Abstract
Biometric vein recognition systems are vulnerable to presentation attacks. Traditionally, researchers have used a near-infrared (NIR) drawing of the user’s vascular bed to create a presentation attack instrument (PAI). This paper investigates the feasibility of using free software to capture a venous pattern of the hand without NIR under normal lighting conditions and to create a PAI on biometric systems based on the obtained data. The authors compare the effectiveness of presentation attacks conducted using “classical” PAI – a printed image of the user’s vascular bed obtained in the NIR range, a cropped version of the “classical” PAI pasted on the attacker’s hand, and a PAI generated from data obtained from a smartphone. The study showed that it is not only possible to covertly acquire the venous pattern of the dorsal part of the hand in vivo with available equipment but also to create artifacts based on this data that can traverse the biometric system, with a successful attack possible in 65.5% of attempts.
Similar content being viewed by others
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.Avoid common mistakes on your manuscript.
1 Introduction
Modern biometric systems are actively integrated into all areas of human activity, are easy to use, and provide high-security solutions. They have gone from a futuristic technology to a practical tool used in various everyday tasks. Biometric identification technologies are being actively introduced in many countries worldwide, and Russia is no exception.
Over the past five years, Russia has seen a real boom in biometric technology. For example, since 2019, the Moscow metro has had a biometric system, “FacePay” [1], which allows paying the fare by the modality of facial geometry. By the end of 2022, the system registered more than 220 thousand passengers, and the number of trips paid by the system in 2022 amounted to 32 million. Biometrics are also being introduced at the state level. For example, since 2018 the state digital platform for storing biometric samples of Russians has been established as the “Unified Biometric System” (UBS) [2], similar in purpose to India’s AADHAAR biometric system (1.3 billion users [3]). By proving your identity to UBS, you can access several hundred digital services, such as opening a bank account, applying for a loan, or getting a notary service.
Today, UBS is a multimodal biometric system based on facial geometry and voice modality. This combination of modalities is positioned as robust by the developers, but data in the scientific literature show that both the facial geometry [4,5,6,7] and voice sound [8,9,10,11] modalities used are vulnerable to presentation attacks (PA).
For example, facial geometry-based biometric systems are vulnerable to the following types of artifacts: Printed photo attack, looped video attack, 2D/3D masks [12,13,14,15,16,17,18,19] or synthesized digital artifacts (used in different types of attacks) [20].
Biometric systems based on the voice modality are attacked by presenting the biometric sensor with recordings of a legitimate user’s voice samples (replay attack [21]), either recordings of the user’s synthesized voice (speech synthesis attack [22]), or the attacker’s speech is converted into the user’s speech (Voice Conversion attack [23]), or even the intonation of the user’s speech is imitated by the attacker [24].
In late 2021, the developer announced its intention to add a palm vein pattern to the UBS as an additional biometric modality. This is to provide a level playing field for customers who have difficulty speaking, including those with hearing and speech difficulties, for various reasons. Several factors contributed to the choice of this modality by the developers of the UBS. Firstly, its universality, as the venous pattern in the hand, is familiar to most people. This modality’s high degree of representativeness allows the venous pattern to be used as a unique identifier. This modality is persistent as the venous pattern is thought to change slightly over time [25]. In addition, this modality can be considered a non-contact method, ensuring a high level of hygiene during possible pandemics.
One of the significant advantages of vascular arm biometrics is rightly considered to be the inaccessibility of the user’s biometric characteristics. Veins are protected by the skin, poorly visible in natural light, and only visible in near-infrared light, making it difficult for an intruder to covertly acquire biometric characteristics. In addition, unlike fingerprints, veins cannot be captured passively, for example, by scraping them off the surface of objects. This is a significant advantage of this biometric.
However, several studies strongly suggest that the vascular bed can be imaged without near-infrared illumination. For example, in [26,27,28,29,30] the venous pattern is visualised from RBG images and in [31, 32] the hyperspectral image is used. The development of these techniques will allow an attacker to covertly obtain the user’s vascular pattern.
This paper analyses how secure “venous biometrics” is. The issues of obtaining the user’s vascular bed in the visible spectrum and using widely available equipment (mobile phone camera) are considered. The possibility of creating biometric presentation attack tools (PAI) from smartphone data is investigated. In addition, the effectiveness of the obtained PAI in simulating a biometric presentment attack (PA) is investigated.
2 Overview of the vulnerability of biometric systems based on the modality of the vascular pattern of the hand
With the increasing popularity of biometric authentication methods, protecting these systems from potential attacks by intruders has become critical. Studies have shown that biometric systems based on iris modalities [33,34,35,36,37,38,39], fingerprints [40,41,42,43,44,45] or palm prints [46,47,48] are vulnerable to spoofing attacks in which an artifact—an artificially created copy of a body part (photo, 3D model, etc.)—is presented to the biometric sensor.
To better understand the nature of spoofing, it is advisable to consider the biometric system and the attack process within the “black box” model shown in Fig. 1.
Schematic representation of a black box model (the attack is carried out on the model input)
This model assumes that we only know the input and output values of the system, while the internal structure, the number of subsystems and the processes running in them are irrelevant in the context of our problem. This approach simplifies the illustration of the spoofing process as much as possible without the need to study and describe the work of individual subsystems.
