Conference PaperPDF Available

Towards Fingerprint Presentation Attack Detection Based on Convolutional Neural Networks and Short Wave Infrared Imaging



Biometric recognition offers many advantages over traditional authentication methods, but they are also vulnerable to, for instance, presentation attacks. These refer to the presentation of artifacts, such as facial pictures or gummy fingers, to the biometric capture device, with the aim of impersonating another person or to avoid being recognised. As such, they challenge the security of biometric systems and must be prevented. In this paper, we present a new fingerprint presentation attack detection method based on convolutional neural networks and multi-spectral images extracted from the finger in the short wave infrared spectrum. The experimental evaluation, carried out on an initial small database but comprising different materials for the fabrication of the artifacts and including unknown attacks for testing, shows promising results: all samples were correctly classified.
Towards Fingerprint Presentation Attack Detection
Based on Convolutional Neural Networks and Short
Wave Infrared Imaging
Ruben Tolosana, Marta Gomez-Barrero, Jascha Kolberg, Aythami Morales,
Christoph Buschand Javier Ortega-Garcia
BiDA Lab - Biometrics and Data Pattern Analytics, Universidad Autonoma de Madrid, Spain
Email: (ruben.tolosana, aythami.morales, javier.ortega)
da/sec - Biometrics and Internet Security Research Group, Hochschule Darmstadt, Germany
Email: (marta.gomez-barrero, jascha.kolberg, christoph.busch)
Abstract—Biometric recognition offers many advantages over
traditional authentication methods, but they are also vulnerable
to, for instance, presentation attacks. These refer to the presenta-
tion of artifacts, such as facial pictures or gummy fingers, to the
biometric capture device, with the aim of impersonating another
person or to avoid being recognised. As such, they challenge
the security of biometric systems and must be prevented. In
this paper, we present a new fingerprint presentation attack
detection method based on convolutional neural networks and
multi-spectral images extracted from the finger in the short wave
infrared spectrum. The experimental evaluation, carried out on
an initial small database but comprising different materials for
the fabrication of the artifacts and including unknown attacks
for testing, shows promising results: all samples were correctly
Keywords—Presentation attack detection; biometrics; finger-
print; SWIR; CNN
Deep Learning (DL) has become a thriving topic in the
last years [1], allowing computers to learn from experience
and understand the world in terms of a hierarchy of simpler
units. This way, DL has enabled significant advances in
complex domains such as natural language processing [2] and
computer vision [3], among many others. The main reasons to
understand its high deployment lie on the increasing amount
of available data, which thereby allows the succesfull training
of deep architectures. These can in turn outperform other
traditional machine learning techniques. However, the belief
that DL architectures can be only used for those tasks with
massive amounts of available data is changing thanks to the
development of, for instance, pre-trained models. This concept
refers to network models that are trained for a given task with
large available databases, and then are retrained (a.k.a. fine-
tuned, adapted) for a different task for which data are usually
scarce. All these advances have allowed the deployment of
DL architectures in many different fields, such as biometric
recognition [4], [5].
Biometrics refers to automated recognition of individu-
als based on their biological (e.g., iris or fingerprint) or
behavioural (e.g., signature or voice) characteristics. Even
if biometric recognition systems offer numerous advantages
over traditional authentication methods (e.g., they provide a
stronger link between subject and identity, and they cannot be
lost or forgotten), they are also vulnerable to external attacks.
Among all possible attack points [6], the biometric capture
device is probably the most exposed one: no further knowledge
about the inner functioning of the system is required to launch
an attack. Such attacks are known in the ISO/IEC IS 30107 [6]
as presentation attacks (PA), and refer to the presentation to
the capture device of a presentation attack instrument (PAI),
such as a fingerprint overlay, in order to interfere with its
intended behaviour.
To be able to prevent PAs, techniques able to automatically
distinguish between bona fide (i.e., real or live) presentations
and access attempts carried out by means of PAIs must be
developed [7]. They are known as presentation attack detection
(PAD) methods. A considerable attention has been directed
to the development of efficient PAD approaches within the
last decade for several biometric characteristics, including iris
[8], fingerprint [9], or face [10]. In particular, within the
DL community, Convolutional Neural Networks (CNNs) have
been used for fingerprint PAD purposes, based either on the
complete fingerprint samples [11], [12] or on a patch-wise
manner [13], [14]. In addition, a Deep Belief Network (DBN)
system with multiple layers of Restricted Boltzmann Machines
(RBMs) was used in [15] also for fingerprint PAD. A more
general approach was tested on face, iris, and fingerprint data
in [16].
All the aforementioned DL PAD approaches achieve accu-
racy detection rates over 90% on the freely available LivDet
[17] and ATVS-FFp databases [18]. Such high accuracy rates
indicate not only the valuable contributions of the authors
but also that other databases, comprising a larger number of
materials for the fabrication of the PAIs, should be explored.
However, one question remains unanswered: will unknown
attacks also be detected? From the aforementioned works,
only Chugh et al. considered a wider database comprising
over twelve different PAI fabrication materials in [14]. Part
of the materials were used as unknown attacks, showing that
©2018 Gesellschaft für Informatik e.V., Bonn, Germany
Authorized licensed use limited to: Universidad Autonoma de Madrid. Downloaded on April 04,2022 at 14:20:01 UTC from IEEE Xplore. Restrictions apply.
