Anti-Spoofing and Liveness Detection
Biometric Anti-spoofing (or biometric liveness) is a set of preventive measures, which ensure that original or mimicked biometric authorization data cannot be used by impostors for purposes of theft or fraud.
Anti-spoofing is being actively adopted throughout numerous industries including banking, online payments, medicine, mobile phones, security systems, and state security etc. The need for liveness detection and anti-spoofing was created due to the emergence of numerous techniques and options of identity replacement on the Black market. These methods range from primitive usage of stolen portrait photos and deepfake videos to highly complex techniques involving hyper realistic human face masks made of plasticine, silicone, latex, and even materials like conductive liquid polyamide solution that is capable of imitating the touch of human skin.
Anti-spoofing plays a major role in today’s security systems, as it is able to differentiate real humans and their body parts from artificial replicas. Therefore, it has become a necessary tool to raise the effectiveness and reliability of biometric security systems.
Types of biometric anti-spoofing
Anti-spoofing covers a broad spectrum of practical applications including handwriting recognition, fingerprint verification, iris and retinal scanning etc. On the other hand, liveness detection is mostly limited to facial recognition, voice identification, and, a certain level of behavioral characteristics.
What is a Presentation Attack?
Presentation attacks are the main source of threat challenging biometric systems. A presentation attack is defined as:
A Presentation attack takes place when a spoofing tool is presented to a biometrical system. Presentation attack (PAD) is a type of attack, during which a spoofing artifact is presented to the sensors of a targeted system. These artifacts include a vast repertoire of crime tools: fake fingerprints made from gelatin, printed photos, elaborate silicone masks, [[Facial Deepfakes|facial deepfakes]], artificially synthesized voice recordings, etc. Anti-spoofing solutions are designed to combat these attacks. They analyze whether the presented biometric data — eye retina, fingerprints, human voice or face — are genuine or not. Sometimes presentation attacks are accompanied by indirect attacks.
There are various methods a Presentation attack can be initiated or presented to the system.
According to Data Science, facial recognition is the second most popular identification technique, next to fingerprint scanning.
There are two main facial recognition attack types: indirect and presentation. While the indirect attack requires a perpetrator to access the interior of the system, presentation attack aims at the sensor level.
Presentation attacks are seen as the primary source of threat when it comes to spoofing a biometric system. Attackers can carry out a PAD using the following methods:
- Printed Photo. An impostor simply shows a targeted person’s photo to the recognition system. The picture quality may vary.
- Display Attack. A clip containing the image of a user (or a single image) is shown to the camera of the system.
- 2D Mask. The method involves a mask cut out of paper with a face texture
- 3D Mask. A more elaborate method involves a silicon mask, 3D head sculpture, or wax figure, which mimics the user’s face.
- Other. State-of-the-art makeup and plastic surgeries are used as possible attack tools.
To combat these types of spoofing, various methods are suggested. In general, these methods are classified as Active and Passive Facial Anti-spoofing.
Passive methods include frequency and texture-based analysis, Fourier spectral analysis, variable focusing which relies on Depth of Field and Sum Modified Laplacian values, monitoring of eye movement and shape variations through sequential photos, and optical flow analysis (combination of eye movement patterns) etc.
In addition to these methods, solutions based on artificial intelligence and deep learning are also used. They include residual neural network, high frequency, and local binary pattern descriptors, and other similar techniques.
Active Facial Anti-spoofing methods take a more active approach, as a person is asked to do a certain request — smile, blink, raise eyebrows — to double-check the person’s identity.
When combined, these methods form a Presentation Attack Detection (PAD) system which can be integrated into the existing biometric security systems.
Voice spoofing, often featured in voice phishing, targets an Automatic Speaker Verification system (ASV). This system is widely adopted by banks and other financial services, as well as used in the voice-unlocking features integrated into mobile phones.
Similar to facial anti-spoofing, voice liveness recognition deals with direct attacks only. Indirect attacks explore technical vulnerabilities of the AVS, such as poorly protected transmission channels.
There are two attack types that make voice spoofing possible. The first type involves a simple voice recording obtained through methods like hacking and social engineering etc.
The second type is based on impersonating the target’s voice. This type of threat is causing concern due to the emergence of a large number of voice-imitating neural networks similar to Voice AI — which is capable of generating believable voice acting.
