April 17, 2008

On the search for the perfect Identity Biometric: scratch Iris

Our world is obsessed with determining who you are. Part of this is working out who you are now, and then determining whether you were the same person 10 or 20 years back. Reliably. And that includes in the presence of some nasty attacker, who wants your money or your cooperation or worse.

In the race for future biometric, here are today's favourites: fingerprints (criminals and visitors to America), facial pictures (passports), and eyes (some systems). As Richard Clayton points out, the latter dark horse, has some disadvantages:

...Here is a summary of how I [John Daugman] established for the Society that the above portraits show the same person, by running my Iris Recognition algorithms on magnified images of the eye regions in the 1984 and 2002 photographs.

First I computed IrisCodes (see the mathematical explanation on this website) from both of her eyes as photographed in 1984. A processed portion of the 1984 photograph is shown here. (The superimposed graphics show the automatic localization of the iris and its boundaries, the scrubbing of some specular reflections from the eye, and a representation of the IrisCode.)

Then I computed IrisCodes from both of her eyes in the 2002 photograph. Those processed images can be seen here for her left and right eyes.

When I ran the search engine (the matching algorithm) on these IrisCodes, I got a Hamming Distance of 0.24 for her left eye, and 0.31 for her right eye. As may be seen from the histogram that arises when DIFFERENT irises are compared by their IrisCodes, these measured Hamming Distances are so far out on the distribution tail that it is statistically almost impossible for different irises to show so little dissimilarity. The mathematical odds against such an event are 6 million to one for her right eye, and 10-to-the-15th-power to one for her left eye.

Which unfortunately means that the biometric is too copyable. Scratch your Iris. If we can measure it from a photograph, that means I can photograph you and then insert your Iris into some other situation. Although an attack is not clear, the theoretical possibility is strong, and as we do not have many systems using this process yet, the attacks won't be clear.

I wonder how long it will be before we get Iris cameras that can work in the open?

And, as Philipp Güring points out, it rather raises a bit of a difficulty for the perfect biometric. If a machine can grab it, how do we stop ... any machine ... grabbing all of them?

Posted by iang at April 17, 2008 02:13 AM | TrackBack

Hamming distance is an biometric effective measure (I looked into the theory a while back and it was statistically convincing) but I favour multi-factor authentication as espoused in Maestro (http://www.enhyper.com/content/maestro.pdf) with a twist of social networks. For example, how can this model be applied to Afghanistan where there is no multimedia? By the same way we test authenticity in our personal relationships - who do you know - what's your social network - who are your relations, which village are you from, which school did you attend, who were your classmates. Capture this and you can analytically test the provenance of identity from social graphs.

Posted by: Graeme Burnett at April 17, 2008 06:02 AM

Haha, a scientific approach to what anyone who ever played Space Quest 3 already knew ;)

(The way to bypass the facial recognition system for entry is to put up a copy of a picture of the boss in front of the camera, along with using a stolen keycard)

Posted by: BigMac at April 17, 2008 08:14 AM

Feds to Collect DNA from Anyone Arrested in the U.S.

Posted on: Wednesday, 16 April 2008, 20:25 CDT

An aggressive move to prevent violent crime is also raising concerns about the privacy of innocent people. The government plans to collect DNA samples from anyone arrested by a federal law enforcement agency. The government also plans to collect DNA samples from foreigners who are detained, whether they have been charged or not. Justice Department spokesman Erik Ablin said the DNA would be collected through a cheek swab—current practices limit DNA collection only to convicted felons.

Civil liberties questions have been raised about the potential for misuse of such personal information, such as family ties and genetic conditions.

“The DNA collection would be subject to the same privacy laws applied to current DNA sampling,” said Ablin. That means none of it would be used for identifying genetic traits, diseases or disorders. Congress gave the Justice Department the authority to expand DNA collection in two different laws passed in 2005 and 2006. ...


Posted by: DNA for criminals and other tourists at April 17, 2008 11:30 AM

Hey DNA tourist-- I'll be in favor of all police measures, to enforce a rule of law, after we have a democracy in legislating law.

I feel very similar on the issue of the market system, as the fundamental organizing process for all of humanity's production and political economy: I'll be in favor of the "free market" when it's free. Let me print all the money, operate the banking system fbo myself and my cronies, and sure, it will be fine if all the products and services, politicians, wars, as well as healthcare, housing etc are sold at auction for money.

So in conclusion-- we have two broad choices. Make our state and national lawmakers more accountable to the population in general, or, unfortunately, to turn against the government and police. The first choice lays claim to perhaps 5 to 10% of the citizens entire work hours. People are not doing it. The second choice is pretty ghastly. The default, I guess, that is happening now, is simply to concede power to the oligarchs and obey whatever "laws" (barf) they dish up, while they loot the planet.

Posted by: Todd Boyle at April 18, 2008 11:12 AM
Post a comment

Remember personal info?

Hit preview to see your comment as it would be displayed.