(a) (b) (c) (d) (e) (f) (g) (h) (i)
Fig. 1: (a) Bona fide sample captured at 1200 nm, and cropped ROIs corresponding to: (b) to (e) a bona fide sample, and (f)
to (i) a silicone PAI, for the selected wavelengths.
the error rates were multiplied up to six times with respect to
the evaluation carried out on known attacks. Therefore, some
more research is needed in this area.
To further tackle these issues with unknown attacks, some
researchers have started considering other sources of informa-
tion different of the traditional fingerprint capture devices [8],
[9]. More specifically, the use of multi-spectral infrared tech-
nologies has been studied for face [19] and fingerprint [20],
[21]. More recently, the characteristic remission properties of
the human skin for multi-spectral Short Wave Infrared (SWIR)
wavelengths was exploited in [19] for facial PAD, achieving
a 99% detection accuracy.
In this context, we propose a fingerprint PAD method based
on CNNs and multi-spectral SWIR finger samples captured in
the range 1200 nm – 1550 nm. To the best of our knowledge,
this is the first study exploring the potential of SWIR imaging
and CNNs for fingerprint PAD, on a small database in terms
of samples but considering a wide variety of PAI species
(i.e., both complete thick gummy fingers and more challenging
overlays). We successfully detected all of them. It should also
be highlighted that only six PAIs were used for training, thus
being able to test the remaining six PAIs as unknown attacks
(i.e., attacks not seen previously by the classifier, thereby
representing a bigger challenge and a better representation of
a real-world scenario).
The rest of the article is organised as follows. The SWIR
sensor and fingerprint PAD method proposed are described in
Sect. II. Sect. III presents the experimental protocol and the
results obtained in this work. Final conclusions are drawn in
Sect. IV.
A. Short Wave Infrared (SWIR) Imaging
The capture device comprises two sensors for SWIR and
visible spectrum (VIS) wavelenghts, which are placed next
to each other inside a closed box. Next to them, the LEDs
for the corresponding wavelengths illuminate the finger. The
box includes an open slot on the top where the user stands
the finger during the acquisition. When the finger is placed
there, all ambient light is blocked and thus only the desired
wavelengths are used for the acquisition. In particular, we have
used a Hamamatsu InGaAs SWIR sensor array, which captures
images of 64×64 pixels, with a 25 mm fixed focal length lens
optimised for wavelengths within 900 – 1700 nm. We have
considered the following SWIR wavelengths: 1200 nm, 1300
nm, 1450 nm, and 1550 nm, similar to the ones considered
in [19] for the skin vs. non-skin facial classification. Fig. 1a
shows the acquired image of a bona fide sample for the 1200
nm wavelength. In addition, and although is out of the scope
of this work, fingerprint verification can be carried out with
contactless finger photos acquired in the visible spectrum with
a 1.3 MP camera and a 35 mm VIS-NIR lens.
In order to utilise only foreground finger information, a
preprocessing stage is first applied to the original image (Fig.
1a) so as to select the region of interest (ROI), corresponding
to the open slot where the finger is placed. The ROIs of the
bona fide sample for all SWIR wavelengths, with a size of
18 ×58 px, are depicted from Fig. 1b to 1e.
Finally, Fig. 1f to 1i also shows a silicone PAI. Some
differences may be observed if we compare the images to
those captured from a bona fide presentation: whereas for the
bona fide, the images show a decrease in the intensity value
for bigger wavelengths, this is not the case for the PAI. Such
trend will be hence exploited by the PAD method.
B. Convolutional Neural Networks (CNNs)
CNNs have been one of the most successful network
architectures in the last years. Some of their key design
principles were drawn from the findings of the Neurophysiol-
ogists Nobel Prizes David Hubel and Torsten Wiesel in the
field of human vision [1]. CNN-based systems are mainly
composed of convolutional and pooling layers. The former
extracts patterns from the images through the application
of several convolutions in parallel to local regions of the
images. These convolutional operations are carried out by
means of different kernels (adapted by the learning algorithm)
that assign a weight to each pixel of the local region of
the image depending on the type of patterns to be extracted.
Therefore, each kernel of one convolutional layer is focused
on extracting different patterns such as horizontal or vertical
edges. The output of these operations produces a set of linear
activations (a.k.a. feature map) that serve as input to nonlinear
activations such as the rectified linear activation function
(ReLU). Finally, it is common to use pooling layers to make
the representation invariant to small translations of the input.
The pooling function replaces the output of the net at a certain
Authorized licensed use limited to: Universidad Autonoma de Madrid. Downloaded on April 04,2022 at 14:20:01 UTC from IEEE Xplore. Restrictions apply.
.5"6 .5"6 .5"6 .5"6
&631,5!$ *!"!$
Fig. 2: Architecture of our Proposed CNN-based system for fingerprint PAD. FS denotes the filter size of the kernels.
region with a statistical summary of the nearby outputs. For
instance, the max-pooling function selects the maximum value
of the region.
Since, to the best of our knowledge, there are no public
databases of SWIR finger images, the available data is not
enough to train the entire CNN from scratch. Therefore,
we propose a combination of CNN pre-trained models and
fine-tuning. Fine-tuning techniques have a two-fold objective,
namely: i)replace and retrain the classifier (i.e., the fully-
connected layers) of the pre-trained model to our specific task,
and ii)adapt the weights of all or some of the convolutional
layers. In particular, we have used the VGG19 pre-trained
model [22], which achieved the second place in the classifica-
tion task of the ImageNet 2014 challenge with a total of 1,000
classes such as animals, vehicles, etc. This model comprises a
total of 16 convolutional layers and 3 fully-connected layers,
and has been modified for the specific task of fingerprint PAD.
