The purported threat posed by severed fingers or hands is an oft-used scaremongering argument against biometric security, but in recent years Hollywood directors have painted an even ghastlier scenario – presentation attacks on iris authentication using eyeballs plucked from a victim's head.In movies including Minority Report and Demolition Man, the disembodied eye of a victim is used to fool the biometric security systems of future centuries, so how can today's systems cope?While the question has indeed intrigued security and biometrics experts, it has long been assumed that a dead iris is dead, and that even the most basic liveness detection could prevent false positives. However, new research by Biometrics researcher Adam Czajka, who studies iris liveness detection at both the University of Notre Dame and Warsaw University of Technology, has thrown doubt on these preconceptions.Through detailed study, his team found that dead eyes work on several commercial products many hours after death – and on others, the dead eyes remain viable for up to a fortnight.Planet Biometrics caught up with Adam for a quick Q&A about this work's implications and benefits.The idea of an eyeball plucked from someone's head is pretty grisly, how did your team explore the scenario?Using eyeball plucked from someone's head in biometric spoofing is certainly a scenario proposed in movies. But together with my colleagues, Mateusz Trokielewicz (NASK and Warsaw University of Tech., Poland) and Piotr Maciejewicz (Warsaw Medical University, Poland), we have done a unique study of post-mortem human iris recognition for approximately 20 deceased individuals.Experimental results show that one may expect close-to-perfect iris recognition a few hours after death. Occasionally, in our tests, automatic iris recognition remained viable more than two weeks after death.These findings contradict a common belief that the iris decays soon after death and may have serious consequences for forensics, since this modality may prove useful in a fast identity verification of deceased individuals. This also brings a new attention to presentation attack detection, which should distinguish between living eye and authentic but dead eye. Our results will be presented as BTAS 2016 (Buffalo, NY) and Biometrics 2016 (London, UK) conferences.Do you feel iris is more or less vulnerable to presentation attacks than say voice or fingerprint recognition? Considering also the work by hackers using images of famous politicians' irises.Vulnerability depends on many factors. Indeed, we produce latent fingerprints when touching various surfaces, which is certainly not true for iris.However, a simple gimmick with presenting a paper iris printout to the iris sensor can still successfully spoof iris recognition systems offered today.Selected cameras have also problems with detecting printed contact lenses. So answering your question: systems which seem to be vulnerable due to easiness of data collection (such as latent fingerprints) but with strong presentation attack detection can be at the end less vulnerable than other systems having weak or no appropriate anti-spoofing countermeasures. This is why presentation attack detection is so vital for biometric security.What is your proposed solution to presentation attacks?We have developed various methods, which differ in a way how much investments you have to make to update your iris sensor. Efficient methods detecting “fake” frequencies or anomalies in image texture due to printing process use a single iris image, as used for identification (so no hardware changes are required).More sophisticated method proposed by us recently is based on modeling of pupil dynamics. Since most of living and healthy eyes will involuntarily react to changes in light intensity in a similar way, it is possible to check whether the reaction observed in a recognition transaction is correct. This is an on-going research and we investigate which diseases (such as Adie syndrome) and circumstances (such as stress, alcohol, drugs) may influence this method.