@carstein
"Układ żył (to o siatkówcę) jest chyba jedną z lepszych cech biometrycznych i najtrudniej to zebrać od ofiary i podrobić, ale niestety nadal się da podrobić (może @ramone podrzuci źródło)"
www.bbc.co.uk/news/technology-18997580
"In one experiment, the researchers tested their fake irises against a leading commercial-recognition system. In 80% of attempts, they said, the scanner believed it was a real eye."
Wg eksperta, to jest "known vulnerability":
www.planetbiometrics.com/article-details/i/1189/
"Daugman says the vulnerability in question, which involves using an iterative process to relatively quickly reconstruct a workable iris image from an iris template, is a classic "hill-climbing" attack that is a known vulnerability for all biometrics.
Daugman told Planet Biometrics: "I think that the primary vulnerability is the disclosure of an IrisCode template, which this attack depends upon completely. Of course if such an IrisCode template can be obtained, then it could be used directly in a digital attack. There would be no advantage in first converting it back into an image, and then launching an analogue attack using that image."
Daugman continued: "This attack also depends on having the ability to generate an IrisCode template from an image, and to do so repeatedly and iteratively. This is only possible with access to the encoding algorithm or to a device which implements it."
Of course this is what the researchers did using a VeriEye algorithm from Neurotechnology. However, most iris recognition algorithm developers do not openly give access to the SDK required to perform such a task, and as Daugman notes: "The result will be specific to that algorithm.""
Czyli wg Daugmana, zabezpieczenia biometryczne polegaja rowniez na "security through obscurity", co nie wrozy dobrze calej dziedzinie.![]()
![]()
![]()
"Układ żył (to o siatkówcę) jest chyba jedną z lepszych cech biometrycznych i najtrudniej to zebrać od ofiary i podrobić, ale niestety nadal się da podrobić (może @ramone podrzuci źródło)"
www.bbc.co.uk/news/technology-18997580
"In one experiment, the researchers tested their fake irises against a leading commercial-recognition system. In 80% of attempts, they said, the scanner believed it was a real eye."
Wg eksperta, to jest "known vulnerability":
www.planetbiometrics.com/article-details/i/1189/
"Daugman says the vulnerability in question, which involves using an iterative process to relatively quickly reconstruct a workable iris image from an iris template, is a classic "hill-climbing" attack that is a known vulnerability for all biometrics.
Daugman told Planet Biometrics: "I think that the primary vulnerability is the disclosure of an IrisCode template, which this attack depends upon completely. Of course if such an IrisCode template can be obtained, then it could be used directly in a digital attack. There would be no advantage in first converting it back into an image, and then launching an analogue attack using that image."
Daugman continued: "This attack also depends on having the ability to generate an IrisCode template from an image, and to do so repeatedly and iteratively. This is only possible with access to the encoding algorithm or to a device which implements it."
Of course this is what the researchers did using a VeriEye algorithm from Neurotechnology. However, most iris recognition algorithm developers do not openly give access to the SDK required to perform such a task, and as Daugman notes: "The result will be specific to that algorithm.""
Czyli wg Daugmana, zabezpieczenia biometryczne polegaja rowniez na "security through obscurity", co nie wrozy dobrze calej dziedzinie.
 |  |