Let’s consider a simplified scheme of a biometric system and an attack on it within the framework of the chosen model. The functioning of the “black box” is divided into three stages: in the first stage, the system receives input parameters; in the second stage, the received parameters are processed by subsystems; in the third stage, the system responds. In the context of biometric systems, this model works as follows: at the input of the system, a biometric identifier of the user is received, the output is the response of the classifier of the system—whether the identifier is registered in the system or not. Since, in our case, we are considering the spoofing of the biometric sensor, i.e., the entry point into the “black box”, the processing of the biometric identifier is not crucial for us, the task is reduced to the selection of such input parameters at which the classifier will recognize the presented sample as a legitimate user after passing all stages of processing in the system (see Fig. 2). The spoofing process does not affect the operation of any subsystem of the biometric system.
General scheme of the biometric system using the dorsal palm vein modality (dotted line indicates a spoofing attack)
Obviously, for a successful attack, it is necessary to produce a PAI that is as close as possible to the biometric characteristics of the registered user of the system.
A simplified scenario of the spoofing attack can be presented as follows:
-
the attacker carries out a passive or active collection of the biometric characteristics of the user of interest (taking fingerprints from a glass or collecting photos of the user’s face on social networks);
-
the type of attack is determined (photo attack, video attack);
-
the PAI is produced based on the type of attack (for example, a facial photo or perhaps even a 3D mask);
-
a direct attempt is made to spoof the biometric sensor.
With the venous modality, things are much more complicated. It is currently complicated to obtain quality visualization of the venous network passively without NIR illumination. Numerous attempts have been made to obtain vascular patterns from visible spectrum images, but visualization quality is much worse than in NIR images [29, 30].
In the known works,spoofing of biometric systems has been carried out by the following types of attacks (see Fig. 3):
-
Printed photo attack—this type of attack uses a paper-printed NIR image of a vascular pattern on which the contours of the vessels are enhanced with a permanent marker; two applications are known:
-
standalone image—a sheet of paper with a NIR image of the vessel pattern [49,50,51,52];
-
as part of the artificial artifact—the PAI was made either as a silicone/waxed replica of the finger, with a “paper copy” of the user’s vascular pattern placed inside, obtained in IR [52,53,54], either a rubber glove containing a drawn vascular pattern or a section of “paper veins” [55] or a third object [56] (such as a bottle) onto which the image of the vascular pattern obtained in NIR is transferred.
-
-
Screen photo attack—the sensor is attacked by showing the NIR image of the vessel pattern from the smartphone screen [57, 58];
-
Video attack—Spoofing is performed by showing a looping video recorded in the NIR range from the smartphone screen [58]; this artifact allows overcoming the protection based on determining the presence of the sample pulse by analyzing the video fragment; the authors suggest an additional type of attack—digital artifact attack—in which the PAI is also produced in or as a silicone or wax replica of the finger, but with a morphed NIR image of the vascular pattern placed inside [53]. The morphing process combines two NIR images of the vascular pattern and the biometric features they contain into a single image containing both images’ features simultaneously. This means the system correctly identifies both when a user is enrolled in the biometric system using the morphed image.
Thus, after reviewing the few works [49,50,51] on assessing the vulnerability of biometric systems using the hand vein modality to spoofing attacks, and the artifacts described for this modality, we can conclude that the proposed techniques are not possible to apply in an actual attack. Because the process of PAI production in these studies is reduced to printing an image of the veins (palm [50], finger [49, 51]) obtained on the same equipment and under the same conditions as the registration of the real user in the system, then presenting this PAI to the biometric scanner.
Of particular interest are the works [58, 61] in which, unlike all the previously considered works [49,50,51,52], the artifact was produced independently by photographing the hand in the NIR range with a smartphone camera. However, despite using third-party equipment, the research was conducted under laboratory conditions.
An attack under artificially created favorable conditions is unlikely. Therefore, it is necessary to consider the attack scenarios closest to the real one, in which the user’s vein pattern is captured with third-party equipment outside the NIR illumination, PAI is produced based on the obtained data, and the attack is simulated with the obtained artifact.
3 Studying the possibility of creating artifacts without specialized equipment
The special significance of [60] for open research projects is that a conventional smartphone was used for obtaining a venous pattern (albeit with minor modifications). This circumstance, together with the further development of mobile technologies and the availability of imaging algorithms, jeopardizes one of the main features of vascular scanning—the impossibility of secretly obtaining user identification data.
More recently, researchers developed and tested an authentication method [61] based on the wrist venous pattern using standard smartphone front cameras (Xiaomi Pocophone F1 and Xiaomi Mi 8) [62]. This means that in the near future, similar algorithms and methods will be employed to steal user identification data. Since the hardware used in the experiment is readily accessible and does not require any modification, we can conclude that this technology will be available to intruders in the future on a mass scale.
It is already possible to capture a venous pattern image without any specialized equipment. For example, the free software package “IRVeinViewer” [63] enables vascular recognition using a standard smartphone camera. Figure 4 shows an example of the resulting image and the stages of its processing before feature extraction. The photo was taken by the main camera of the Xiaomi Redmi Note 10 phone in natural light, the distance of the camera to the object is 15 cm. The subsequent image processing was carried out using the Python programming language.
