Handbook of Biometric Anti-Spoofing

This chapter provides an introduction to Presentation Attack Detection (PAD), also coined anti-spoofing, in fingerprint biometrics, and summarizes key developments for that purpose in the last two decades. After a review of selected literature in the field, we also revisit the potential of quality assessment for presentation attack detection. We believe that, beyond the interest that the described techniques may intrinsically have by themselves, the case study presented may serve as an example of how to develop and validate fingerprint PAD techniques based on common and publicly available benchmarks and following a systematic and replicable protocol.

Fingerprint-based biometric systems have shown reliability in terms of accuracy in both biometric and forensic scenarios. Although fingerprint systems are easy to use, they are susceptible to presentation attacks that can be carried out by employing lifted or latent fingerprints. This work presents a systematic study of the fingerprint presentation attack detection (PAD aka., spoofing detection) using textural features. To this end, this chapter reports an evaluation of both hand-crafted features and naturally learned features via deep learning techniques for fingerprint presentation attack detection. The evaluation is presented on publicly available fake fingerprint database that consists of both bona fide (i.e., real) and presentation attack fingerprint samples captured by capacitive, optical and thermal sensors. The results indicate the need for further approaches that can detect attacks across data from different sensors.

New research in fingerprint biometrics uses optical coherence tomography (OCT) technology to acquire fingerprints from where they originate below the surface of the skin. The penetrative nature of this technology means that rich information is available regarding the structure of the skin. This access, in turn, enables new techniques in detecting spoofing attacks, and therefore also introduces mitigation steps against current presentation attack methods. These techniques include the ability to detect fake fingers; fake layers applied above the skin; differentiate between fakes and surface skin conditions; and liveness detection based on, among others, the analysis of eccrine glands and capillary blood flow from below the surface of the skin. Through advances in the OCT hardware and processing techniques, one has increased capabilities to capture large fingerprint volumes at a reasonable speed at the relevant necessary resolution to detect current known attempts at spoofing. The nature of OCT and the data it produces means that a truly high-security fingerprint acquisition system may exist in the future. This work serves to detail current research in this domain.

A fingerprint verification system is vulnerable to attacks led through the fingertip replica of an enrolled user. The countermeasure is a software/hardware module called fingerprint presentation attacks detector (FPAD) that is able to detect images coming from a real (live) and a spoof (fake) fingertip. We focused our work on the so-called software-based solutions that use a classifier trained with a collection of live and fake fingerprint images in order to determine the liveness level of a finger, that is, the probability that the submitted fingerprint image is not a replica. The chapter goal is to give an overview of FPAD systems by focusing on the problem of the interoperability among different capture devices. In other words, the FPAD performance variation arises when the capture device is substituted by another one, for example, due to upgrading reasons. After a brief summary of the main and most effective state-of-the-art approaches to feature extraction, we introduce the interoperability FPAD problem from the image captured by the fingerprint sensor to the impact on the related feature space and classifier. In particular, we take into account the so-called textural descriptors used for FPAD. We review the state of the art in order to see if and how this problem has been already treated. Finally, a possible solution is suggested and a set of experiments is done to investigate its effectiveness.

A spoof or artifact is a counterfeit biometric that is used in an attempt to circumvent a biometric sensor. Presentation attacks using an artifact have proven to still be effective against fingerprint recognition systems. Liveness detection aims to distinguish between live and fake biometric traits. Liveness detection is based on the principle that additional information can be garnered above and beyond the data procured by a standard authentication system, and this additional data can be used to determine if a biometric measure is authentic. The Fingerprint Liveness Detection Competition (LivDet) goal is to compare both software-based and hardware-based fingerprint liveness detection methodologies. The competition is open to all academic and industrial institutions. The number of competitors grows at every LivDet edition demonstrating a growing interest in the area.

Iris recognition technology has attracted an increasing interest since more than two decades in which we have witnessed a migration from laboratories to real-world applications. The deployment of this technology in real applications raises questions about the main vulnerabilities and security threats related to these systems. Presentation attacks can be defined as presentation of human characteristics or artifacts directly to the input of a biometric system trying to interfere with its normal operation. These attacks include the use of real irises as well as artifacts with different levels of sophistication. This chapter introduces iris presentation attack detection methods and its main challenges. First, we summarize the most popular types of attacks including the main challenges to address. Second, we present a taxonomy of presentation attack detection methods to serve as a brief introduction on this very active research area. Finally, we discuss the integration of these methods into iris recognition systems according to the most important scenarios of practical application.

