Abstract:
In recent years, there has been an increase in the availability and interest in using biometric sensors for authenticating users, but the potential for attacks on a system through the biometric sensor has limited the use of biometrics in applications which are unsupervised by an agent of the system owner, such as remote authentication over untrusted networks. Biometric data can be easily obtained directly from a person, online, or through existing databases and then used to create spoofs (or fakes) to mount an attack. The presentation of a biometric spoof (e.g. a facial image or video of a person on a tablet or a fake silicone or gelatin fingerprint) to a biometric sensor can be detected by methods broadly referred to as presentation attack detection, PAD.
The purpose of ISO/IEC 30107-1 is to provide a foundation for PAD through defining terms and establishing a framework through which presentation attack events can be specified and detected so that they can be categorized, detailed and communicated for subsequent decision making and performance assessment activities. This foundation is intended to not only introduce and frame the topics of presentation attacks and PAD but also to benefit other standards projects. This standard does not advocate a specific standard PAD method. The scope is limited to describing attacks that take place at the sensor during the presentation and collection of biometric characteristics.
There are two other parts of ISO/IEC 30107, under the general title Information Technology - Biometric presentation attack detection:
- Part 2:Data Formats
- Part 3: Testing and reporting.
Keywords:
Liveness, liveness detection, biometric liveness detection, spoof detection, biometric spoof, biometric spoof detection, fake, fake biometric, fake biometrics, arefact, artefact detection.
.