Feeds

back to article Japanese researchers check IDs with eyeball twitch

Biometric identity scanners are attracting more attention as safe way to handle user authentication and security. But a team of Japanese researchers claim current methods are bunk if approached by a sufficiently sophisticated intruder. Iris scans, electronic fingerprinting and signature recognition – they're certainly better …

COMMENTS

This topic is closed for new posts.
Anonymous Coward

Wear a mask

Bunk indeed, if the system measures face metrics, wear a mask, if it measures height stand on stilts.

As for the eye spot reflex... oh for f*** sake. One metric that varies enormously with the same person.....

5% variation means 1 in 20 people have the same metric. Lets have proper science behind these things, not Jacqui science.

0
0
Anonymous Coward

It does sound ridiculous

And lets also remember that you need only get the inverse function of this approach to simulate the input.

It is a cherry on the top, not a secure solution.

Sure it could be combined with other things to further control access, but in and of itself it is not secure.

Sometimes I think most scientists out there are just sci-fi readers, where have the real scientists gone, oh yes funding was stopped for those years ago. Now we all just claim scientific method for whatever we want to try and justify, there are no scientists to refute the false claims left.

0
0

Iris scans?

Shouldn't need surgery. If fingerprint biometric systems can be fooled with a photocopy (as demonstrated), I'm pretty sure iris scanners can be fooled with a contact lens.

0
0
Silver badge
Stop

Correction:

"This visual gap is not perceived normally because the visual field of each eye overlaps the blind spot of the other."

Nope. Close one eye. Big blind spot anywhere? Didn't think so.

The reason that you don't see the blind spot is that the brain knows there's a blind spot there and resconstructs what it reckons is there by following lines. To see this, draw a circle on a piece of paper with a pencil, and then rub out a small portion. If you position your head in the right way (and close one eye), the circle will appear unbroken.

0
0
Pirate

re: Correction: / Iris scans

Good point.

But that is what they are referring to, the eyes / brain making that involuntary twitch and connection to reestablish what is missing. There is some kind of measurable amount of time that it takes for the eyes/brain to recognize something is missing (not always noticed by our selves).

As for the photocopied fingerprints, that only works with the older models of fingerprint readers. If they are using devices that also reads below the upper epidermal, requiring living cells and pulsating blood - copied fingerprints won't work. (The cost of buying these types of scanners is coming down.)

Then there are the galvanic skin response scanners - copies won't work here either - albeit, these types are not catching on due to the cost to acquire and install...

0
0
Silver badge
Thumb Down

biometrics are not "better"

"Iris scans, electronic fingerprinting and signature recognition – they're certainly better than jotting a password down on a post-it note."

No, they're not. Biometrics are not "certainly better" than recording a password somewhere - even though passwords are a miserable authentication mechanism.

Biometrics have a number of nasty failure modes; I'd much rather have someone steal a post-it from me than a finger. Simple biometric systems make secret-sharing and key escrow difficult. And so on.

A strong password performs as well under almost the same threat model as a biometric system. Biometrics are stronger against some attacks (eg some social-engineering attacks) and failures (eg forgetting a password that's not recorded somewhere), but those can be mitigated in a password system.

And recording a password on a post-it may not be a significant vulnerability under a reasonable threat model. I keep a paper list of my passwords in my office. Since my office is in my home, and the list is in my safe, it's doubtful any attacker would use that vector. Easier just to compel me to reveal passwords by force.

In security, few simple statements are "certainly" true. Security is complicated and highly sensitive to context.

0
0
This topic is closed for new posts.