This chapter presents a comprehensive study on the application of stimulated pupillary light reflex to presentation attack detection (PAD) that can be used in iris recognition systems. A pupil, when stimulated by visible light in a predefined manner, may offer sophisticated dynamic liveness features that cannot be acquired from dead eyes or other static objects such as printed contact lenses, paper printouts, or prosthetic eyes. Modeling of pupil dynamics requires a few seconds of observation under varying light conditions that can be supplied by a visible light source in addition to the existing near-infrared illuminants used in iris image acquisition. The central element of the presented approach is an accurate modeling and classification of pupil dynamics that makes mimicking an actual eye reaction difficult. This chapter discusses new data-driven models of pupil dynamics based on recurrent neural networks and compares their PAD performance to solutions based on the parametric Clynes–Kohn model and various classification techniques. Experiments with 166 distinct eyes of 84 subjects show that the best data-driven solution, one based on long short-term memory, was able to correctly recognize 99.97% of attack presentations and 98.62% of normal pupil reactions. In the approach using the Clynes–Kohn parametric model of pupil dynamics, we were able to perfectly recognize abnormalities and correctly recognize 99.97% of normal pupil reactions on the same dataset with the same evaluation protocol as the data-driven approach. This means that the data-driven solutions favorably compare to the parametric approaches, which require model identification in exchange for a slightly better performance. We also show that observation times may be as short as 3 s when using the parametric model, and as short as 2 s when applying the recurrent neural network without substantial loss in accuracy. Along with this chapter we also offer: (a) all time series representing pupil dynamics for 166 distinct eyes used in this study, (b) weights of the trained recurrent neural network offering the best performance, (c) source codes of the reference PAD implementation based on Clynes–Kohn parametric model, and (d) all PAD scores that allow the reproduction of the plots presented in this chapter. To our best knowledge, this chapter proposes the first database of pupil measurements dedicated to presentation attack detection and the first evaluation of recurrent neural network-based modeling of pupil dynamics and PAD.

Biometric recognition systems have been shown to be susceptible to presentation attacks, the use of an artificial biometric in place of a live biometric sample from a genuine user. Presentation Attack Detection (PAD) is suggested as a solution to this vulnerability. The LivDet-Iris—Iris Liveness Detection Competition started in 2013 strives to showcase the state-of-the- art in presentation attack detection by assessing the software-based iris PAD methods (Part 1), as well as hardware-based iris PAD methods (Part 2) against multiple datasets of spoof and live fingerprint images. These competitions have been open to all institutions, industrial and academic, and competitors which can enter as either anonymous or using the name of their institution. There have been two previous fingerprint competitions through LivDet; 2013 and 2015. LivDet-Iris 2017 is being conducted during 2017. LivDet-Iris has maintained a consistent level of competitors for Part 1: Algorithms throughout the two previous competitions and 2017 competition has begun to garner further interest.

The main scope of this chapter is to serve as a brief introduction to face presentation attack detection. The next pages present the different presentation attacks that a face recognition system can confront, in which an attacker presents to the sensor, mainly a camera, an artifact (generally a photograph, a video, or a mask) to try to impersonate a genuine user. First, we make an introduction of the current status of face recognition, its level of deployment, and the challenges it faces. In addition, we present the vulnerabilities and the possible attacks that a biometric system may be exposed to, showing that way the high importance of presentation attack detection methods. We review different types of presentation attack methods, from simpler to more complex ones, and in which cases they could be effective. Later, we summarize the most popular presentation attack detection methods to deal with these attacks. Finally, we introduce public datasets used by the research community for exploring the vulnerabilities of face biometrics and developing effective countermeasures against known spoofs.

The undeniable convenience of face recognition (FR) based biometrics has made it an attractive tool for access control in various application areas, from airports to remote banking. Widespread adoption of face biometrics, however, depends on the perception of robustness of such systems. One particular vulnerability of FR systems comes from presentation attacks (PA), where a subject A attempts to impersonate another subject B, by presenting, say, a photograph of B to the biometric sensor (i.e., the camera). PAs are the most likely forms of attacks on face biometric systems, as the camera is the only component of the biometric system that is exposed to the outside world. Presentation attack detection (PAD) methods provide an additional layer of security to FR systems. The first edition of the Handbook of Biometric Anti-Spoofing included two chapters on face-PAD. In this chapter we review the significant advances in face-PAD research since the publication of the first edition of this book. In addition to new face-PAD methods designed for color images, we also discuss advances involving other imaging modalities, such as near-infrared (NIR) and thermal imaging. Research on detecting various kinds of attacks, both planar as well as involving three-dimensional masks, is reviewed. The chapter also summarizes a number of recently published datasets for face-PAD experiments.

With the advanced 3D reconstruction and printing technologies, creating a super-real 3D facial mask becomes feasible at an affordable cost. This brings a new challenge to face presentation attack detection (PAD) against 3D facial mask attack. As such, there is an urgent need to solve this problem as many face recognition systems have been deployed in real-world applications. Since this is a relatively new research problem, few studies has been conducted and reported. In order to attract more attentions on 3D mask face PAD, this book chapter summarizes the progress in the past few years, as well as publicly available datasets. Finally, some open problems in 3D mask attack are discussed.