An example of a venous pattern capture with the IRVeinViewer program and the results of image processing prior to feature extraction
The venous pattern in the image is easily distinguishable (Fig. 4). By adjusting image capture conditions and determining image filter parameters, we can potentially obtain the venous pattern image to be authenticated. Thus, the impossibility of obtaining a venous pattern in the visible light spectrum is called into question. We were able to visualize veins without an IR camera, but how close is this image to an IR sample, and is it possible to create an artifact from the acquired data?
4 Layout of the hardware-software test bench for attack simulation
At the first stage of the study we experimentally tested the possibility of capturing a hand vascular pattern without using an IR camera. The objective was to utilize off-the-shelf equipment, e.g. smartphone camera software. It was assumed that the hand dorsal images would be captured under identical conditions.
-
IR camera for control images;
-
Xiaomi Redmi Note 10 camera and the IRVeinViewer software [63].
After that images were to be processed and improved by filtering using scikit-image library in Python. Based on the similarity of the resulting images, a conclusion would be made with regard to the possibility of creating an artifact for a biometric system attack. Identical conditions for capturing venous pattern using both methods would be enabled by a software and hardware complex that included (Fig. 5):
-
Linux OS laptop running Linux;
-
A case, where a smartphone, an IR camera, and additional IR LED illumination can be mounted.
Generalized image of the prototype of the software and hardware complex
5 Comparative analysis of venous pattern images captured in the normal light with regard to their applicability for attacks on biometric systems.
To determine the applicability of a vascular pattern captured with a standard smartphone camera for an attack on a biometric system, we compared the resulting image of the area of interest with the reference IR camera image. The degree of similarity of the two images would clearly demonstrate if smartphone images of the venous pattern can be used to manufacture an artifact.
The reference image was captured with an IR camera illuminated by 840 nm IR LEDs. Features were extracted for a given individual using sequential image processing, selection of the area of interest, binarization, and skeletonization (Fig. 6).
An example of processing an image obtained in the IR range
On the same hardware-software test brench, we install a smartphone instead of the IR camera, switch off the external IR illumination and visualise the venous network of the hand using the software complex “IRVeinViewer” [63] under conditions of visible spectrum. The obtained image contains unnecessary information: advertising banners and control buttons of the “IRVeinViewer” programme. Let’s crop the image in the metacarpal area (from the wrist to the fingers). No filters are applied to the resulting image as was done with the reference IR image. The area of interest is selected and the image is cropped within its boundaries (Fig. 7).
An example of selecting an area of interest from an image obtained by a smartphone camera
To make a comparison, it is sufficient to check the degree of similarity of images in the area of interest before the feature extraction stage. We compared the areas of interest of the reference and captured images (Fig. 8).
Visual comparison of the areas of interest of the captured images
Visually, the areas of interest were very similar, however, the images possessed light (orange) and shadow (red) areas. We improved the display of the venous pattern in the smartphone image by applying the Sobel filter [64] and compared the areas of interest using SIFT method [66, 67].
SIFT showed a match at singular points (Fig. 9). Thus, we could make a preliminary conclusion that a venous pattern of adequate (after processing) quality for an attack on biometric systems can be captured without any specialized equipment.
SIFT method of the areas of interest: on the left the image obtained by the infrared camera, on the right the image obtained by the IRVeinViewer software package
At the first stage of the study, we showed the degree of similarity of the hand dorsal vein pattern captured with the IRVeinViewer software package [63] using a standard smartphone camera and a reference IR camera image. The comparison results showed that the visually the images are close. Next, we made an artifact from the smartphone camera images of the hand dorsal venous pattern and simulated a spoofing attack on the biometric system based on this modality.
6 Implementation of methods for making attack instruments.
As a test data set, 520 images of the venous pattern of the dorsal parts of the hand of the right and left hands were captured with the IRVeinViewer (smartphone images) from 52 subjects (gender distribution in Table 1). The age range was not very wide, because the subjects in the survey were university students. At this stage, samples of venous patterns obtained from older people were not included in the survey. The focus was on university students as the most active users of modern technologies including biometrics.
For each subject, control images of the venous pattern were taken with an IR camera, after that the participants were registered in the biometric system as different users according to the venous patterns of the left and right hands.
Since the skin optical properties and the depths of the veins differ from individual to individual, samples must be carefully selected in order to manufacture attack instruments. Out of the 520 images, 104 images were first selected for the manufacture of the attack instrument, and then additional 37 that showed a partial venous pattern and were used for further experiments. The Fig. 10 shows examples of the images used.
Image samples taken without NIR illumination were used to generate PAI
Making an attack instrument for penetration testing is a process that requires creative approach and deep theoretical understanding of the system mechanisms. In a spoofing attack a biometric scanner is presented with an artificially created copy of the authentication data of a legitimate user. Other subsystems of the biothermal system are not affected. The logic of the algorithms used in the system also does not change.
When conducting penetration testing and studying the resistance of biometric systems to attacks of this kind, it is necessary to understand in advance if the scanner can detect a biometric presentation attack by itself, and account for this possibility. Therefore, one of the PAIs must be created with the view of bypassing the built-in liveness detection system (the most popular protection system).