Apart from cloning, such neural networks can also disguise an attacker’s voice to mimic that of a legitimate user. To counter this issue, researchers have propose anti-spoofing techniques with the central concept of obtaining additional acoustic information to help the system decide whether the user is a human speaker or not.
One solution is based on analyzing the time-difference-of-arrival that can be observed in phonemes uttered by a living human and define their “speech uniqueness”.
The same study by NEC Corporation also mentions the “pop noise” approach. It implies identifying speech as live or fake, depending on whether the so-called pop noise is present or not.
Pop noise originates when the microphone of a mobile phone picks up random breathing noises or noises produced by the plosive consonants: [p], [b], [k], [g], and others.
Another known technique to prevent voice spoofing is called Void — Voice liveness detection. This open-source solution is based on a simple comparison of vocal spectrograms and does not require deep learning.
Using vocal spectrograms, Void can identify whether the voice is live or not by comparing their sound intensity. It is observed that a recorded voice lacks certain acoustic frequencies and cannot deliver the vocal “fullness”, which a real voice can.
Other types of Anti-spoofing
Fingerprint recognition is still the most popular target among malicious actors. Fingerprints can be obtained through various ways like hacking: in 2015, 5.6 million fingerprints were stolen from Washington’s Office of Personnel Management.
Attackers can replicate stolen fingerprints with various tools and materials including silicone, wood glue, gelatin, and even Dragon Skin typically used for movie productions.
In fingerprint recognition, liveness detection can be achieved using active and passive methods. The active approach verifies authenticity based on the pulse of a person, sweat pore patterns, skin elasticity (almost impossible to imitate) and other similar signals.
On the other hand, passive methods focus on unnatural details of the fingerprint such as lack of certain features that only a real human finger exhibits.
Another form of attack is Iris spoofing. The two most common threats are presentation attacks that involve a high-definition photo of an eye or contact lenses selected to imitate the target’s eyes.
Another form of spoofing that is gaining the attention of security experts are attacks carried out using artificial eye replicas.
Possible countermeasures proposed by researchers include detection of certain behavioral characteristics. For instance, the system can detect authenticity based on hippus — tiny oscillatory movements that happen as a natural reaction to light that are possible only in a real human iris.
Spectrographic data of different eye components — such as melanin pigmentation — can also be used to detect a spoofing attempt.
Anti-spoofing technologies have to be designed in compliance with some security standards in order to establish their reliability.
ISO/IEC 30107 Standard
The ISO/IEC certification pre-defines how attacks and system vulnerabilities should be classified and assessed. It also dictates algorithms and countermeasures for tackling these attacks.
FIDO (from Latin fido — trust) stands for Fast Identity Online. This is an array of security protocols, which allow a quick and safe identity verification without password usage.
FIDO encompasses solutions such as near-filed communication, security tokens, and biometric identification, which is secured with additional standards like Universal Second Factor (U2F) etc.
- Nanotips website
- Facial Recognition: Types of Attacks and Anti-Spoofing Techniques
- Residual neural network, Wikipedia
- Voice phishing, Wikipedia
- Voice Liveness Detection for Medical Devices, Xiali Hei, Bin Hao, Research Gate
- Voice Imitating Text-to-Speech Neural Networks, Younggun, LeeTaesu Kim, Soo-Young Lee, Research Gate
- Witcher 3 mod uses AI to create new voice lines without Geralt’s original voice actor, GamesRadar
- POCO: a Voice Spoofing and Liveness Detection Corpus based on Pop Noise, Kosuke Akimoto, Seng Pei Liewy, Sakiko Mishima, Ryo Mizushima, Kong Aik Lee
- An Overview of Face Liveness Detection, Saptarshi Chakraborty1 and Dhrubajyoti Das
- Plosive Consonants, Wikipedia
- New technique protects consumers from voice spoofing attacks, HelpNetSecurity
- Sound Intensity, Wikipedia
- Millions of fingerprints stolen in US government hack, BBC News
- Smooth-On, Inc. website
- Anti-spoofing method for fingerprint recognition using patch based deep learning machine. Diaa M.Uliyana, Somayeh Sadeghib, Hamid A.Jalab
- A review of iris anti-spoofing. Javier Galbally, Marta Gomez-Barrero
- Hippus, Wikipedia
- ISO/IEC 30107-1:2016, ISO website
- International Electrotechnical Commission, website
- FIDO Alliance, website