In the current context of digital transformation, the increasing trend in the use of personal devices for accessing online services has fostered the necessity of secure cyberphysical solutions. Biometric technologies for mobile devices, and face recognition specifically, have emerged as a secure and convenient approach. However, such a mobile scenario also brings some specific threats, and spoofing attack detection is, without any doubt, one of the most challenging. Although much effort has been devoted in anti-spoofing techniques over the past few years, there are still many challenges to be solved when implementing these systems in real use cases. This chapter analyses some of the gaps between research and real scenario deployments, including generalisation, usability, and performance. More specifically, we will focus on how to select and configure an algorithm for real scenario deployments, paying special attention to use cases involving limited processing capacity devices (e.g., mobile devices), and we will present a publicly available evaluation framework for this purpose.

In this chapter, the usage of Remote Photoplethysmography (rPPG) as a mean for face presentation attack detection is investigated. Remote photoplethysmography consists in retrieving the heart-rate of a subject from a video sequence containing some skin, and recorded at a distance. To get a pulse signal, such methods take advantage of subtle color variation on skin pixels due to the blood flowing through vessels. Since the inferred pulse signal gives information on the liveness of the recorded subject, it can be used for biometric presentation attack detection (PAD). Inspired by work made for speaker presentation attack detection, we propose to use long-term spectral statistical features of the pulse signal to discriminate real accesses from attack attempts. A thorough experimental evaluation, with different rPPG and classification algorithms is carried on four publicly available datasets containing a wide range of face presentation attacks. Obtained results suggest that the proposed features are effective for this task, and we empirically show that our approach performs better than state-of-the-art rPPG-based presentation attack detection algorithms.

Face presentation attack detection has received increasing attention ever since the vulnerabilities to spoofing have been widely recognized. The state of the art in software-based face anti-spoofing has been assessed in three international competitions organized in conjunction with major biometrics conferences in 2011, 2013, and 2017, each introducing new challenges to the research community. In this chapter, we present the design and results of the three competitions. The particular focus is on the latest competition, where the aim was to evaluate the generalization abilities of the proposed algorithms under some real-world variations faced in mobile scenarios, including previously unseen acquisition conditions, presentation attack instruments, and sensors. We also discuss the lessons learnt from the competitions and future challenges in the field in general.

Over the past few years, significant progress has been made in the field of presentation attack detection (PAD) for automatic speaker recognition (ASV). This includes the development of new speech corpora, standard evaluation protocols and advancements in front-end feature extraction and back-end classifiers. The use of standard databases and evaluation protocols has enabled for the first time the meaningful benchmarking of different PAD solutions. This chapter summarises the progress, with a focus on studies completed in the last 3 years. The article presents a summary of findings and lessons learned from two ASVspoof challenges, the first community-led benchmarking efforts. These show that ASV PAD remains an unsolved problem and that further attention is required to develop generalised PAD solutions which have potential to detect diverse and previously unseen spoofing attacks.

Despite an increasing interest in speaker recognition technologies, a significant obstacle still hinders their wide deployment—their high vulnerability to spoofing or presentation attacks. These attacks can be easy to perform. For instance, if an attacker has access to a speech sample from a target user, he/she can replay it using a loudspeaker or a smartphone to the recognition system during the authentication process. The ease of executing presentation attacks and the fact that no technical knowledge of the biometric system is required to make these attacks especially threatening in practical application. Therefore, late research focuses on collecting data databases with such attacks and on development of presentation attack detection (PAD) systems. In this chapter, we present an overview of the latest databases and the techniques to detect presentation attacks. We consider several prominent databases that contain bona fide and attack data, including ASVspoof 2015, ASVspoof 2017, AVspoof, voicePA, and BioCPqD-PA (the only proprietary database). Using these databases, we focus on the performance of PAD systems in the cross-database scenario or in the presence of “unknown” (not available during training) attacks, as these scenarios are closer to practice, when pretrained systems need to detect attacks in unforeseen conditions. We first present and discuss the performance of PAD systems based on handcrafted features and traditional Gaussian mixture model (GMM) classifiers. We then demonstrate whether the score fusion techniques can improve the performance of PADs. We also present some of the latest results of using neural networks for presentation attack detection. The experiments show that PAD systems struggle to generalize across databases and mostly unable to detect unknown attacks, with systems based on neural networks demonstrating better performance compared to the systems based on handcrafted features.