Analysis of scientific papers on the resistance of hand vascular biometric to spoofing [49,50,51, 56, 61, 68], shows that successful attacks on the biometric scanner were carried out either using a laser printed artifact [49,50,51], or a venous pattern image of a smartphone screen [60].
In a slightly different approach in [56]; an NIR vascular image printed on a laser printer was transferred onto the attacker’s hand.
A pool of artifacts for penetration testing was prepared for the experiment. To improve the quality of attack instruments, NIR images were preprocessed according to the following procedure [49,50,51]:
-
apply histogram equalization, Gaussian filter and adjust the white balance to significantly improve the quality of the original image;
-
scale the image to the size of a real palm;
-
add a black frame 1 cm wide, enhance the outlines of blood vessels in the image by filtering;
-
print out the image on white paper.
In order to produce artefacts that will evade the liveness detection systems, we process the image using the above algorithm, print the image on a laser printer, crop the image to the boundaries of the metacarpal area and stick the resulting artefact onto the dorsal portion of the attacker’s hand. If the biometric system is equipped with a liveness detection subsystem, such as one that measures the temperature of a sample, an ordinary piece of paper would be detected as a spoofing attempt, while the attacker’s proposed artefact would pass the test.
Figure 11, an example of an artifact for attack on a sensor with an aliveness detection feature is shown in Fig. 12.
An example of a printed PAI
An example of a PAI transferred to the attacker’s hand
To make an artifact based on the data captured by a smartphone camera, we only used the area of interest. The image in the original form could not be used, so we edited it leaving only the blood vessel outlines, then enhanced the contrast of these outlines (Fig. 13). Then we scaled the drawing to the actual size, printed it out on standard 180 g/m2 office paper, and attached the final image cutout onto the attacker’s hand.
Pre-processing of the image of blood vessels captured by a smartphone camera
Thus, using data from the available scientific literature, as well as our own methods, the PAI pool was compiled for penetration testing and assessing the resistance of vascular biometric authentication systems to spoofing attacks.
7 Results and discussion
The aim of the preliminary stage was to identify effective attack instruments based on smartphone camera images. For this purpose, spoofing instruments were created using the data in the areas of interest in all 37 samples. These instruments were printed on a laser printer, the area of interest was cut out, attached to the attacker’s hand, and presented to the biometric scanner. Each sample was presented to the biometric system 10 times. The applicability condition was for a sample to penetrate the biometric system at least once. Out of 37 samples, 9 items (24.32%) were selected for further tests (Table 2).
The system was tested for PA resistance to the following algorithm, which involved presenting to the scanner:
-
the user’s hand (upper dorsal part);
-
PAI printout on paper (paper PAI);
-
paper artifact scaled to the size of the palm and attached to the researcher’s hand (paper on the hand);
-
PAI made from data captured by a smartphone camera, scaled and attached to the researcher’s hand (smartphone PAI).
After going through all stages for one sample, the cycle was repeated for the next one. A total of 10 cycles were performed for each subject. The results of the first stage of testing are shown in Fig. 14.
Results of the first stage of testing (all PAIs in their original form)
The first stage of experiment produced the following outcomes: most attack attempts with conventional artifacts (76% for paper PAI and 71% for paper on the hand PAI) yielded positive results. For the smartphone camera PAI, the percentage of positive attempts was 33%. This is due to the careful selection of image samples captured by the IRVeinViewer software package at the preliminary stage.
The second stage was carried out after software enhancement of the images used for PAI. In particular, the image histograms were improved and optimal contrast values were selected. As a result, vascular pattern was displayed more clearly. For smartphone camera images, all details except for the veins were removed in the graphics editor. In addition, 160 g/m2 office paper was used to print all types of artifacts.
After the necessary improvements were made, the second stage of testing was carried out according to the method described above. The results of the second stage of testing are shown in Fig. 15.
Results of the second stage of testing (histogram and contrast of images are improved by software, PAI uses 160 g/m.2 paper for printing)
In the second phase of the test, after software enhancement of the vein image contrast, the samples showed an increase in the number of successful spoofing attempts.
The third stage of testing was carried out after enhancing the outlines of the venous pattern on PAI images with a permanent marker. It was established [50, 51] that the coloring agent in the marker pigment, perfectly absorbs NIR light, which makes the resulting image of the vascular pattern particularly high-contrast. In this experiment, we used 200g/m2 office paper for printing PAI as per the method in [51]. The results of the third stage are shown in Fig. 16.
Results of the third stage of testing (use a permanent marker to improve the contrast of the venous pattern, print PAI on paper with a density of 200 g/m.2)
The results of the third stage showed an increase in the number of successful authorization attempts for all types of artifacts used in testing.
Comparative results for all test stages are shown in Fig. 17.
The results of the three stages of testing
After three stages of testing and with additional enhancement of the venous pattern image, the number of negative attempts decreased from 24 (26.66%) to 18 (20%) for the paper artifact and from 29 (32.2%) to 20 (22.22%) for the paper on the hand artifact (Fig. 13). This result means successful spoofing of the system, given that the standard security policy of information systems requires the account to be blocked after three to five unsuccessful authorization attempts. We believe that the successful attempts to spoof the scanner with a smartphone PAI 33 (36.6%) attempts out of 90 at the 1st, 42 (46.6%) at the second and 59 (65.5%) at the third stages) are due to the careful selection of samples of images of the venous pattern captured by a smartphone camera. Cleaning the area of interest in a graphics editor, enhancing the contrast of the venous pattern using a permanent marker, and using office paper with higher density can increase the attack success by 78.8% (from 33 at the first stage to 59 at the third stage).