Fig. 2 shows the final architecture of the proposed system.
The input of the network is an RGB image where each
dimension consists of SWIR images captured at different
wavelengths or combinations of them. In order to optimise
the input, an exhaustive analysis was carried out using a
development dataset to minimise the intra-class variability of
the bona fide class, and at the same time maximise the inter
class variability between bona fide and PA samples. The best
combination found was: i)1550 nm, ii)1450 nm, and iii)a
combination of both wavelengths.
Then, given the data scarcity and the small input size,
we have reduced the complexity of the original VGG19 pre-
trained model by eliminating one of the 3 fully-connected
layers. In addition, the number of neurons of the first fully-
connected layer is reduced to 32 instead of 512. Regarding
the retraining of the VGG19 model, as depicted in Fig. 2, the
first 4 convolutional blocks of the CNN network are frozen,
whereas the weights of the last convolutional block and fully-
connected layers are adapted to the fingerprint PAD task (see
vertical line separating the two groups of layers). The reason
behind this fine-tuning technique lies on the fact that the
first layers of the CNN extract more general features related
to directional edges and colours, whereas last layers of the
network are in charge of extracting more abstract features
related to the specific task.
Finally, the softmax classification layer of the original
VGG19 pre-trained model is replaced for a sigmoid activation
layer in order to provide output scores between 0 (bona fides)
and 100 (PAs), as required in the ISO/IEC 30107-3 on PAD
evaluation and reporting [23].
The proposed CNN-based system is implemented under
the Keras framework using Tensorflow as back-end, with a
NVIDIA GeForce GTX 1080 GPU. For the fine-tuning of the
layers we consider Adam optimizer with a learning rate value
of 0.001 and a loss function based on binary cross-entropy.
In the next sections, we describe the experimental protocol
followed and discuss the results obtained.
A. Database and Experimental Protocol
The selection of the PAI fabrication materials is based on
the requirements of IARPA ODIN program evaluation, cov-
ering the most challenging PAIs. In particular, the following
twelve different PAIs are considered in the experiments: 3D
printed fingerprint and 3D printed fingerprint coated with
silver paint to mimic the conductive properties of the skin;
fingers fabricated with blue and green wax, gelatine, playdoh,
silly putty, and silicone; overlays fabricated with dragon skin
and urethane; and fingerprints printed on regular matte paper
and on transparency paper. The bona fide samples have been
captured from seven out of ten fingers in order to increase
the variability. For each bona fide and PAI, between one and
four samples have been acquired. This database was captured
by our BATL project partners at the University of South
Authorized licensed use limited to: Universidad Autonoma de Madrid. Downloaded on April 04,2022 at 14:20:01 UTC from IEEE Xplore. Restrictions apply.
 
Fig. 3: Evolution of the loss function with the number of
epochs for the development datasets. Our selected CNN model
is indicated using a small green vertical line.
In order to perform a clear analysis of our proposed ap-
proach, the database has been divided into development and
test datasets. Moreover, the development dataset is divided into
training and validation datasets that are used for selecting the
best configuration of our proposed CNN-based system and
adjusting the weights of the final layers of the network. The
training dataset comprises 6 bona fides and 6 PAI samples.
For the PAIs, we have chosen one sample of dragon skin,
blue wax, gelatine, playdoh, silicon, and printed fingerprint.
Regarding the validation dataset, a total of 3 bona fides and
3 PAI samples are considered. In this case, only blue wax,
playdoh and printed fingerprint PAIs are selected. Finally, the
test dataset considered for the final evaluation of the system
includes the samples not seen for the network during the
development stage (4 bona fides and 38 PAs). It is important to
remark that only six out of twelve available PAIs are used for
the development of the proposed method in order to evaluate
the robustness of our system to new types of PAIs that can
arise (i.e., unknown attacks).
Finally, in compliance with the ISO/IEC IS 30107-3 on
Biometric presentation attack detection - Part 3: Testing and
Reporting [23], the following metrics are used to evaluate
the performance of the PAD method: i)Attack Presentation
Classification Error Rate (APCER), or percentage of attack
presentations wrongly classified as bona fide presentations;
and ii)Bona Fide Presentation Classification Error Rate
(BPCER), or percentage of bona fide presentations wrongly
classified as presentation attacks.
B. Results
Fig. 3 shows the evolution of the loss function with the
number of epochs for the development datasets. It is important
to remark that very similar loss values are obtained for
both training and validation datasets along all the epochs,
thus showing the robustness of the features extracted by the
CNN. The proposed CNN model is selected after 16 epochs,
providing a final loss value of 0 for both training and validation
Then, the fingerprint PAD method is evaluated using new
samples from the test dataset. It is worth noting that these
samples have not been used during the development of the
system, thus yielding unbiased results. The proposed approach
achieves final values of 0% APCER and BPCER, proving the
success of considering fine-tuning techniques over pre-trained
model even with small amounts of data.
Finally, it should be highlighted that all new types of PAIs
(e.g. green wax, urethane, or silly putty), which were not
considered during the development of our proposed CNN-
based system, are correctly detected as PAs. This means
that the classifier is robust to all previously unseen attacks
considered, thereby proving the soundness of the approach.
