Posted 07.25.2012 at 5:04 pm
3 Comments
Reverse Engineering Iris Codes into Iris Images that Pass Biometric Tests
Javier Galbally via Threat Level
There’s more to iris scans than meets the eye, and that could end up being their undoing. New academic research coming out at the Black Hat Security conference this week shows a way to recreate iris images from the digital codes underlying iris-scanning security protocols--images that are so good that they can trick commercial-grade iris-scanning security devices into thinking they’re the real thing.
When iris-scanning biometric security systems create a digital imprint of an iris, they don’t actually store that image of the iris for future comparison to the real thing. Rather, when a person scans his or her iris into a biometric system for the first time, the system turns the iris into a code consisting of about 5,000 bits of data. This code is based on about 240 points that are measured in the actual iris image, and is for all intents and purposes a unique digital analog of the iris.
Related Articles
Tags
Technology, Clay Dillow, biometrics, black hat, hackers, hacking, iris scanners, military, securityBut researchers at the Universidad Autonoma de Madrid and West Virginia University have found a way to reverse-engineer an iris image from the digital code itself using genetic algorithms--an iris image so good it can fool a biometric scanner. Genetic algorithms are those that improve results each time they process data. Like generations of a species over time, they adapt; each iteration of the algorithm produces an iris image with an iris code that is a little more similar to the code being reconstructed. After 100-200 iterations, the algorithm generates an iris image with an iris code that is adequately similar to the original code.
That should worry those relying on biometric security measures. What this essentially means is that if a database containing iris codes were hacked, the hackers could construct iris images that would dupe scanners, and they would never even have to get near the actual owner of that iris. Moreover, the hackers wouldn’t even necessarily have to hack the database of the entity they wish to compromise. Consider a defense contractor whose iris can access both facilities at his firm as well as restricted areas of a military base. Someone wishing to access the military base could hack the defense contractor, steal the iris code, reconstruct the iris, print it to a contact lens, and access the military facility. It’s all very Mission Impossible, but according to the research, it’s not so very far-fetched.
More over at Threat Level.
3 Comments
To comment, please Login.
Popular Tags
Technology
|
|
|
|
|
|
June 2013: American Energy Independence
Five amazing, clean technologies that will set us free, in this month's energy-focused issue. Also: how to build a better bomb detector, the robotic toys that are raising your children, a human catapult, the world's smallest arcade, and much more.
Popular on Popsci
Most Commented
Technology
- Defense Distributed's Cody Wilson On Being Told To Remove 3-D Printed Gun Plans: "We Win"
- Thieves Stole $45 Million From ATMs Because The U.S. Uses Absurd 40-Year-Old Technology
- A California State Senator Is Trying To Outlaw 3-D Printed Guns
- 2013 Invention Awards: Family Flier
- Autonomous X-47B Jet Fighter Makes Historic First Launch From An Aircraft Carrier
- U.S. Navy Spends $37 Billion On A Ship That Barely Works
- Time-Lapse GIFs Show Earth Transforming Over 25 Years
- How To Turn An AK-47 Into A Soup Ladle
- How The World's First 3-D Printed Gun Works
- Iran Unveils Absurd New Stealth Drone
Most Emailed
Technology
- 7 Reasons Why 'Star Trek Into Darkness' Is A Beginner's Guide To Star Trek [Spoiler Alert]
- America's Road To Energy Independence, Part 1
- Video: MIT's Cheetah Robot Trots, Then Gallops
- Mapping The Simpsons' Slow Descent Into Suckitude
- Google Bets $10.7 Million On Drone Intelligence
- Concept Skyscraper Generates Its Own Energy, Looks Like A Toilet Brush
- Robot Plane Flies Humans 500 Miles
- Google And NASA Team Up In Quantum Artificial Intelligence Lab
- How NASA Could Save Kepler
- Inside The Army's Sunshine Simulator
Most Viewed
Technology
- 7 Reasons Why 'Star Trek Into Darkness' Is A Beginner's Guide To Star Trek [Spoiler Alert]
- America's Road To Energy Independence, Part 1
- Video: MIT's Cheetah Robot Trots, Then Gallops
- Mapping The Simpsons' Slow Descent Into Suckitude
- Google Bets $10.7 Million On Drone Intelligence
- Concept Skyscraper Generates Its Own Energy, Looks Like A Toilet Brush
- Robot Plane Flies Humans 500 Miles
- Google And NASA Team Up In Quantum Artificial Intelligence Lab
- How NASA Could Save Kepler
- Inside The Army's Sunshine Simulator
Online Content Director: Suzanne LaBarre | Email
Senior Editor: Paul Adams | Email
Associate Editor: Dan Nosowitz | Email
Assistant Editor: Colin Lecher | Email
Assistant Editor: Rose Pastore | Email
Contributing Writers:
Rebecca Boyle | Email
Kelsey D. Atherton | Email
Francie Diep | Email
Shaunacy Ferro | Email
Today on PopSci.com
Copyright © 2012 Popular Science
A Bonnier Corporation Company. All rights reserved. Reproduction in whole or in part without permission is prohibited.
Ah yes, the robots will be faking those weak security measures; nice, very nice technology. I like to see the human scientific communinity helping the robotic community to its future rise! Very good indeed!
How about this.
You step into a platform that measures your weight, stare into a camera for the iris scan, get a verbal passcode (randomly created by a key generator when the door and the person's key-gen is within close proximity) while taking dna samples from saliva droplets while speaking the passcode to the microphone. Lasers scans set at strategic points do a quick flash to scan the person's height and body shape. There would be a quick mug shot to be logged and flagged to all nearby security personnel which would also be crosschecked for schedule comparisons to ensure that someone is always alerted if there are unscheduled attempts to access a secure area. A metal scanner could sound an alarm if a weapon is suspected to be carried, or a silent alarm button installed for emergencies such as hostage taking of your loved ones or a gun being pointed at your back.
Anyways, nothing new here (sounds a bit like overkill actually), but redundant systems tend to be more effective in the long run.