Liveness Detection Certification, FIDO Certification and PAD Evaluations
Process & Standards for Certified Liveness Detection
Also known as presentation attack detection (PAD), liveness detection certification and certified liveness detection solutions have become the hot topic of the whole biometrics industry. In the following, this article will thus explain the most important elements of a liveness detection certification, including PAD evaluations and FIDO certifications as well as their limitations.
Until only 3 years ago, liveness detection certification was a non-existent topic in the commercial facial recognition industry. Not only was no term defined publicly if it came to biometric anti-spoofing. Back then, in the absence of comprehensive solutions securing facial recognition against attacks, there was no public discussion on biometric anti-spoofing at all. Consequently, no objective and comparable liveness detection certification or evaluation was available. This has changed only recently.
The following sections are geared at enabling corporates in need for a PAD solution to estimate the informative value of a liveness detection certification.
After reading this article you will know:
- The context and history of liveness detection certifications
- The process for receiving a certified liveness detection
- Different levels of presentation attacks
- How biometric anti-spoofing performance is measured
- The limitations of liveness detection certification
ISO Compliant Presentation Attack Detection
The knowledge for this article is based on BioID’s experience with two different types of liveness detection certifications: BioID has performed a PAD evaluation with the German testing laboratory TÜV Informationstechnik GmbH (TÜViT). The audit confirms the ISO 30107-3 compliance of BioID’s presentation attack detection technology. The FIDO accredited biometric laboratory TÜViT tested against criteria based on FIDO Biometric Certification Requirements v1.1 (FIDO1.1) and ISO/IEC 30107-3:2017 (ISO/IEC30107-3). The applied criteria are considered by TÜViT to be stricter than FIDO1.1, so as the test was successful, the FIDO criteria are also regarded as being met. In addition, ARIADNEXT, a long-term BioID customer, offers an identity verification solution which has been certified with a FIDO biometric component certification in November 2020. This solution includes BioID’s liveness detection for fraud prevention. It’s reliability was thoroughly tested during the FIDO testing procedures in 2020.
The ISO standard ISO/IEC 30107-3 for presentation attack detection was introduced in September 2017. This norm has been incorporated in the official FIDO certification process. Also, it has led to independent laboratories offering PAD evaluations based on this ISO norm. If a certified liveness detection is based on this ISO standard ISO/IEC 30107-3, there is a certain element of comparability between the different evaluations. Still, it is important to take a closer look at the testing protocols and results as various laboratories or test centers differ in how they carry out the performance assessment. This can result in disparity of the informative value of liveness detection certifications. Due to limited test scenarios, results might not be transferable to real-life scenarios. Hence, it may always be recommended to perform individual performance assessment before deciding for an anti-spoofing solution.
How Liveness Detection Certification Works
A biometric vendor trying to offer a certified liveness detection needs to engage with one of the accredited laboratories and provide a software/hardware solution for evaluation. The small number of accredited laboratories to perform a liveness detection certification include e.g. the German TÜV IT, the Swiss Center for Biometrics Research and Testing (Idiap Research Institute) and the French ELITT/Leti CEA. A full list of accredited test centers can be found in the resources list below.
For offering a certified liveness detection, biometric vendors can either choose to perform a FIDO certification or do a mere PAD evaluation. In addition to the PAD performance, a FIDO certification also includes the biometric verification (facial recognition) performance. During both performance tests, biometric anti-spoofing systems are challenged with different presentation attacks such as printed photos, paper masks or videos. If successfully tested according to ISO/IEC 30107-3, the biometric vendor receives a testing report (in the case of a PAD evaluation) or a FIDO certificate (if a full FIDO certification is performed).
Which Presentation Attacks are Tested
According to FIDO Biometrics Requirements published in 06/2019, there are three levels of presentation attack scenarios which can be tested against. These differ mainly in the time, expertise and equipment needed to create the attack (see table 1). Level A includes simple photo printouts, or a photo presented on a smartphone display, whereas level B additionally includes paper masks or videos of a person. Level C represents silicon masks, as well as high-quality videos of a person presented on a high-resolution display, for instance. Each of these attack examples is called a presentation attack instrument (PAI). The testing is made with classes of attacks, the so called PAI species. Such a PAI species can be an iPhone 8 display presenting photos of various people. Another example of a PAI species are photos of different people printed on the same paper with the same printer. PAD evaluations can be made for each of the levels A-C separately. For a FIDO certification, an algorithm needs to detect spoofing attempts on levels A and B by default.
