Researchers Fake Iris Scans With Contacts (and lifehacking)

Lifehacking tips: Eating lots of bread/gluten makes you smart and happy, while sugar makes you fat and easy to manipulate. Or at least those are the correlations I’ve observed over the last few months. (This may explain why so much advertising promotes high sugar foods and low-carb diets.) Any thoughts on why?

On to the article. Two things of note here:
a) this is the first public demonstration of real people’s iris scans being faked with contact lenses. I’ve covered this issue a few times before. To recap, the biggest problem is an 8×10 headshot at magazine resolution contains enough data to fake someone’s irises.

b) It’s also the first proof that iris scans can be reversed from the information stored in the biometric database. In other words, if someone compromises a sufficently large database of iris scans (of, say, international travelers who use the Privium system) then their irises can be faked anywhere.

(I feel like the solution to b) is some kind of abuse- and attack-resistent data storage architecture that would prevent even a legit user from slurping the entire database. I’m not knowledgeable enough about the field to do the research, though.)

“It’s long been believed that it wasn’t possible to reconstruct the original iris image from an iris code stored in a database. In fact, B12 Technologies says on its web site that biometric templates “cannot be reconstructed, decrypted, reverse-engineered or otherwise manipulated to reveal a person’s identity. In short, biometrics can be thought of as a very secure key: Unless a biometric gate is unlocked by using the right key, no one can gain access to a person’s identity.”

But the researchers showed that this is not always the case.[…]

Their research involved taking iris codes that had been created from real eye scans as well as synthetic iris images created wholly by computers and modifying the latter until the synthetic images matched real iris images. The researchers used a genetic algorithm to achieve their results.

Genetic algorithms are tools that improve results over several iterations of processing data. In this case, the algorithm examined the synthetic images against the iris code and altered the images until it achieved one that would produce a near identical iris code as the original iris image when scanned.

“At each iteration it uses the synthetic images of the previous iteration to produce a new set of synthetic iris images that have an iris code which is more similar (than the synthetic images of the previous iteration) to the iris code being reconstructed,” Galbally says.

It takes the algorithm between 100-200 iterations to produce an iris image that is “sufficiently similar” to one the researchers are trying to reproduce.

Since no two images of the same iris produce the same iris code, iris recognition systems use a “similarity score” to match an image to the iris code. The owner of the scanner can set a threshold that determines how similar an image needs to be to the iris code to call it a match.

The genetic algorithm examines the similarity score given by the recognition system after each iteration and then improves the next iteration to obtain a better score.[…]

Once the researchers perfected the synthetic images, they then scanned them against a commercial iris recognition system, and found that the scanner accepted them as matching iris images more than 80 percent of the time. They tested the images against the VeriEye iris recognition system made by Neurotechnology.

VeriEye’s algorithm is licensed to makers of iris-recognition systems and recently ranked among the top four in accuracy out of 86 algorithms tested in a competition by the National Institute of Standards and Technology. A Neurotechnology spokeswoman said there are currently 30-40 products using VeriEye technology and more are in development.”


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: