Black Hat Iris Biometrics Attacks Don’t Tell The Whole Story

Spread the love
An iris biometrics expert clarifies the truth behind the technology in response to the Black Hat conference paper claiming to have hacked an iris template, recreated the image and fooled a recognition system
Is it really that easy to re-engineer an iris image? Not so fast…

Planet Biometrics released an article today “Iris attacks no surprise to iris recognition inventor” which details an interview with John Daugman, Professor of Computer Vision and pattern Recognition at Cambridge in response to the recent Black Hat conference paper that hacked into an iris system and re-engineered images to fool a recognition device.  Professor Daugman is credited with developing and patenting the first algorithm for iris recognition which is still widely used across the world.

Professor Daugman acknowledges in the article:

“This is a classic ‘hill-climbing’ attack that is a known vulnerability for all biometrics….the vulnerability in question, which involves using an iterative process to relatively quickly reconstruct a workable iris image from an iris template, is a classic “hill-climbing” attack that is a known vulnerability for all biometrics.”

The primary vulnerability in the Black Hat conference paper was the full disclosure and access to the Iris Code template, as well as having the ability “to generate an IrisCode template from an image, and to do so repeatedly and iteratively.” In other words, without access to the encoding algorithm or to a hardware device that implements it, the “attack” would not have been possible. Be that as it may, the Black Hat scientists did have access to the encoding algorithm but not all iris biometrics algorithm research and developers give access to the Software Development Kit (SDK) that is needed in order to perform the “attack.”

According to Daugman, this should be a sign, “to maintain cryptographic security on IrisCode templates” to maintain the highest level of security and thwart would be system attacks. Daugman went on to say that in addition to cryptographic security, there is also the issue of iris hardware detecting an artificial iris vs. a real one. Most of the higher quality iris biometrics recognition systems on the market are equipped with sophisticated technology to detect the presence of an artificial eye and tell when they are being spoofed. The bottom line is that a quality, modern iris biometrics recognition system would not have been fooled by the re-engineered iris image used in the Black Hat conference paper.

Bio-plugin-SDK

Bio-Plugin™ SDK

For Biometric Authentication

Works With:

Bio-Plugin Appserver:

C/C++, Delphi, Foxpro, Java, VB, Clarion, PowerBuilder.

Bio-Plugin Webserver:

IIS, Apache, WebSphere, Oracle, and WebLogic

Learn More

What is rather unfortunate about the content of this article is that virtually no one who was exposed to the Black Hat Conference paper will have the opportunity to hear the points brought out by Daugman and will automatically deduce that iris biometrics systems should be avoided at all costs since they can be easily hacked and your iris template stolen. Daugman’s view will be known by few, fueled in large part by organizations like the Electronic Frontier Foundation who immediately pounced on the Black Hat conference paper and began their mission to spread the word that iris biometrics are just as susceptible to attacks as any other biometric modality, without reporting both sides of the issue.

We hope that you will take the time to educate yourself on the entire issue so you can formulate your own intelligent opinion when presented with all of the facts. Please share your thoughts with us on where you stand on the issue and why in the comments section below.

M2SYS simplifies the development and deployment of biometric projects


John Trader

John Trader is the Public Relations and Marketing Manager with M2SYS Technology, a recognized industry leader in biometric identity management technology. Headquartered in Atlanta, GA M2SYS Technology's mission is to pioneer the high-tech industry by delivering long-term value to customers, employees and partners through continued innovation and excellence in all aspects of our business. M2SYS continues to innovate, build and bring to market leading-edge biometrics solutions that revolutionize the industry and expand the applicability of biometrics technology in our marketplace. You can view their Web site at www.m2sys.com or contact them via e-mail at info@m2sys.com