Iris Liveness Detection — Techniques, Practical Application and Challenges

From Antispoofing Wiki

Iris recognition is considered as an effective method of contactless biometric verification, however, it is not invulnerable to spoofing attacks.

Iris Identification: General Overview & Advantages

Before iris anti-spoofing, there was an early concept of iris recognition that can be attributed to a 1953 clinical textbook Physiology of the Eye by F. H. Adler. The book stated that iris photographs could successfully replace fingerprints in terms of personal identification due to the unique characteristics of the iris. This assumption was based on a similar comment made by a British ophthalmologist J.H. Doggart in 1949, who was possibly influenced by Alphonse Bertillon's research on investigative biometrics.

The practical implementation of the approach began in 1993 when John Daugman published a work on an innovative computer vision algorithm, which was based on the idea that considerably high entropy in various iris sample classes can lead to better pattern recognition. Subsequently, he received a patent on the described technology in 1994. The first commercial iris-scanning system LG IrisAccess 2200 was introduced in 1999.

Iris recognition has a few central advantages. First, it has 240 reference points for identifying a person, while a fingerprint has only 100 reference points. Second, it allows contactless identification, which is especially favorable in the light of the pandemic concerns. Finally, it is successfully used in certain countries like India where iris recognition is part of the UIDAI/Aadhaar program.

Iris Spoofing Attacks

Just like other biometric modalities, an iris recognition system is also prone to spoofing attacks. The major attack types highlighted by experts are: Zero-effort, Photo & Video, Contact Lens, Synthetic, and Postmortem Eye attacks.

Zero-effort attack

The most primitive attack type, in which no eye replicas or code manipulations are used. A perpetrator simply uses their own eye to get verified as someone else, which is possible in certain cases due to the False Match Rate (FMR). In turn, FMR is directly related to False Non-Match Rate when a legitimate person is denied access.

Photo & Video attack

This type involves Presentation Attacks (PAs). An image of a target’s eye retina can be obtained from their social media. The attack is made easier if a high-definition portrait was uploaded, which is possible since modern smartphones have high-resolution cameras (Isocell HP1 sensor offers up to 200 MP). Then the retina image is simply printed on photographic paper or replayed from a screen of a mobile gadget.

Contact Lens attack

A more demanding technique, it requires a lens that copies a target’s eye pattern as well as other unique properties. A textured lens allows superposing synthetic patterns either to masquerade or hide a perpetrator’s original iris pattern.

Synthetic Eye attack

The attack most difficult to execute involves creating a synthetic eye from scratch (glass eye). The method is mostly used in prosthetic eye surgery and employs plastic acryl. Averagely, it takes merely 3.5 hours to produce a prosthesis. However, copying the exact properties of a target’s eye and finessing the result requires a tremendous amount of effort, time and skill.

Cadaver Eye attack

Using a deceased person’s eye is also a potential attack scenario — similar to that observed in finger spoofing attacks. Currently, very few studies have been carried out on such a attack. However, iris recognition can be fooled using a detached or unconscious eye, as in some cases it scans only the eye surface (as opposed to retinal scanning).

General Framework for Iris Liveness Detection

Commonly, an iris recognition system (IRS) includes the following components:

  • Sensor. Commonly machine vision sensors CCD (analogue) or CMOS (digital) that capture the iris image are used.
  • Feature extractor & Comparison module. These are software components responsible for segmentation, template generation, preliminary processing and comparison.
  • Database. It contains vital data regarding iris templates and other necessary information.
  • Communication channel & Actuators. This part involves internal and external communications: between system modules, mechanical actuators and cloud storage.

Correspondingly, all of these elements are vulnerable to certain attacks. For instance, sensors can be subject to PAs, databases can be tampered, feature extraction can suffer from malicious algorithm alteration, etc.

Iris Liveness Detection Methods & Techniques

There are two principal types of Presentation Attack Detection (PAD): Hardware and Software-based.

Hardware-based PAD

To achieve better anti-spoofing results, standard iris sensors are supported with specialized sensors that can measure biological characteristics of an eye. These characteristics include eye tissue density, blood vessel structure, collagen fibers, etc.

  • 3D imaging. Eye geometry and curvature help prevent presentation and replay attacks. This method employs a near-Infrared light source, plus a simple 2D sensor. Together they analyze shadows on a person’s iris, which are created by uneven illumination. Multiple images are also acquired to measure depth of an eye.
  • Multispectral imaging. An eye consists of three anatomical layers, each of which has its own spectrographic parameters. If a spectrographic print of an eye is obtained, it will be possible to assess whether it’s real or synthetic — substitute materials have radically different spectrographic data.
  • Electrooculography. Electrooculogram is a signal stemming from cornea-retinal standing potential. This method is highly accurate in liveness detection but is invasive as electrodes should be placed in the eye region.

These methods are alternatively known as sensor-based approaches.

Software-based PAD

Software-based methods imply feature extraction and analysis. They are separated into static and dynamic approaches. (As opposed to a static, dynamic approach that analyzes multiple iris images put in a sequence.) The proposed techniques focus on:

  • Applying machine learning.
  • Detecting imperfections intrinsic to a printed photo.
  • Exploring quality differences between real and photographed irises.
  • Analyzing gray level values, color, and edges acquired from pixel-level features.

These methods include such techniques as wavelet analysis, Fourier image decomposition, local descriptors, Laplacian transform, and others.

Iris Datasets

There’s an extensive variety of iris datasets: 158 in total, some of which are publicly available. Perhaps the first-known dataset was the UAE database used by prof. Dougman in the early 2000s. The first free available dataset CASIA v. 1 was released in 2003 by the Center for Biometrics and Security Research.

Currently, a number of datasets are available for use:

It should be noted that certain public databases require completion of a usage agreement or are available to academic researchers only.

Iris Recognition Performance Metrics

Performance of an iris detection system is assessed with 4 metrics:

  1. Attack Presentation Classification Error Rate (APCER) — percentage of PAs erroneously classified as bona fide presentations.
  2. Bona Fide Presentation Classification Error Rate (BPCER) — percentage of bona fide presentations erroneously classified as PAs.
  3. Imposter Attack Presentation Match Rate (IAPMR) — percentage of the spoofing attacks that were successfully matched.
  4. Concealer Attack Presentation Non-Match Rate (CAPNMR) — percentage of successful concealer attacks.

Note: CAPNMR metric is similar to the False Non-Match Rate used in identity verification.


  1. Iris recognition by Wikipedia
  2. Alphonse Bertillon
  3. Prof. John Daugman patented the first iris recognition algorithm
  4. High confidence visual recognition of persons by a test of statistical independence
  5. LG IrisAccess 2200
  6. ‘Table of human iris nuances’ was proposed by the French police officer Bertillon in 1892
  7. UIDAI/Aadhaar program
  8. Introduction to Presentation Attack Detection in Iris Biometrics and Recent Advances
  9. Samsung builds the world’s highest-resolution phone camera sensor: 200 MP
  10. The 4 Main Types of Iris Patterns You Should Know (With Images)
  11. Artificial Eye
  12. A high-quality surgical eye prosthesis
  13. Would an iris scan work if you were unconscious or your eyeball was detached?
  14. The electrooculogram
  15. A survey of iris datasets
  16. Center for Biometrics and Security Research
  17. CASIA-IrisV4
  18. ND-CrossSensor-Iris 2012
  19. UFPR-Periocular Dataset - V1
  20. Warsaw-BioBase-Smartphone-Iris v1.0
  21. WVU Synthetic Eye Dataset