Slashdot Mirror

← Back to Stories (view on slashdot.org)

DIY Iris Scanning?

Posted by ryuzaki0 on from the home-made-security dept.

gadzook33 asks: "There have been rumors floating around about DIY iris scanning, using digital cameras for biometric security. Iris scanning presents a fantastic alternative to password-based authentication but hasn't really come to our desktops yet. I've looked around but can't find any concrete material on the subject. Is anyone doing this? Are there any efforts to develop open software for this sort of thing? Are patents holding things up? Given that passwords are an almost defunct technique for protecting data in certain situations, it would be nice to have an alternative."

5 of 54 comments (clear)

  1. eye scanner by indy_Muad'Dib · · Score: 2, Insightful

    it seems to be quite possible with a very high resolution camera, something +4mpixels

  2. Not an alternative... by Zadaz · · Score: 4, Insightful
    Iris scanning presents a fantastic alternative to password-based authentication...
    This is an all too common mistake about biometrics. Security should never rely solely on biometric identification. Unlike a password or a physical key, your biometric information can't be changed. Which is its strength, right? No one can change their fingerprint to match yours!

    However, any system can be spoofed or cracked. And if someone figures out how to feed information into a scanner that looks (to it) exactly like my iris, well then I'm fucked. That person is me anywhere they do an iris scan.

    It would be like someone stealing your passwords and you not being able to change them.

    Useful? Yes. But as an additional level of security, not an alternative.

    1. Re:Not an alternative... by Zadaz · · Score: 4, Insightful

      1) Sure, my biometric permissions are revocable, but not re-issuable. At least no security outfit in their right mind would reinstate your biometric print once it had been broken.

      If simple biometrics become prevalent, then someone stealing my iris print (for example) would pretty much end my life. I wouldn't be able to have a bank account or any other kind of security. Either my accounts would be wide open to whoever had a copy, or no bank would issue an account to a security risk.

      At least until I could grow a new eye. It's identity theft on a very personal level.

      2) Sure, they're getting more advanced. They could hardly be more primitive. However there are two problems with making them more sophisticated:
      a) You can't make security so sophisticated it can't be broken. (duh.)
      b) The more complex a system is the more likely it is to fail. I'm not an expert in the field, but many of the things you propose would ilkley prevent me from accessing my account if I was ill or under the effect of any number of legal drugs. Which is of course unacceptable.

      A system that sophisticated will cost a ton of money. Compare that to to the cost of a card reader and 12 button keypad found on most ATMs. The amount of ATM fraud based on stealing user ID's at the terminal is much smaller than cost of installing and maintaining biometric devices and will be for the foreseeable future.

  3. Re:really? by jamesh · · Score: 3, Insightful

    This iris is the front part of the eye (See here). No need for any special sort of illumination above a light bulb. The Iris Recognition article on wikipedia is also somewhat informative, it even mentions the problem of cosmetic contact lenses.

  4. Biometrics is very hard to get right. by gweihir · · Score: 2, Insightful

    Face and Iris recognition have been fooled with printed pictures. Fingerprint sensors with $5 fakes. The list goes on. There is really not a lot of defenses available against this.

    And you cannot change your face or iris, like you can change a password....

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.