Slashdot Mirror
Can Iris-Scanning ID Systems Tell the Difference Between a Live and Dead Eye? (ieee.org)
the_newsbeagle writes: Iris scanning is increasingly being used for biometric identification because it's fast, accurate, and relies on a body part that's protected and doesn't change over time. You may have seen such systems at a border crossing recently or at a high-security facility, and the Indian government is currently collecting iris scans from all its 1.2 billion citizens to enroll them in a national ID system. But such scanners can sometimes be spoofed by a high-quality paper printout or an image stuck on a contact lens.
Now, new research has shown that post-mortem eyes can be used for biometric identification for hours or days after death, despite the decay that occurs. This means an eye could theoretically be plucked from someone's head and presented to an iris scanner. The same researcher who conducted that post-mortem study is also looking for solutions, and is working on iris scanners that can detect the "liveness" of an eye. His best method so far relies on the unique way each person's pupil responds to a flash of light, although he notes some problems with this approach.
Now, new research has shown that post-mortem eyes can be used for biometric identification for hours or days after death, despite the decay that occurs. This means an eye could theoretically be plucked from someone's head and presented to an iris scanner. The same researcher who conducted that post-mortem study is also looking for solutions, and is working on iris scanners that can detect the "liveness" of an eye. His best method so far relies on the unique way each person's pupil responds to a flash of light, although he notes some problems with this approach.
The problem with biometric is that it is considered the end-all of security system whereas it should be considered only part of something (who you are, what you know, ...)
No. The problem with biometrics is that it builds upon faulty assumptions and fails to address real concerns.
Somebody fakes my eyescan successfuly once, it loses all future use to me and now I have to scoop out an eye, perhaps replace it with a glass one with some famous person's fake eyescan patterns, to have some use out of it again. But wait, I'd rather keep the eye to see with.
The logical conclusion is that I don't want my eyes, not even one, be used as a security in this sort of gamble. That means you do not get to scan my eyes, ever, making the idea strictly useless for security, aaa, or whatever else you want to do with it, but instead outright dangerous for my valuable body parts.
Biometrics is only "hollywood security", where usernames, including the crappy and noisy biometric ones, are taken to be as good as passwords, and "security override" is all you need to get past any hurdle anyway. In the real world, security doesn't magically improve just because we bend over backwards for some camera looking into our eyes. Any biometric is more easily faked than replaced, and that makes them useless for the end-user, in fact outright dangerous to limb, possibly life, because it makes the end-user expendable.
That means there is only one correct answer to any biometric-anything idea: FUCK OFF with your biometrics, whatever idea you have this week. FUCK OFF ALREADY.