We may thus conclude that the proposed SWIR sensor and
fingerprint PAD method are able to detect unknown attacks.
We have presented a novel fingerprint presentation attack
detection approach based on CNNs and SWIR multi-spectral
images. Based on an exhaustive analysis of the intra- and inter-
class variability, two SWIR wavelengths and their combination
were selected as input for the network.
The experimental evaluation yields a BPCER = 0% (i.e.,
highly convenient system) and at the same time APCER = 0%
(i.e, highly secure). In fact, even unknown attacks are correctly
detected, thereby showing the promising performance of the
proposed method, in spite of the small training set (six bona
fides and six PAIs). This is partly due to the use of pre-trained
CNN models.
As future work lines, we will acquire a bigger database,
comprising more PAIs and more bona fide samples, in order
to further test the performance of the algorithm for both known
and unknown attacks.
This research is based upon work supported in part by
the Office of the Director of National Intelligence (ODNI),
Intelligence Advanced Research Projects Activity (IARPA)
under contract number 2017-17020200005. The views and
conclusions contained herein are those of the authors and
should not be interpreted as necessarily representing the offi-
cial policies, either expressed or implied, of ODNI, IARPA,
or the U.S. Government. The U.S. Government is authorized
to reproduce and distribute reprints for governmental purposes
notwithstanding any copyright annotation therein. This work
was carried out during an internship of R. Tolosana at da/sec.
R. Tolosana is supported by a FPU Fellowship from Spanish
[1] I. Goodfellow, Y. Bengio, and A. Courville, Deep Learning. MIT Press,
[2] I. Sutskever, O. Vinyals, and Q.-V. Le, “Sequence to sequence learning
with neural networks,” in Proc. NIPS, 2014.
[3] B. Zhou, A. Khosla et al., “Learning deep features for discriminative
localization,” in Proc. CVPR, 2016.
[4] A. Rattani and R. Derakhshani, “On fine-tuning convolutional neural
networks for smartphone based ocular recognition,” in Proc. IJCB, 2017.
Authorized licensed use limited to: Universidad Autonoma de Madrid. Downloaded on April 04,2022 at 14:20:01 UTC from IEEE Xplore. Restrictions apply.
[5] R. Tolosana, R. Vera-Rodriguez et al., “Exploring recurrent neural
networks for on-line handwritten signature biometrics,” IEEE Access,
pp. 1 – 11, 2018.
[6] ISO/IEC JTC1 SC37 Biometrics, ISO/IEC 30107-1. Information Tech-
nology - Biometric presentation attack detection - Part 1: Framework,
ISO, 2016.
[7] S. Marcel, M. Nixon, and S.-Z. Li, Eds., Handbook of Biometric Anti-
Spoofing. Springer, 2014.
[8] J. Galbally and M. Gomez-Barrero, “Presentation attack detection in
iris recognition,” in Iris and Periocular Biometrics, C. Busch and
C. Rathgeb, Eds. IET, Aug. 2017.
[9] C. Sousedik and C. Busch, “Presentation attack detection methods for
fingerprint recognition systems: a survey,IET Biometrics, vol. 3, no. 4,
pp. 219–233, 2014.
[10] J. Galbally, S. Marcel, and J. Fierrez, “Biometric antispoofing methods:
A survey in face recognition,IEEE Access, vol. 2, pp. 1530–1552,
[11] R.-F. Nogueira, R. de Alencar Lotufo, and R. C. Machado, “Fingerprint
liveness detection using convolutional neural networks,” IEEE TIFS,
vol. 11, no. 6, pp. 1206–1213, 2016.
[12] H.-U. Jang, H.-Y. Choi et al., “Fingerprint spoof detection using contrast
enhancement and convolutional neural networks,” in Proc. ICISA, 2017,
pp. 331–338.
[13] A. Toosi, S. Cumani, and A. Bottino, “CNN patch-based voting for
fingerprint liveness detection,” in Proc. IJCCI, 2017.
[14] T. Chugh, K. Cao, and A.-K. Jain, “Fingerprint spoof buster: Use of
minutiae-centered patches,” IEEE TIFS, vol. 13, no. 9, pp. 2190–2202,
[15] S. Kim, B. Park et al., “Deep belief network based statistical feature
learning for fingerprint liveness detection,Pattern Recognition Letters,
vol. 77, pp. 58–65, 2016.
[16] D. Menotti, G. Chiachia et al., “Deep representations for iris, face, and
fingerprint spoofing detection,” IEEE TIFS, vol. 10, no. 4, pp. 864–879,
[17] “Livdet - liveness detection competitions,” 2009–2017. [Online].
[18] J. Galbally, J. Fierrez et al., “Evaluation of direct attacks to fingerprint
verification systems,” Telecommunication Systems, vol. 47, no. 3-4, pp.
243–254, 2011.
[19] H. Steiner, S. Sporrer et al., “Design of an active multispectral SWIR
camera system for skin detection and face verification,” Journal of
Sensors, vol. 2016, 2016.
[20] R.-K. Rowe, K.-A. Nixon, and P.-W. Butler, Multispectral Fingerprint
Image Acquisition. Springer London, 2008, pp. 3–23.
[21] S. Chang, K. Larin et al., “Fingerprint spoof detection by NIR optical
analysis,” in State of the Art in Biometrics. InTech, 2011, pp. 57–84.