8 Conclusions
In the present work, we have compiled a pool of PAI based on data from open source and scientific literature, as well as our own methodology. These PAI were used in penetration testing and assessing the resistance of biometric vascular authentication systems to spoofing attacks. We created artifacts as per existing methodology and a new type of artifact based on data captured by a smartphone camera according to our own methodology.
The study showed that it is not only possible to secretly obtain a hand dorsal venous pattern in real-world conditions with available equipment, but also to create artifacts based on these data that can overcome the biometric system. The results demonstrate serious risks for biometric systems based on the modality of the vein pattern.
Testing for system resistance to spoofing was conducted in three stages. The methods of creating PAI were improved. Two types of conventional artifacts were able to spoof a biometric system successfully. An artifact created with the data captured by a smartphone camera was effective in 65.5% of attempts.
However, as the test data set did not contain any smartphone camera images of the venous pattern of people with a different skin color or an older age, a significant expansion of the sample is planned for the next stage of the study.
Since the PAI created in this paper is based on a “paper copy” of the user’s vein pattern, which is well-known to researchers, detecting this type of PAI does not appear problematic. However, in order to improve the security of biometric hand vein recognition systems, the authors recommend, for example, using an autoregressive model-based PA detection method, which demonstrates an artifact detection rate of 99% [68].
Change history
12 August 2023
A Correction to this paper has been published: https://doi.org/10.1007/s11416-023-00496-9
References
FacePay [Electronic Resource]. https://ru.wikipedia.org/wiki/ FacePay (visited on 04/19/2023).
Unified Biometric System: new stage of development [Electronic Resource]. 2023. https://www.cbr.ru/eng/press/event/?id=9413 visited on 04/19/2023.
Singhal, S.K.: Security analysis of aadhaar authentication process and way forward. In: 2021 3rd International Conference on Advances in Computing, Communication Control and Networking (ICAC3N). IEEE, 2021. 1304–1307. https://doi.org/10.1109/icac3n53548.2021.9725391.
Liu, A., Zhao, C., Yu, Z., Wan, J., Su, A., Liu, X., Zhang, D.: Contrastive context-aware learning for 3d high-fidelity mask face presentation attack detection. IEEE Trans. Inf. Forens. Security 17, 2497–2507 (2022). https://doi.org/10.1109/tifs.2022.3188149
Kulikov, A.A.: Application of biometric systems in face identification technologies. Russ. Technol. J. 9(3), 7–14 (2021). (In Russ.) https://doi.org/10.32362/2500-316X-2021-9-3-7-14
Lin, J.D., Lin, H.H., Dy, J., Chen, J.C., Tanveer, M., Razzak, I., Hua, K.L.: Lightweight face anti-spoofing network for telehealth applications. IEEE J. Biomed. Health Inform. 26(5), 1987–1996 (2021). https://doi.org/10.1109/jbhi.2021.3107735
Birla, L., Gupta, P.: PATRON: Exploring respiratory signal derived from non-contact face videos for face anti-spoofing. Exp. Syst. Appl. 187, 115883 (2022). https://doi.org/10.1016/j.eswa.2021.115883
Wu, H., Kuo, H. C., Zheng, N., Hung, K. H., Lee, H. Y., Tsao, Y., Meng, H.: Partially fake audio detection by self-attention-based fake span discovery. In: ICASSP 2022–2022 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP). IEEE, 9236–9240 (2022). https://doi.org/10.1109/icassp43922.2022.9746162.
