: I am looking for a girlfriend.
    Nave H. Weiss