[22] K. Simonyan and A. Zisserman, “Very deep convolutional networks for
large-scale image recognition,” in Proc. ICLR, 2015.
[23] ISO/IEC JTC1 SC37 Biometrics, ISO/IEC IS 30107-3. Information
Technology - Biometric presentation attack detection - Part 3: Testing
and Reporting, ISO, 2017.
Authorized licensed use limited to: Universidad Autonoma de Madrid. Downloaded on April 04,2022 at 14:20:01 UTC from IEEE Xplore. Restrictions apply.
... The hardware-based approaches involve adding an additional sensor to capture additional information besides the fingerprint image for the matching algorithm. A variety of physical features can be collected with additional sensors such as temperature, blood pressure, or heartbeat [8][9][10]. In general, hardware-based methods can be more accurate than software-based ones, but they are costly and complicated. ...
... The hardware-based approaches involve adding an additional sensor to capture additional information besides the fingerprint image for the matching algorithm. A variety of physical features can be collected with additional sensors such as temperature, blood pressure, or heartbeat [8][9][10]. In general, hardwarebased methods can be more accurate than software-based ones, but they are costly and complicated. ...
Full-text available
With the rapid growth of fingerprint-based biometric systems, it is essential to ensure the security and reliability of the deployed algorithms. Indeed, the security vulnerability of these systems has been widely recognized. Thus, it is critical to enhance the generalization ability of fingerprint presentation attack detection (PAD) cross-sensor and cross-material settings. In this work, we propose a novel solution for addressing the case of a single source domain (sensor) with large labeled real/fake fingerprint images and multiple target domains (sensors) with only few real images obtained from different sensors. Our aim is to build a model that leverages the limited sample issues in all target domains by transferring knowledge from the source domain. To this end, we train a unified generative adversarial network (UGAN) for multidomain conversion to learn several mappings between all domains. This allows us to generate additional synthetic images for the target domains from the source domain to reduce the distribution shift between fingerprint representations. Then, we train a scale compound network (EfficientNetV2) coupled with multiple head classifiers (one classifier for each domain) using the source domain and the translated images. The outputs of these classifiers are then aggregated using an additional fusion layer with learnable weights. In the experiments, we validate the proposed methodology on the public LivDet2015 dataset. The experimental results show that the proposed method improves the average classification accuracy over twelve classification scenarios from 67.80 to 80.44% after adaptation.
... The results show 44% improvements in detecting novel materials on Livedet 2011 dataset. Tolosona et al. [49] used a VGG pre-trained network as a PAD method in the finger recognition system. They use ShortWave Infrared Imaging (SWIR) images since the skin reflection within the SWIR spectrum of 900-1700 nm is independent of the skin tone as analyzed by the National Institute of Standards Technology (NIST). ...
... A total number of six unknown PAIs were detected by their PAD method, giving high convenience and secure, supervised PAD method. The same hardware developed by [49] is capable of capturing finger vein images (i.e., Visible Light Images, VIS) and speckle contrast images (LSCI) in addition to SWIR images. Gomez-Barrero et al. [15] proposed a multi-modal finger PAD method where they use different ad-hoc approaches in parallel for each image type, and several SVM classifications are set to output a score of each ad-hoc approach where the final score is given by the weighted sum of all individual scores obtained. ...
Fingerprint recognition systems are widely deployed in various real-life applications as they have achieved high accuracy. The widely used applications include border control, automated teller machine (ATM), and attendance monitoring systems. However, these critical systems are prone to spoofing attacks (a.k.a presentation attacks (PA)). PA for fingerprint can be performed by presenting gummy fingers made from different materials such as silicone, gelatine, play-doh, ecoflex, 2D printed paper, 3D printed material, or latex. Biometrics Researchers have developed Presentation Attack Detection (PAD) methods as a countermeasure to PA. PAD is usually done by training a machine learning classifier for known attacks for a given dataset, and they achieve high accuracy in this task. However, generalizing to unknown attacks is an essential problem from applicability to real-world systems, mainly because attacks cannot be exhaustively listed in advance. In this survey paper, we present a comprehensive survey on existing PAD algorithms for fingerprint recognition systems, specifically from detecting unknown PAD. We categorize PAD algorithms, point out their advantages/disadvantages, and future directions for this area.
... Several hardware and software-based solutions to detecting spoof attacks have been proposed. Hardware based solutions include specialized sensors that leverage various "liveness" cues at the time of acquisition, such as conductivity of the material/finger, sub-dermal imaging, and multi-spectral lighting [41], [42], [43], [44], [45], [46]. On the other hand, software based solutions typically rely on only the information captured in the grayscale image acquired by the fingerprint reader [47], [48], [49], [50], [51], [52], [38]. ...
A major limitation to advances in fingerprint spoof detection is the lack of publicly available, large-scale fingerprint spoof datasets, a problem which has been compounded by increased concerns surrounding privacy and security of biometric data. Furthermore, most state-of-the-art spoof detection algorithms rely on deep networks which perform best in the presence of a large amount of training data. This work aims to demonstrate the utility of synthetic (both live and spoof) fingerprints in supplying these algorithms with sufficient data to improve the performance of fingerprint spoof detection algorithms beyond the capabilities when training on a limited amount of publicly available real datasets. First, we provide details of our approach in modifying a state-of-the-art generative architecture to synthesize high quality live and spoof fingerprints. Then, we provide quantitative and qualitative analysis to verify the quality of our synthetic fingerprints in mimicking the distribution of real data samples. We showcase the utility of our synthetic live and spoof fingerprints in training a deep network for fingerprint spoof detection, which dramatically boosts the performance across three different evaluation datasets compared to an identical model trained on real data alone. Finally, we demonstrate that only 25% of the original (real) dataset is required to obtain similar detection performance when augmenting the training dataset with synthetic data.