Current state-of-the-art automatic speaker verification (ASV) systems are prone to spoofing. The security and reliability of ASV systems can be threatened by different types of spoofing attacks using voice conversion, synthetic speech, or recorded passphrase. It is therefore essential to develop countermeasure techniques which can detect such spoofed speech. Inspired by the success of deep learning approaches in various classification tasks, this work presents an in-depth study of convolutional neural networks (CNNs) for spoofing detection in automatic speaker verification (ASV) systems. Specifically, we have compared the use of three different CNNs architectures: AlexNet, CNNs with max-feature-map activation, and an ensemble of standard CNNs for developing spoofing countermeasures, and discussed their potential to avoid overfitting due to small amounts of training data that is usually available in this task. We used popular deep learning toolkits for the system implementation and have released the implementation code of our methods publicly. We have evaluated the proposed countermeasure systems for detecting replay attacks on recently released spoofing corpora ASVspoof 2017, and also provided in-depth visual analyses of CNNs to aid for future research in this area.

The domain of presentation attacks (PAs), including vulnerability studies and detection (PAD), remains very much unexplored by available scientific literature in biometric vein recognition. Contrary to other modalities that use visual spectral sensors for capturing biometric samples, vein biometrics is typically implemented with near-infrared imaging. The use of invisible light spectra challenges the creation of instruments, but does not render it impossible. In this chapter, we provide an overview of current landscape for PA manufacturing in possible attack vectors for vein recognition, describe existing public databases and baseline techniques to counter such attacks. The reader will also find material to reproduce experiments and findings for finger vein recognition systems. We provide this material with the hope that it will be extended to other vein recognition systems and improved in time.

Authentication applications based on the use of biometric methods have received a lot of interest during the last years due to the breathtaking results obtained using personal traits such as face or fingerprint. However, it is important not to forget that these biometric systems have to withstand different types of possible attacks. This work carries out an analysis of different Presentation Attack (PA) scenarios for on-line handwritten signature verification. The main contributions of the present work are: (1) short overview of representative methods for Presentation Attack Detection (PAD) in signature biometrics; (2) to describe the different levels of PAs existing in on-line signature verification regarding the amount of information available to the attacker, as well as the training, effort and ability to perform the forgeries; and (3) to report an evaluation of the system performance in signature biometrics under different PAs and writing tools considering freely available signature databases. Results obtained for both BiosecurID and e-BioSign databases show the high impact on the system performance regarding not only the level of information that the attacker has but also the training and effort performing the signature. This work is in line with recent efforts in the Common Criteria standardization community towards security evaluation of biometric systems, where attacks are rated depending on, among other factors, time spent, effort and expertise of the attacker, as well as the information available and used from the target being attacked.

Presentation attack detection (PAD, also known as anti-spoofing) systems, regardless of the technique, biometric mode or degree of independence of external equipment, are most commonly treated as binary classification systems. The two classes that they differentiate are bona-fide and presentation attack samples. From this perspective, their evaluation is equivalent to the established evaluation standards for the binary classification systems. However, PAD systems are designed to operate in conjunction with recognition systems and as such can affect their performance. From the point of view of a recognition system, the presentation attacks are a separate class that need to be detected and rejected. As the problem of presentation attack detection grows to this pseudo-ternary status, the evaluation methodologies for the recognition systems need to be revised and updated. Consequentially, the database requirements for presentation attack databases become more specific. The focus of this chapter is the task of biometric verification and its scope is three-fold: first, it gives the definition of the presentation attack detection problem from the two perspectives. Second, it states the database requirements for a fair and unbiased evaluation. Finally, it gives an overview of the existing evaluation techniques for presentation attacks detection systems and verification systems under presentation attacks.

Payment applications turn in mass to biometric solutions to authenticate the rightful users of payment services offered electronically. This is due to the new regulatory landscape which puts considerable emphasis on the need of enhanced security for all payment services offered via internet or via other at-distance channels to guarantee the safe authentication and to reduce fraud to the maximum extent possible. The Payment Services Directive (EU) 2015/2366 (PSDII) which applies as of 13 January 2018 in the Member States introduced the concept of strong customer authentication and refers to ‘something the user is’ as authentication element. This chapter analyses this requirement of strong customer authentication for payment services offered electronically and the role of automated biometric presentation attack detection (PAD) as a security measure. PAD measures aid biometric (authentication) technology to recognize persons presenting biometric characteristics as friends or foes. We find that while PSDII remains vague about any obligation to use PAD as a specific security feature for biometric characteristics’s use for authentication, PAD re-enters the scene through the backdoor of the General Data Protection Regulation (EU) 2016/679.

This chapter reports about the relevant international standardization activities in the field of biometrics and specifically describes standards on presentation attack detection that have established a framework including a harmonized taxonomy for terms in the field of liveness detection and spoofing attack detection, an interchange format for data records and moreover a testing methodology for presentation attack detection. The scope and of the presentation attack detection multipart standard ISO/IEC 30107 is presented. Moreover, standards regarding criteria and methodology for security evaluation of biometric systems are discussed.