Preliminary draft of mobile toolbox for iris for review

[n-kai]

Preliminary draft of Mobile toolbox for iris

This document is a preliminary draft of mobile toolbox for iris that lists presentation attack test items for mobile iris unlock. Each test item will be refined further to develop attack descriptions. Any comments on this document would be welcomed.

Introduction

Presentation attack to iris verification is classified into following categories [1]

a) Print attack Present a genuine iris image printed on a paper to the mobile device b) Textured contact lenses attack Attacker wears the textured contact lenses to interfere with iris verification c) Synthetic Iris Images attack Present a synthetic iris image created from target user’s iris code d) Artificial eye attack Present an artificial eye made of, for example, plastic with counterfeit iris pattern to the device

b) is indeed effective for obfuscating one’s true biometric trait. However, the obfuscating is out of scope of the cPP. In theory, there exist no technical limitations of printing fully opaque cosmetic contact lenses with iris texture of a targeted person and wearing the customized lenses to successfully masquerade as someone else to unlock the device. However, there are no known real-world examples of successful presentation attack of this kind [2] and there are also no research papers to study such kinds of attack. So, b) is out of scope of our evaluation at this moment. c) is also out of scope because we assume that iris code is securely protected by the mobile device. Therefore, this document lists test items related to a) and d).

Presentation attack test items

The following lists the presentation attack test items. Number of attempts for each PAI and pass criteria should be discussed later, referring the relevant studies (e.g. [10] shows the state of art PAD technique can achieves ACER=2.78).

a) Attack 1 This attack assumes that attacker can get digital image of target user’s face taken by normal digital camera with visible light.

Attack method Attacker gets [digital image of target user’s face] taken by [digital camera] under [environment] and [preprocess the image], then print out eyes on [paper] with [printer] to [present] it to the mobile device.

Text enclosed in [ ] should be refined further. The following shows my current idea.

[digital image of target user’s face] Digital image should meet the following condition [3a]:

• target’s eyes must be bright
• iris diameter should be more than 75 pixels (more than 175 pixels is ideal)
• at least 75 % of the iris should be visible

[digital camera] High resolution digital camera should be used to get clear image of the iris [3b]

[environment] Controlled environment (the background of the scene is uniform, the light in the office is switched on and the window blinds are down)

[preprocess the image] For example,

• extract red channel from the image and convert it into grayscale (green channel is better for some PAD algorithm) [4]
• crop the eye image and enlarge it to the original size
• have a hole in a place of the pupil to generate a genuine reflection from the cornea as expected by the sensor [5]

[paper] Normal paper, mat paper etc [3b], [6]

[printer] Laser printer or inkjet printer [3b], [6]. At least 1200dpi [7].

[present] Present the paper under the controlled environment as the same way the user enrolls the iris

Note Evaluator should take a picture of the paper using NIR camera to confirm that the NIR image of the paper contain enough quality of iris pattern before testing.

b) Attack 2 This attack assumes that attacker can take a photo of target user’s face using a digital camera using NIR.

Attack method Attacker takes [digital image of target user’s face] using [digital camera] under [environment] and [preprocess the image], then print out eyes on [paper] with [printer] to [present] it to the mobile device.

Text enclosed in [ ] should be refined further. The following shows my current idea.

[digital image of target user’s face] Same as Attack 1

[digital camera] Normal digital camera that can take NIR image. Attacker can modify the camera to have its IR-blocking filter replaced with a glass plate to take a NIR photo [8], [9]

[environment] Outdoor environment with sunlight that include NIR. No need to use NIR LED because such attack is considered by Attack 3.

[preprocess the image] For example,

• crop the eye image and enlarge it to the original size
• have a hole in a place of the pupil to generate a genuine reflection from the cornea as expected by the sensor [5]

[paper] Same as Attack 1

[printer] Same as Attack 1

[present] Same as Attack 1

Note Camera’s auto exposure (AE) may not work in the NIR [9]. Evaluator should carefully choose the right one to take a good NIR image referring relevant information in the web

c) Attack 3 This attack assumes that attacker can take a photo of target user’s face using NIR cameras including commercial iris scanners.

Attack method Attacker takes [digital image of target user’s face] using [NIR camera] under [environment] and [preprocess the image], then print out eyes on [paper] with [printer] to [present] it to the mobile device.

Text enclosed in [ ] should be refined further. The following show my current idea.

[digital image of target user’s face] Same as Attack 1

[NIR camera] Commercial iris scanner [10]

[environment] Controlled environment

[preprocess the image] Same as Attack 2

[paper] Same as Attack 1

[printer] Same as Attack 1

[present] Present the paper under the controlled environment as the same way the user enrolls the iris. Attacker may place a contact lens over the iris image to give the iris scanner the curvature it's expecting from a real eye [8]

d) Attack 4 Same as Attack 3 except that attacker attach the captured iris pattern to the artificial eyes.

Attack method Attacker takes [digital image of target user’s face] using [NIR camera] under [environment] and [preprocess the image], then print out eyes on [paper] with [printer] and attach the iris image to [artificial eye] to [present] it to the mobile device.