... To defend against these types of attacks, various software solutions for liveness detection have been implemented over the years [15]. As with other biometrics, presentation attack detection techniques have also undergone an evolution passing from the analysis of ridges and valleys, to local hand-crafted methods based on morphology, color and texture analysis such as BSIF and LBP [28,11,14], and to more modern deep-learning techniques [12,25]. ...
Fingerprint authentication systems are highly vulnerable to artificial reproductions of fingerprint, called fingerprint presentation attacks. Detecting presentation attacks is not trivial because attackers refine their replication techniques from year to year. The International Fingerprint liveness Detection Competition (LivDet), an open and well-acknowledged meeting point of academies and private companies that deal with the problem of presentation attack detection, has the goal to assess the performance of fingerprint presentation attack detection (FPAD) algorithms by using standard experimental protocols and data sets. Each LivDet edition, held biannually since 2009, is characterized by a different set of challenges against which competitors must be dealt with. The continuous increase of competitors and the noticeable decrease in error rates across competitions demonstrate a growing interest in the topic. This paper reviews the LivDet editions from 2009 to 2021 and points out their evolution over the years.
... Generally, PAD methods can often be divided into two categories, i.e. hardware and software based approaches [11,15]. For hardware approaches, special sensors such as imaging technologies based on multispectral, short-wave infrared and, optical coherent tomography (OCT), have been developed to extract live features like odor, blood flow and, heartbeat to discriminate the live samples from spoof samples [2,5,[16][17][18][19][20][21][22][23][24][25]. For instance, a spectroscopy-based device proposed by Nixon et al. [21] can obtain the spectral features of the fingertip, which has been proven to effectively distinguish between spoof and live fingertip. ...
Due to the diversity of attack materials, fingerprint recognition systems (AFRSs) are vulnerable to malicious attacks. It is of great importance to propose effective Fingerprint Presentation Attack Detection (PAD) methods for the safety and reliability of AFRSs. However, current PAD methods often have poor robustness under new attack materials or sensor settings. This paper thus proposes a novel Channel-wise Feature Denoising fingerprint PAD (CFD-PAD) method by considering handling the redundant "noise" information which ignored in previous works. The proposed method learned important features of fingerprint images by weighting the importance of each channel and finding those discriminative channels and "noise" channels. Then, the propagation of "noise" channels is suppressed in the feature map to reduce interference. Specifically, a PA-Adaption loss is designed to constrain the feature distribution so as to make the feature distribution of live fingerprints more aggregate and spoof fingerprints more disperse. Our experimental results evaluated on LivDet 2017 showed that our proposed CFD-PAD can achieve 2.53% ACE and 93.83% True Detection Rate when the False Detection Rate equals to 1.0% (TDR@FDR=1%) and it outperforms the best single model based methods in terms of ACE (2.53% vs. 4.56%) and TDR@FDR=1%(93.83% vs. 73.32\%) significantly, which proves the effectiveness of the proposed method. Although we have achieved a comparable result compared with the state-of-the-art multiple model based method, there still achieves an increase of TDR@FDR=1% from 91.19% to 93.83% by our method. Besides, our model is simpler, lighter and, more efficient and has achieved a 74.76% reduction in time-consuming compared with the state-of-the-art multiple model based method. Code will be publicly available.
... Hussein et al. [35] proposed a novel hardware-based method based on two sensing modalities, i.e., MS illumination in the SWIR spectrum (wavelength range from 1200 to 1550 nm) and laser speckle contrast imaging (LSCI). The authors evaluated the effectiveness of both modalities by developing a touchless prototype fingerprint imaging system that was designed to capture images in the visible domain for verification, and in the SWIR domain and LSCI for FPAD. ...
Full-text available
Nowadays, the number of people that utilize either digital applications or machines is increasing exponentially. Therefore, trustworthy verification schemes are required to ensure security and to authenticate the identity of an individual. Since traditional passwords have become more vulnerable to attack, the need to adopt new verification schemes is now compulsory. Biometric traits have gained significant interest in this area in recent years due to their uniqueness, ease of use and development, user convenience and security. Biometric traits cannot be borrowed, stolen or forgotten like traditional passwords or RFID cards. Fingerprints represent one of the most utilized biometric factors. In contrast to popular opinion, fingerprint recognition is not an inviolable technique. Given that biometric authentication systems are now widely employed, fingerprint presentation attack detection has become crucial. In this review, we investigate fingerprint presentation attack detection by highlighting the recent advances in this field and addressing all the disadvantages of the utilization of fingerprints as a biometric authentication factor. Both hardware- and software-based state-of-the-art methods are thoroughly presented and analyzed for identifying real fingerprints from artificial ones to help researchers to design securer biometric systems.
... Although this category imposes additional hardware cost, it can detect presentation attacks with remarkable accuracy. Tolosana et al. [15] used multispectral imaging within the short-wave infrared (SWIR) spectrum and fine tuned convolutional neural networks (CNNs) to study a small dataset of bona fide and 12 presentation attack instrument (PAI) species. In their experiment, the authors reported 100% classification accuracy. ...
Full-text available
Fingerprint recognition systems have been widely deployed in authentication and verification applications, ranging from personal smartphones to border control systems. Recently, the biometric society has raised concerns about presentation attacks that aim to manipulate the biometric system’s final decision by presenting artificial fingerprint traits to the sensor. In this paper, we propose a presentation attack detection scheme that exploits the natural fingerprint phenomena, and analyzes the dynamic variation of a fingerprint’s impression when the user applies additional pressure during the presentation. For that purpose, we collected a novel dynamic dataset with an instructed acquisition scenario. Two sensing technologies are used in the data collection, thermal and optical. Additionally, we collected attack presentations using seven presentation attack instrument species considering the same acquisition circumstances. The proposed mechanism is evaluated following the directives of the standard ISO/IEC 30107. The comparison between ordinary and pressure presentations shows higher accuracy and generalizability for the latter. The proposed approach demonstrates efficient capability of detecting presentation attacks with low BPCER where BPCER is 0% for an optical sensor and 1.66% for a thermal sensor at 5% APCER for both.
... Hardware approaches deploy additional sensors (e.g. depth, IR cameras, multispectral illumination, etc.) to capture features which differentiate bonafide acquisitions from PAs [98][99][100][101][102][103][104][105][106][107][108][109]. In contrast, software based solutions extract anatomical, physiological, textural, challenge response, or deep network based features to classify an input sample as live (bonafide) or presentation attack (spoof) [37,38,93,[95][96][97][110][111][112][113][114][115][116][117][118][119]. ...
Over the past two decades, biometric recognition has exploded into a plethora of different applications around the globe. This proliferation can be attributed to the high levels of authentication accuracy and user convenience that biometric recognition systems afford end-users. However, in-spite of the success of biometric recognition systems, there are a number of outstanding problems and concerns pertaining to the various sub-modules of biometric recognition systems that create an element of mistrust in their use - both by the scientific community and also the public at large. Some of these problems include: i) questions related to system recognition performance, ii) security (spoof attacks, adversarial attacks, template reconstruction attacks and demographic information leakage), iii) uncertainty over the bias and fairness of the systems to all users, iv) explainability of the seemingly black-box decisions made by most recognition systems, and v) concerns over data centralization and user privacy. In this paper, we provide an overview of each of the aforementioned open-ended challenges. We survey work that has been conducted to address each of these concerns and highlight the issues requiring further attention. Finally, we provide insights into how the biometric community can address core biometric recognition systems design issues to better instill trust, fairness, and security for all.
In this work, we present a general framework for building a biometrics system capable of capturing multispectral data from a series of sensors synchronized with active illumination sources. The framework unifies the system design for different biometric modalities and its realization on face, finger and iris data is described in detail. To the best of our knowledge, the presented design is the first to employ such a diverse set of electromagnetic spectrum bands, ranging from visible to long-wave-infrared wavelengths, and is capable of acquiring large volumes of data in seconds, which enabled us to successfully conduct a series of data collection events. We also present a comprehensive analysis on the captured data using a deep-learning classifier for presentation attack detection. Our analysis follows a data-centric approach attempting to highlight the strengths and weaknesses of each spectral band at distinguishing live from fake samples.
Fingerprint presentation attack detection is becoming an increasingly challenging problem due to the continuous advancement of attack preparation techniques, which generate realistic-looking fake fingerprint presentations. In this work, rather than relying on legacy fingerprint images, which are widely used in the community, we study the usefulness of multiple recently introduced sensing modalities. Our study covers front-illumination imaging using short-wave-infrared, near-infrared, and laser illumination; and back-illumination imaging using near-infrared light. Toward studying the effectiveness of each of these unconventional sensing modalities and their fusion for liveness detection, we conducted a comprehensive analysis using a fully convolutional deep neural network framework. Our evaluation compares different combinations of the new sensing modalities to legacy data from one of our collections, showing the superiority of the new sensing modalities. It also covers the cases of known and unknown attacks and the cases of intra-dataset and inter-dataset evaluations. Our results indicate that the power of our approach stems from the nature of the captured data rather than the employed classification framework, which justifies the extra cost for hardware-based (or hybrid) solutions. The portion of the dataset that is under the control of the authors is publicly released, along with the associated code.
Full-text available
Iris recognition technology has attracted an increasing interest since more than two decades in which we have witnessed a migration from laboratories to real-world applications. The deployment of this technology in real applications raises questions about the main vulnerabilities and security threats related to these systems. Presentation attacks can be defined as presentation of human characteristics or artifacts directly to the input of a biometric system trying to interfere with its normal operation. These attacks include the use of real irises as well as artifacts with different levels of sophistication. This chapter introduces iris presentation attack detection methods and its main challenges. First, we summarize the most popular types of attacks including the main challenges to address. Second, we present a taxonomy of presentation attack detection methods to serve as a brief introduction on this very active research area. Finally, we discuss the integration of these methods into iris recognition systems according to the most important scenarios of practical application.
