A leading biometrics expert has warned the government
that biometric ID cards, due to be rolled out from 2007, could be
vulnerable to fraud unless it invests in more sophisticated iris
recognition technology.
Professor John Daugman, who pioneered the developed of iris
recognition at Cambridge University said that the biometric systems
under test by the government were not sophisticated enough to
distinguish between real and fake eye images.
"I am quite worried about the way that national ID cards will
work out if the wrong camera is chosen. This is a technology that
depends on choosing the right camera," he said.
Daugman was speaking after a Japanese academic revealed new
research at the Biometrics 2004 conference in London, demonstrating
that commercial iris recognition readers can be fooled by using eye
images printed on paper.
Professor Tsutomo Matsumoto, of Yokohama National University,
found that two commercial iris readers could be fooled 100% of the
time and a third was fooled 50% of the time.
In the wake of the research, Daugman said it was essential for
the government to choose advanced iris recognition cameras cable of
distinguishing between real and fake eyes.
Biometric suppliers are in the process of developing readers
capable of distinguishing the movement and light reflections of
living eyes from iris images, he said.
Fingerprint readers are also at risk from spoofing from "gummy
fingers" - artificial fingers made from gelatine, Matsumoto
revealed.
He presented research to show how researchers were able to crack
the fingerprint protection in a mobile phone and secure PKI token
using the fake fingers.
The success of the UK’s ID card scheme would depend on how
securely the government is able to store biometric on the central
population database, he told Computer Weekly.
"The storage of data on the central database is a crucial issue.
Once such information is disclosed, if there is no mechanism to
protect the information that might be a problem," he said.