Gonzalez-Soler, L. J., Gomez-Barrero, M., Kamble, M., Todisco, M., Busch, C.:Dual-stream temporal convolutional neural network for voice presentation attack detection. In: 2022 International Workshop on Biometrics and Forensics (IWBF). IEEE, 2022. 1–6. https://doi.org/10.1109/iwbf55382.2022
Zaidi, S.F.A., Xu, L.: Implementation of multiple feature selection algorithms for speech spoofing detection. J. Phys. Conf. Ser.. 2224(1), 012119 (2022). https://doi.org/10.1088/1742-6596/2224/1/012119
Yan, C., Ji, X., Wang, K., Jiang, Q., Jin, Z., Xu, W.: A survey on voice assistant security: Attacks and countermeasures. ACM Comput. Surv. 55(4), 1–36 (2022). https://doi.org/10.1145/3527153
George, A., Mostaani, Z., Geissenbuhler, D., Nikisins, O., Anjos, A., Marcel, S.: Biometric face presentation attack detection with multi-channel convolutional neural network. IEEE Trans. Inf. Forensics Secur. 15, 42–55 (2019). https://doi.org/10.1109/tifs.2019.2916652
Chen, H., Hu, G., Lei, Z., Chen, Y., Robertson, N.M., Li, S.Z.: Attention-based two-stream convolutional networks for face spoofing detection. IEEE Trans. Inf. Forensics Secur. 15, 578–593 (2019). https://doi.org/10.1109/tifs.2019.2922241
Zhang, S., Liu, A., Wan, J., Liang, Y., Guo, G., Escalera, S., Li, S.Z.: Casia-surf: A large-scale multi-modal benchmark for face anti-spoofing. IEEE Trans. Biometrics Behav. Identity Science 2(2), 182–193 (2020). https://doi.org/10.1109/tbiom.2020.2973001
Sun, W., Song, Y., Chen, C., Huang, J., Kot, A.C.: Face spoofing detection based on local ternary label supervision in fully convolutional networks. IEEE Trans. Inf. Forensics Secur. 15, 3181–3196 (2020). https://doi.org/10.1109/tifs.2020.2985530
Yu, Z., Wan, J., Qin, Y., Li, X., Li, S.Z., Zhao, G.: NAS-FAS: Static-dynamic central difference network search for face anti-spoofing. IEEE Trans. Pattern Anal. Mach. Intell. 43(9), 3005–3023 (2020). https://doi.org/10.1109/tpami.2020.3036338
Wang, G., Han, H., Shan, S., Chen, X.: Unsupervised adversarial domain adaptation for cross-domain face presentation attack detection. IEEE Trans. Inf. Forensics Secur. 16, 56–69 (2020). https://doi.org/10.1109/tifs.2020.3002390
George, A., Marcel, S.: Learning one class representations for face presentation attack detection using multi-channel convolutional neural networks. IEEE Trans. Inf. Forensics Secur. 16, 361–375 (2020). https://doi.org/10.1109/tifs.2020.3013214
Cai, R., Li, H., Wang, S., Chen, C., Kot, A.C.: DRL-FAS: A novel framework based on deep reinforcement learning for face anti-spoofing. IEEE Trans. Inf. Forensics Secur. 16, 937–951 (2020). https://doi.org/10.1109/tifs.2020.3026553
Neves, J.C., Tolosana, R., Vera-Rodriguez, R., Lopes, V., Proença, H., Fierrez, J.: Ganprintr: Improved fakes and evaluation of the state of the art in face manipulation detection. IEEE J. Sel. Top. Signal Process. 14(5), 1038–1048 (2020). https://doi.org/10.1109/jstsp.2020.3007250
Yoon, S.H., Koh, M.S., Park, J.H., Yu, H.J.: A new replay attack against automatic speaker verification systems. IEEE Access 8, 36080–36088 (2020). https://doi.org/10.1109/access.2020.2974290
Oord, A., Li, Y., Babuschkin, I., Simonyan, K., Vinyals, O., Kavukcuoglu, K., Hassabis, D.: Parallel wavenet: Fast high-fidelity speech synthesis. In: J. Dy, A. Krause (eds) Proceedings of the 35th International Conference on Machine Learning. PMLR, vol. 80, pp. 3918–3926 (2018).
Jannati, M.J., Sayadiyan, A.: Part-syllable transformation-based voice conversion with very limited training data. Circ. Syst. Signal Process. 37, 1935–1957 (2018). https://doi.org/10.1007/s00034-017-0639-x
Wu, Z., Evans, N., Kinnunen, T., Yamagishi, J., Alegre, F., Li, H.: Spoofing and countermeasures for speaker verification: a survey. Speech Commun. 66, 130–153 (2015)
Hawkes, P. L., Clayden, D.O.: Veincheck research for automatic identification of people. In: Hand and Fingerprint Seminar at NPL, pp. 230–236 (1993).
Cho, S., Oh, B.S., Toh, K.A., Lin, Z.: Extraction and cross-matching of palm-vein and palmprint from the RGB and the NIR spectrums for identity verification. IEEE Access 8, 4005–4021 (2019). https://doi.org/10.1109/access.2019.2963078
Tang, C., Yuan, Y., Xia, S., Ma, G., Wang, B.: Visualizing veins from color skin images using convolutional neural networks. J. Innov. Opt. Health Sci. 13(04), 2050020 (2020). https://doi.org/10.1142/s1793545820500200
Cho, S., Oh, B.S., Kim, D., Toh, K.A.: Palm-vein verification using images from the visible spectrum. IEEE Access 9, 86914–86927 (2021). https://doi.org/10.1109/access.2021.3089484
Jia, R., Tang, C., Wang, B.: Visualizing veins from color images under varying illuminations for medical applications. J. Biomed. Opt. 26(9), 096006–096006 (2021). https://doi.org/10.1117/1.jbo.26.9.096006
Tang, C., Zhang, Y., Han, L., Chen, X.: Vein pattern recognition based on RGB images using Monte Carlo simulation and ridge tracking. J. Forensic Sci. 67(3), 1002–1020 (2022). https://doi.org/10.1111/1556-4029.15002
Hashimoto, N., Murakami, Y., Bautista, P.A., Yamaguchi, M., Obi, T., Ohyama, N., Kosugi, Y.: Multispectral image enhancement for effective visualization. Opt. Exp. 19(10), 9315–9329 (2011). https://doi.org/10.1364/oe.19.009315
Peng, M., Wang, C., Chen, T., Liu, G.: A methodology for palm vein image enhancement and visualization. In: 2016 IEEE International Conference of Online Analysis and Computing Science (ICOACS), IEEE (2016). https://doi.org/10.1109/icoacs.2016.7563048.
Chen, C., Ross, A:. An explainable attention-guided iris presentation attack detector. In: 2021 IEEE Winter Conference on Applications of Computer Vision Workshops (WACVW), pp. 97–106 (2021). https://doi.org/10.1109/wacvw52041.2021.00015.
Rani, S., Gowroju, S., Kumar, S.: IRIS based recognition and spoofing attacks: A review. In: 2021 10th International Conference on System Modeling & Advancement in Research Trends (SMART), IEEE, pp. 2–6 (2021). https://doi.org/10.1109/smart52563.
Fang, M., Damer, N., Boutros, F., Kirchbuchner, F., Kuijper, A.: Iris presentation attack detection by attention-based and deep pixel-wise binary supervision network. In: 2021 IEEE International Joint Conference on Biometrics (IJCB). IEEE, pp. 1–8 (2021). https://doi.org/10.1109/ijcb52358.2021.
Choudhary, M., Tiwari, V., & Venkanna, U.: Iris presentation attack detection for mobile devices. In: Information and Communication Technology for Competitive Strategies (ICTCS 2020). Springer Nature Singapore, pp. 1165–1173 (2021)
Czajka, A.: Is that eye dead or alive? Detecting new iris biometrics attacks. Biometric Technol. Today. 2021(5), 9–12 (2021). https://doi.org/10.1016/s09694765(21)00060-6
Fang, Z., Czajka, A., Bowyer, K.W.: Robust iris presentation attack detection fusing 2d and 3d information. IEEE Trans. Inf. Forensics Secur. 16, 510–520 (2020). https://doi.org/10.1109/tifs.2020.3015547
Thukral, A., Kumar, M.: IRIS spoofing through print attack using SVM classification with gabor and HOG features. In: 2022 International Conference for Advancement in Technology (ICONAT). IEEE, pp. 1–6 (2022). https://doi.org/10.1109/iconat53423.
Kolberg, J., Gläsner, D., Breithaupt, R., Gomez-Barrero, M., Reinhold, J., Von Twickel, A., Busch, C.: On the effectiveness of impedance-based fingerprint presentation attack detection. Sensors 21(17), 5686 (2021). https://doi.org/10.3390/s21175686
Karampidis, K., Rousouliotis, M., Linardos, E., Kavallieratou, E.: A comprehensive survey of fingerprint presentation attack detection. J. Surveill. Secur. Saf. 2(4), 117–161 (2021)
Sharma, D., Selwal, A.: An intelligent approach for fingerprint presentation attack detection using ensemble learning with improved local image features. Multimedia Tools Appl. 81(16), 22129–22161 (2022). https://doi.org/10.1007/s11042021-11254-8
Zhang, W., Liu, H., Liu, F.: Fingerprint presentation attack detection by learning in frequency domain. In: 2021 IEEE 2nd International Conference on Pattern Recognition and Machine Learning (PRML). IEEE, pp. 183–189 (2021). https://doi.org/10.1109/prml52754.2021.9520694.
Liu, H., Zhang, W., Liu, F., Wu, H., Shen, L.: Fingerprint presentation attack detector using global-local model. IEEE Trans. Cybernet. 52(11), 12315–12328 (2021). https://doi.org/10.1109/tcyb.2021.3081764
Husseis, A., Liu-Jimenez, J., Sanchez-Reillo, R.: Fingerprint presentation attack detection utilizing spatio-temporal features. Sensors 21(6), 2059 (2021). https://doi.org/10.3390/s21062059
Wang, F., Leng, L., Teoh, A.B.J., Chu, J.: Palmprint false acceptance attack with a generative adversarial network (GAN). Appl. Sci. 10(23), 8547 (2020). https://doi.org/10.3390/app10238547
Ahram, T., Karwowski, W., Vergnano, A., Leali, F., Taiar, R.: intelligent human systems integration. Springer International Publishing, Berlin, (2020). https://doi.org/10.1007/978-3-030-39512-4
Sun, Y., Leng, L., Jin, Z., Kim, B.G.: Reinforced palmprint reconstruction attacks in biometric systems. Sensors 22(2), 591 (2022). https://doi.org/10.3390/s22020591
Tome P., Vanoni M., Marcel S.: On the vulnerability of finger vein recognition to spoofing. In: 2014 International Conference of the Biometrics Special Interest Group (BIOSIG), pp. 1–10 (2014)
Tome P., Marcel S.: On the vulnerability of palm vein recognition to spoofing attacks. In: Proceedings of 2015 International Conference on Biometrics, ICB 2015, IEEE, pp. 319–325 (2015). https://doi.org/10.1109/icb.2015.7139056.
Tome, P., Raghavendra, R., Busch, C., Tirunagari, S., Poh, N., Shekar, B.H., Marcel, S.: The 1st competition on counter measures to finger vein spoofing attacks. In: 2015 International Conference on Biometrics (ICB), IEEE, 2015, pp. 513– 518 (2015). https://doi.org/10.1109/icb.2015.7139067.