[digital image of target user’s face] Same as Attack 3

[NIR camera] Same as Attack 3

[environment] Same as Attack 3

[preprocess the image] Same as Attack 3

[paper] Same as Attack 3

[printer] Same as Attack 3

[artificial eye] Create one referring [1]

[present] Same as Attack 3

Reference

[1] Learning Hierarchical Visual Codebook for Iris Liveness Detection http://www.csis.pace.edu/~ctappert/dps/2011IJCB/papers/226.pdf [2] Contact lens detection in iris images http://jultika.oulu.fi/files/nbnfi-fe201801222182.pdf [3a] Hacking Putin's Eyes: How To Bypass Biometrics The Cheap And Dirty Way With Google Images https://www.forbes.com/sites/thomasbrewster/2015/03/05/clone-putins-eyes-using-google-images/#35160438214a [3b] Robust Scheme for Iris Presentation Attack Detection Using Multiscale Binarized Statistical Image Features http://ieeexplore.ieee.org/document/7031897/ [4] Cross-spectral Iris Recognition for Mobile Applications using High-quality Color Images https://pdfs.semanticscholar.org/349f/a8805e9d5f7d4096fb605453a90877f15ae9.pdf [5] LivDet Iris 2017 - Iris Liveness Detection Competition 2017 http://iab-rubric.org/papers/Yambay-IJCB17-LiveDET.pdf [6] Database of Iris Printouts and its Application: Development of Liveness Detection Method for Iris Recognition http://zbum.ia.pw.edu.pl/PAPERS/MMAR_2013_Czajka.pdf [7] Spoofing iris recognition technology with pictures http://www.biometricupdate.com/201503/spoofing-iris-recognition-technology-with-pictures [8] Samsung Galaxy S8 Iris Scanner Hacked In Three Simple Steps https://www.forbes.com/sites/ianmorris/2017/05/23/samsung-galaxy-s8-iris-scanner-hacked-in-three-simple-steps/#5151feb4ccba [9] The physics of near-infrared photography http://www.montana.edu/jshaw/documents/NIR%20Photography%20-%20Mangold%20et%20al%20-%20EJP2013.pdf [10] Presentation attack detection using a generalizable statistical approach for periocular and iris systems https://dl.gi.de/bitstream/handle/20.500.12116/1244/111.pdf?sequence=1&isAllowed=y

[woodbe]

I think we need to consider a "meta" toolbox that defines some of the expectations for some of the tools to be used. I say this because some of the same comments I would have for the face I have for the iris. Things like what kind of paper, the printers used, etc, should be fairly standardized, but I'm also thinking about things like photo paper I can readily pick up in any office supply store, department store or Amazon.

What I'm thinking is that we provide something that lists "common" tools, like paper, printers, cameras, etc, and then using those defined terms in the modality-specific toolbox we can have less to worry about in terms of repeat-ability and also copying and updating them in all places to keep them in sync.

[BrJu]

Creating an inventory ('supporting supporting doc') for all the tools that can be used during the evaluation. TBD: who will initiate this doc

[BrJu]

@woodbe @nils-tekampe volunteered

[nils-tekampe]

@woodbe I just created a first draft for an inventory. I did so by simply going thru all the attacks as they already had a section named "Tools". I'm pretty sure this is not yet complete. On the one hand we will need more details in the description of the tools, on the other hand, more tools seem to be hidden in the descriptions of the attacks. But for now, I would appreciate if you could have a short look and let me know, what you think.

[woodbe]

@nils-tekampe This looks like a good start. #84 has some edits I made to it.

Overall I think this is good, I mainly think we need to tweak how the tools are listed.

[nils-tekampe]

@woodbe I agree. The overall format has to be improved. My plan would be to continue working some more time on the content and the derive a good format from the content. Maybe a table structure can be suitable...

[woodbe]

@nils-tekampe I think a table would be ideal. One thing I like about a table is that we could scale one item out. For example you could have the screen, and have a standard HD screen of 10" in size, then increase it to larger size and resolution up to 4K at 25" (or something like that). That could all be one row. Camera could be similar, paper could even be similar (like standard letter paper as the first one, then card stock then photo paper).

[nils-tekampe]

@woodbe I made a table for the tools. Please have a look. I'm not sure what you mean by "scaling one item out". How would you suggest to handle e.g. the two different PC screens?

[woodbe]

@nils-tekampe Take a look at this rough idea for a table:

https://github.com/nils-tekampe/cPP-biometrics/blob/master/methodology/inventorytable.md

Just a rough idea about how to link the tools together.

[nils-tekampe]

@woodbe Understood. Very good idea. I transferred the concept to the original file an deleted the inventorytable.

[woodbe]

@nils-tekampe I like the updated table. I really like the camera description for the second level, too.

Now for the attacks, we have some that are the same, but that they may switch from say a home printer to a professional printing service, or from a device screen to a 4K display. What I would think is that we can have just one attack type, and then level it inside the attack with this table. Of course that may not work, but that is part of what I was thinking, but either way, I like having the table because I think it provides a good hierarchy of the tools.

[nils-tekampe]

@woodbe Yes, I agree that the description of attacks can be optimized in this context. I would suggest however that we do not introduce a pure hierarchy in the tools but allow different types for one tool as well. This means from my perspective that type 2 of a tool must not necessarily be stronger/better than type 1 of the same tool. It can also be simply a completely different type.

[woodbe]

@nils-tekampe I agree. I was trying to think of how to set it up (but haven't had cycles to think it through all the way), showing a progression is what I was really trying to get to.

[n-kai]

I agree to close this and #72 and dicuss based on actual toolbox.

[woodbe]

Closed. Further discussions handled in newer issues directly related to the appropriate toolbox.