No Spoofing: An Introduction to Presentation Attack Detection
Just like in cybersecurity, biometric security system developers are always trying to stay one step ahead of a malicious actor’s latest strategy.
The methods of tricking biometric systems vary widely from the sophisticated (latex gloves with a user’s fingerprints, expensive masks, and deepfakes) to the simple (a photo of a user’s face or eye, or a video replay). These fakes are then presented to the device to try and fool it into authenticating the user—also known as a presentation attack or a spoof attempt.
How are biometric system developers addressing these threats? It’s all down to presentation attack detection (PAD).
What is Presentation Attack Detection?
Also known as PAD, presentation attack detection is an automated method of detecting spoofing attempts.
PAD systems use a combination of hardware and software to determine if a presented biometric is genuine. Illumination, sensors, and processing can help detect the use of masks, synthetic images, or photographs that do not react to changes in light or conditions.
PAD can include liveness detection—the ability to differentiate between human beings and nonliving spoofs, like photos.
Additional Resources
ISO/IEC 30107-3:2023, the international standard on biometric presentation attack detection
NIST’s definition of presentation attack detection
Paravision white paper on presentation attack detection
FIDO Biometrics Requirements, working draft, 2019