Debiasi, L., Kauba, C., Hofbauer, H., Prommegger, B., Uhl, A.: Presentation attacks and detection in finger-and hand-vein recognition. In: Proceedings of the Joint Austrian Computer Vision and Robotics Workshop 2020 (The Joint Austrian Computer Vision and Robotics Workshop (OAGM and ARW Workshop)). Verlag der Technischen Universit¨at Graz, Graz, (2020), pp. 65–70. https://doi.org/10.3217/978-3-85125-7526-16. Visited on 11/24/2022
Aydemir, A. K., Hämmerle-Uhl, J., Uhl, A.: Feasibility of morphing-attacks in vascular biometrics. In: 2021 IEEE International Joint Conference on Biometrics (IJCB), Shenzhen, China (2021)
Schuiki, J., Prommegger, B., Uhl, A.: Confronting a variety of finger vein recognition algorithms with wax presentation attack artefacts. In: 2021 IEEE International Workshop on Biometrics and Forensics (IWBF) (2021 IEEE International Workshop on Biometrics and Forensics (IWBF)), Rome, Italy, IEEE,. 1–6 (2021). https://doi.org/10.1109/IWBF50991.2021.9465091.
Wang, Y., Zhao, Z.: Liveness detection of dorsal hand vein based on the analysis of Fourier spectral. In: Lecture notes in computer science. Springer International Publishing, 322–329 (2013). https://doi.org/10.1007/978-3-319-029610_40.
FIDIS. D6.1 Forensic Implications of Identity Management Systems [Electronic Resource]. (2006) http://www.fidis.net/fileadmin/fidis/deliverables/fidis-wp6-del6.1.forensic_implications_of_identity_management_systems.pdf. Visited on 06/30/2021
Patil, I., Bhilare, S., Kanhangad, V.: Assessing vulnerability of dorsal hand-vein verification system to spoofing attacks using smartphone camera. In: 2016 IEEE International Conference on Identity, Security and Behavior Analysis (ISBA), IEEE, 1–6 (2016). https://doi.org/10.1109/isba.2016.7477232.
Bhilare, S., Kanhangad, V., Chaudhari, N.: Histogram of oriented gradients based presentation attack detection in dorsal hand-vein biometric system. In: 2017 Fifteenth IAPR International Conference on Machine Vision Applications (MVA) (2017 Fifteenth IAPR International Conference on Machine Vision Applications (MVA)). Nagoya, Japan, IEEE, pp. 39–42 2017. ISBN 978–4–901122–16–0. https://doi.org/10.23919/MVA.
Schuiki, J., Uhl, A.: Improved liveness detection in dorsal hand vein videos using photoplethysmography. German Comput. Assoc. Bonn 2020, 1–5 (2020)
Raghavendra, R., Avinash, M., Marcel, S., Busch, C.: Finger vein liveness detection using motion magnification. In: 2015 IEEE 7th International Conference on Biometrics Theory, Applications and Systems (BTAS). IEEE (2015). https://doi.org/10.1109/btas.2015.7358762.
Patil, I., Bhilare, S., Kanhangad, V.: Assessing vulnerability of dorsal hand-vein verification system to spoofing attacks using smartphone camera. In: 2016 IEEE International Conference on Identity, Security and Behavior Analysis (ISBA), IEEE, 1–6 (2016). https://doi.org/10.1109/isba.2016.7477232.
Garcia-Martin, R., Sanchez-Reillo, R.: Wrist vascular biometric recognition using a portable contactless system. Sensors 20(5), 1469 (2020). https://doi.org/10.3390/s20051469
Garcia-Martin, R., Sanchez-Reillo, R.: Vein biometric recognition on a smartphone. IEEE Access 8, 104801–104813 (2020). https://doi.org/10.1109/access.2020
ArcticEngineer. IRVeinViewer. 2021. https://play.google.com/store/apps/details?id=ru.arcticengineer.irveinviewer&hl=ru&gl=US.
Li, J., Hu, Y., Zhang, Y., Zhao, Z., Li, J., Zhou, W.: Finger-vein recognition based on improved Zernike moment. In: 2017 Chinese Automation Congress (CAC). — Jinan: IEEE (2017). https://doi.org/10.1109/cac.2017.8243129.
Lowe, D.G.: Distinctive image features from scale-invariant keypoints. Int. J. Comput. Vision 60, 91–110 (2004). https://doi.org/10.1023/b:visi.0000029664.99615.94
Wang, G., Wang, J.: SIFT based vein recognition models: analysis and improvement. In: Computational and Mathematical Methods in Medicine, pp. 1–14 (2017). https://doi.org/10.1155/2017/2373818.
Anjos, A., Tome, P., Marcel, S.: An introduction to vein presentation attacks and detection. In: Handbook of Biometric Anti-Spoofing: Presentation Attack Detection, 419–438 (2019). https://doi.org/10.1007/978-3-319-92627-8_18.
Wang, Y., Qi, Q., Li, K.: Liveness detection of dorsal hand vein based on AutoRegressive model. In: 2014 IEEE Computers, Communications and IT Applications Conference, pp. 206–210 (2014). IEEE. https://doi.org/10.1109/comcomap.2014.7017197.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that they have no conflict of interest or competing interests.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
The original online version of this article was revised: In this article Reference 5 was incorrect. It has been corrected.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Mizinov, P.V., Konnova, N.S., Basarab, M.A. et al. Parametric study of hand dorsal vein biometric recognition vulnerability to spoofing attacks. J Comput Virol Hack Tech (2023). https://doi.org/10.1007/s11416-023-00492-z
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s11416-023-00492-z