Table 1: Levels of Presentation Attacks, based on FIDO Biometrics Requirements, 06/2019
How Certified Liveness Performance is Measured
For a certified liveness detection, certain values are calculated to assess the performance: APCER (Attack Presentation Classification Error Rate) and BPCER (Bona-fide Presentation Classification Error Rate). APCER calculates the proportion of attacks mistakenly being classified as live persons. BPCER represents the proportion of live persons (also called Bona-fide) being classified as fakes. For mere PAD evaluation, no verification performance takes place. It is only tested whether a presented face came from a live person or not. For a full FIDO certification, the value calculated also includes the verification (facial recognition) result, resulting in IAPMR (Impostor Attack Presentation Match Rate). This number describes the proportion of attacks by impostors incorrectly accepted as the real person.
For receiving a certified liveness detection included in a FIDO certification, 10 presentation attack species (6 from level A and 4 from level B, see table 1) as well as 10 people (subjects) are needed. This results in 100 PAI. Each has a maximum of 5 attempts to spoof the liveness detection. In other words, 50 attempts per species, or 500 spoofing attempts are used altogether. In order to successfully complete this part of the performance testing, the IAPMR needs to be less than 20 % per PAI species, meaning less than 10 of the 50 attempts per species may wrongly be classified as a live person. For more details please see FIDO’s PAD criteria. In order to provide the desired objective performance measurement, liveness detection certifications that are not part of a FIDO certification process should be designed similarly.
Limitations of Liveness Detection Certifications
To be precise, there is no certification for presentation attack detection available on the market, as the international standard for PAD, ISO/IEC 30107-3, does not offer a standardized testing protocol which could be used to perform comparable testing and certification. As a consequence, there is no certified liveness detection solution available on the market, either. Instead, biometric testing laboratories like TÜViT from Germany or Idiap from Switzerland can perform evaluations based on the ISO standard and thus confirm a technology’s ISO compliance. Still, the term ‘certification’ or ‘certified liveness detection’ has been widely used. This has sometimes happened in a misleading way as the following article by a leading Professor at Clarkson University and at Biometrics Institute describes: Go to the Biometric Update article.
There are certain limitations of liveness detection certifications, which should be kept in mind when using them as decision criterion. For instance, for a PAD evaluation that is independent from FIDO, the vendor himself can choose and decide the level of PAI, the number of attacks and the number of subjects. Even for a strongly regulated FIDO certification, the number of devices and spoofing scenarios tested is limited. This should be kept in mind as the biometric anti-spoofing can perform differently on unseen presentation attacks. Also, when reviewing the test reports of evaluated/certified solutions, there are details which should be looked at closely, for instance, the false rejection of live people (BPCER). This calculation is often kept unmentioned as there is a direct link between APCER and BPCER: if the solution is designed to perform extremely well on APCER (correctly rejecting fakes), this can result in a higher BPCER (falsely rejecting live people). In a real-world scenario, of course, this has to be balanced in order to create security and usability at the same time.
Compliant Presentation Attack Detection
As a German biometrics company with more than 20 years of experience in the market, BioID sees with great interest how the biometrics industry is changing. With its multiple patents, BioID is a leading player worldwide to offer software-based biometric anti-spoofing. As the demand for facial recognition is growing, the market has seen many new entrants and a broad diversification of offerings. As such, standards like the ISO/IEC 30107-3 offer guidelines for an objective measurement for presentation attack detection performance. For a buying decision, while a liveness detection certification does facilitate the assessment process, one must pay attention to their intended application by considering factors such as ease of integration, user experience, as well as vendor credibility (e.g. in terms of GDPR). Every application scenario is different and the best way to find a suitable anti-spoofing solution is to find a trusted & experienced vendor.
Resources on Liveness Detection Certification
- For more information on FIDO Biometric Component Testing please see: https://fidoalliance.org/certification/biometric-component-certification/
- FIDO Biometrics Requirements; Final Document, June 06, 2019: https://fidoalliance.org/specs/biometric/requirements/
- ISO/IEC 30107-3:2017 Information technology — Biometric presentation attack detection — Part 3: Testing and reporting: https://www.iso.org/standard/67381.html
- Link to accredited test laboratories: https://fidoalliance.org/certification/biometric-component-certification/fido-accredited-biometric-laboratories/
+49 911 9999 898 0