Govt biometric ID cards could be vulnerable to fraud, warn experts


Govt biometric ID cards could be vulnerable to fraud, warn experts

Bill Goodwin

A leading biometrics expert has warned the government that biometric ID cards, due to be rolled out from 2007, could be vulnerable to fraud unless it invests in more sophisticated iris recognition technology.

Professor John Daugman, who pioneered the developed of iris recognition at Cambridge University said that the biometric systems under test by the government were not sophisticated enough to distinguish between real and fake eye images.

"I am quite worried about the way that national ID cards will work out if the wrong camera is chosen. This is a technology that depends on choosing the right camera," he said.

Daugman was speaking after a Japanese academic revealed new research at the Biometrics 2004 conference in London, demonstrating that commercial iris recognition readers can be fooled by using eye images printed on paper.

Professor Tsutomo Matsumoto, of Yokohama National University, found that two commercial iris readers could be fooled 100% of the time and a third was fooled 50% of the time.

In the wake of the research, Daugman said it was essential for the government to choose advanced iris recognition cameras cable of distinguishing between real and fake eyes.

Biometric suppliers are in the process of developing readers capable of distinguishing the movement and light reflections of living eyes from iris images, he said.

Fingerprint readers are also at risk from spoofing from "gummy fingers" - artificial fingers made from gelatine, Matsumoto revealed.

He presented research to show how researchers were able to crack the fingerprint protection in a mobile phone and secure PKI token using the fake fingers.

The success of the UK’s ID card scheme would depend on how securely the government is able to store biometric on the central population database, he told Computer Weekly.

"The storage of data on the central database is a crucial issue. Once such information is disclosed, if there is no mechanism to protect the information that might be a problem," he said.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy