Security evaluation of biometric authentication systems under real spoofing attacks

Security evaluation of biometric authentication systems under real spoofing attacks

For access to this article, please select a purchase option:

Buy article PDF
(plus tax if applicable)
Buy Knowledge Pack
10 articles for £75.00
(plus taxes if applicable)

IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.

Learn more about IET membership 

Recommend to library

You must fill out fields marked with: *

Librarian details
Your details
Why are you recommending this title?
Select reason:
IET Biometrics — Recommend this title to your library

Thank you

Your recommendation has been sent to your librarian.

Multimodal biometric systems are commonly believed to be more robust to spoofing attacks than unimodal systems, as they combine information coming from different biometric traits. Recent work has shown that multimodal systems can be misled by an impostor even by spoofing only one biometric trait. This result was obtained under a ‘worst-case’ scenario, by assuming that the distribution of fake scores is identical to that of genuine scores (i.e. the attacker is assumed to be able to perfectly replicate a genuine biometric trait). This assumption also allows one to evaluate the robustness of score fusion rules against spoofing attacks, and to design robust fusion rules, without the need of actually fabricating spoofing attacks. However, whether and to what extent the ‘worst-case’ scenario is representative of real spoofing attacks is still an open issue. In this study, we address this issue by an experimental investigation carried out on several data sets including real spoofing attacks, related to a multimodal verification system based on face and fingerprint biometrics. On the one hand, our results confirm that multimodal systems are vulnerable to attacks against a single biometric trait. On the other hand, they show that the ‘worst-case’ scenario can be too pessimistic. This can lead to two conservative choices, if the ‘worst-case’ assumption is used for designing a robust multimodal system. Therefore developing methods for evaluating the robustness of multimodal systems against spoofing attacks, and for designing robust ones, remain a very relevant open issue.


    1. 1)
      • N.K. Ratha , J.H. Connell , R.M. Bolle . (2001) An analysis of minutiae matching strength’, Proc. Third Int. Conf. Audio- and Video-Based Biometric Person Authentication (AVBPA).
    2. 2)
      • J. Chirillo , S. Blaul . (2003) Implementing biometric security.
    3. 3)
      • Uludag, U., Jain, A.K.: `Attacks on biometric systems: A case study in fingerprints', Proc. SPIE – EI 2004, Security, Steganography and Watermarking of Multimedia Contents VI, 2004, p. 622–633.
    4. 4)
    5. 5)
      • Adler, A.: `Vulnerabilities in biometric encryption systems', Fifth Int. Conf. Audio- and Video-Based Biometric Person Authentication (AVBPA), 2005, p. 1100–1109, (LNCS, 3546).
    6. 6)
    7. 7)
    8. 8)
      • He, X., Lu, Y., Shi, P.: `A fake iris detection method based on fft and quality assessment', Chinese Conf. on Pattern Recognition, 2008, p. 316–319.
    9. 9)
      • B. Geller , J. Almog , P. Margot , E. Springer . A chronological review of fingerprint forgery. J. Forensic Sci. , 5 , 963 - 968
    10. 10)
      • Chakka, M.M., Anjos, A., Marcel, S.: `Competition on counter measures to 2-D facial spoofing attacks', Int. Joint Conf. on Biometrics (IJCB), 2011, p. 1–6.
    11. 11)
      • Johnson, P., Tan, B., Schuckers, S.: `Multimodal fusion vulnerability to non-zero effort (spoof) imposters', IEEE Int. Workshop on Information Forensics and Security (WIFS), December 2010, p. 1–5.
    12. 12)
    13. 13)
      • Kang, H., Lee, B., Kim, H., Shin, D., Kim, J.: `A study on performance evaluation of the liveness detection for various fingerprint sensor modules', Seventh Int. Conf. on Knowledge-Based Intelligent Information and Engineering Systems, 2003, p. 1245–1253.
    14. 14)
      • Coli, P., Marcialis, G.L., Roli, F.: `Vitality detection from fingerprint images: a critical survey', Int. Conf. on Biometrics (ICB), 2007, p. 722–731.
    15. 15)
    16. 16)
      • Marcialis, G.L., Lewicke, A., Tan, B.: `First Int'l fingerprint liveness detection competition – LivDet 2009', 15thInt. Conf. Image Analysis and Processing (ICIAP), 2009, p. 12–23, (LNC, 5716).
    17. 17)
      • Yambay, D., Ghiani, L., Denti, P., Marcialis, G.L., Roli, F., Schuckers, S.: `LivDet2011 – fingerprint liveness detection competition 2011', Fifth Int. Conf. on Biometrics (ICB), 2012, p. 1–6.
    18. 18)
    19. 19)
      • Kollreider, K., Fronthaler, H., Bigun, J.: `Verifying liveness by multiple experts in face biometrics', IEEE Computer Vision and Pattern Recognition Workshop on Biometrics, 2008, p. 1–6.
    20. 20)
      • Zhang, Z., Yi, D., Lei, Z., Li, S.Z.: `Face liveness detection by learning multispectral reflectance distributions', Int. Conf. on Automatic Face and Gesture Recognition, 2011, p. 436–441.
    21. 21)
      • Anjos, A., Marcel, S.: `Counter-measures to photo attacks in face recognition: a public database and a baseline', Int. Joint Conf. on Biometrics (IJCB), 2011, p. 1–7.
    22. 22)
    23. 23)
      • Rodrigues, R.N., Kamat, N., Govindaraju, V.: `Evaluation of biometric spoofing in a multimodal system', Int. Conf. Biometrics: Theory Applications and Systems (BTAS), 2010, p. 1–5.
    24. 24)
      • Biggio, B., Akhtar, Z., Fumera, G., Marcialis, G.L., Roli, F.: `Robustness of multi-modal biometric verification systems under realistic spoofing attacks', Int. Joint Conf. on Biometrics (IJCB), 2011, p. 1–6.
    25. 25)
      • S.A. Cole . (2001) Suspect identities – a history of fingerprinting and criminal identification.
    26. 26)
      • Putte, T., Keuning, J.: `Biometrical fingerprint recognition: Don't get your fingers burned', Fourth Working Conf. on Smart Card Research and Advanced Applications, 2000, p. 289–303.
    27. 27)
      • T. Matsumoto , H. Matsumoto , K. Yamada , S. Hoshino . Impact of artificial “gummy” fingers on fingerprint systems. Proc. SPIE – Opt. Sec. Counterfeit Deterrence Tech. IV , 275 - 289
    28. 28)
      • L. Thalheim , J. Krissler . Body check: biometric access protection devices and their programs put to the test. Comput. Mag. , 114 - 121
    29. 29)
      • Galbally, J., Cappelli, R., Lumini, A., Maltoni, D., Fierrez, J.: `Fake fingertip generation from a minutiae template', Int. Conf. on Pattern Recognition (ICPR), 2008, p. 1–4.
    30. 30)
    31. 31)
      • A.A. Ross , K. Nandakumar , A.K. Jain . (2006) Handbook of multibiometrics.
    32. 32)
    33. 33)
      • Akhtar, Z., Biggio, B., Fumera, G., Marcialis, G.L.: `Robustness of multi-modal biometric systems under realistic spoof attacks against all traits', IEEE Workshop on Biometric Measurements and Systems for Security and Medical Applications (BioMS), 2011, p. 5–10.
    34. 34)
      • Akhtar, Z., Fumera, G., Marcialis, G.L., Roli, F.: `Evaluation of multimodal biometric score fusion rules under spoof attacks', Fifth Int. Conf. on Biometrics (ICB), 2012, 1–6.

Related content

This is a required field
Please enter a valid email address