Full-text available
The primary purpose of a fingerprint recognition system is to ensure a reliable and accurate user authentication, but the security of the recognition system itself can be jeopardized by spoof attacks. This study addresses the problem of developing accurate, generalizable, and efficient algorithms for detecting fingerprint spoof attacks. Specifically, we propose a deep convolutional neural network based approach utilizing local patches centered and aligned using fingerprint minutiae. Experimental results on three public-domain LivDet datasets (2011, 2013, and 2015) show that the proposed approach provides state-of-the-art accuracies in fingerprint spoof detection for intra-sensor, crossmaterial, cross-sensor, as well as cross-dataset testing scenarios. For example, in LivDet 2015, the proposed approach achieves 99.03% average accuracy over all sensors compared to 95.51% achieved by the LivDet 2015 competition winners. Additionally, two new fingerprint presentation attack datasets containing more than 20,000 images, using two different fingerprint readers, and over 12 different spoof fabrication materials are collected. We also present a graphical user interface, called Fingerprint Spoof Buster, that allows the operator to visually examine the local regions of the fingerprint highlighted as live or spoof, instead of relying on only a single score as output by the traditional approaches.
Full-text available
Systems based on deep neural networks have made a breakthrough in many different pattern recognition tasks. However, the use of these systems with traditional architectures seems not to work properly when the amount of training data is scarce. This is the case of the on-line signature verification task. In this work we propose novel writer-independent online signature verification systems based on Recurrent Neural Networks (RNNs) with a Siamese architecture whose goal is to learn a dissimilarity metric from pairs of signatures. To the best of our knowledge this is the first time these recurrent Siamese networks are applied to the field of on-line signature verification, which provides our main motivation. We propose both Long Short-Term Memory (LSTM) and Gated Recurrent Unit (GRU) systems with a Siamese architecture. In addition, a bidirectional scheme (which is able to access both past and future context) is considered for both LSTM- and GRU-based systems. An exhaustive analysis of the system performance and also the time consumed during the training process for each recurrent Siamese network is carried out in order to compare the advantages and disadvantages for practical applications. For the experimental work we use the BiosecurID database comprised of 400 users who contributed a total of 11,200 signatures in 4 separated acquisition sessions. Results achieved using our proposed recurrent Siamese networks have outperformed state-of-the-art on-line signature verification systems using the same database.
Full-text available
With the growing use of biometric authentication systems in the recent years, spoof fingerprint detection has become increasingly important. In this study, we use Convolutional Neural Networks (CNN) for fingerprint liveness detection. Our system is evaluated on the datasets used in The Liveness Detection Competition of years 2009, 2011 and 2013, which comprise almost 50,000 real and fake fingerprints images. We compare four different models: two CNNs pre-trained on natural images and fine-tuned with the fingerprint images, CCN with random weights, and a classical Local Binary Pattern approach. We show that pre-trained CNNs can yield state-of-the-art results with no need for architecture or hyperparameter selection. Dataset Augmentation is used to increase the classifiers performance, not only for deep architectures but also for shallow ones. We also report good accuracy on very small training sets (400 samples) using these large pre-trained networks. Our best model achieves an overall rate of 97.1% of correctly classified samples - a relative improvement of 16% in test error when compared with the best previously published results. This model won the first prize in the Fingerprint Liveness Detection Competition (LivDet) 2015 with an overall accuracy of 95.5% [1].
Full-text available
Nowadays, fingerprint biometrics is widely used in various applications, varying from forensic investigations and migration control to access control as regards security sensitive environments. Any biometric system is potentially vulnerable against a fake biometric characteristic, and spoofing of fingerprint systems is one of the most widely researched areas. The state-of-the-art sensors can often be spoofed by an accurate imitation of the ridge/valley structure of a fingerprint. An individual may also try to avoid identification by altering his own fingerprint pattern. This study is a survey of presentation attack detection methods for fingerprints, both in terms of liveness detection and alteration detection.
Conference Paper
Recently, as biometric technology grows rapidly, the importance of fingerprint spoof detection technique is emerging. In this paper, we propose a technique to detect forged fingerprints using contrast enhancement and Convolutional Neural Networks (CNNs). The proposed method detects the fingerprint spoof by performing contrast enhancement to improve the recognition rate of the fingerprint image, judging whether the sub-block of fingerprint image is falsified through CNNs composed of 6 weight layers and totalizing the result. Our fingerprint spoof detector has a high accuracy of 99.8% on average and has high accuracy even after experimenting with one detector in all datasets.
Fingerprint recognition systems are vulnerable to impersonation by fake or spoof fingerprints. Fingerprint liveness detection is a step to ensure whether a scanned fingerprint is live or fake prior to a recognition step. This paper presents a fingerprint liveness detection method based on a deep belief network (DBN). A DBN with multiple layers of restricted Boltzman machine is used to learn features from a set of live and fake fingerprints and also to detect the liveness. The proposed method is a systematic application of a deep learning technique, and does not require specific domain expertise regarding fake fingerprints or recognition systems. The proposed method provides accurate detection of the liveness with various sensor datasets collected for the international fingerprint liveness detection competition.
In this work, we revisit the global average pooling layer proposed in [13], and shed light on how it explicitly enables the convolutional neural network to have remarkable localization ability despite being trained on image-level labels. While this technique was previously proposed as a means for regularizing training, we find that it actually builds a generic localizable deep representation that can be applied to a variety of tasks. Despite the apparent simplicity of global average pooling, we are able to achieve 37.1% top-5 error for object localization on ILSVRC 2014, which is remarkably close to the 34.2% top-5 error achieved by a fully supervised CNN approach. We demonstrate that our network is able to localize the discriminative image regions on a variety of tasks despite not being trained for them