Liveness Detection and Anti-Spoofing

LivenessMany biometric captures, including those collected by law enforcement or at an attended border crossing kiosk, are closely supervised. However, in unsupervised authentication scenarios, attackers can attempt to replay biometrics recorded from a genuine user (e.g. a printed photograph or voice recording) as an account take-over strategy.

How does Daon use liveness detection to combat spoofing tactics?

Daon’s IdentityX uses Presentation Attack Detection (PAD) algorithms to combat this attack strategy by detecting genuine live users (liveness detection) and helping to prevent spoof attacks (anti-spoofing).

Multi-factor authentication is one of the key approaches Daon's IdentityX uses to prevent these types of attacks. With multi-factor authentication, an attacker would need a recording of the legitimate user and would also need to be in possession of that user’s phone to attempt a presentation attack.

Daon’s IdentityX also includes several liveness detection/anti-spoofing methods that can be used in conjunction with its authentication algorithms, which focus specifically on identifying such attacks.

Presentation attacks can also be minimized by combining multiple active liveness challenges with passive techniques. For example, a user could be asked to perform a combination of active liveness challenges such as nodding or shaking their head, moving the capture camera, moving or blinking their eyes, smiling or speaking. Simultaneously, passive techniques (detecting reflections, screen bezel edges, unusual textures and colors in the face region, lack of face micro-movements or audio artifacts) are used to further corroborate the true identity of the user.

As with biometric matching, liveness detection algorithms are probabilistic – bona fide attempts may be incorrectly classified as presentation attacks and vice-versa. Organizations should take care when setting the operational thresholds of the various PAD algorithms to avoid inconveniencing legitimate users while minimizing the likelihood of a presentation attack.

Daon offers a portfolio of best-in-class tested PAD approaches, incorporating algorithms that can be used separately or together; each approach is carefully selected to provide appropriate protection for specific authentication scenarios. As attackers and software become more sophisticated, we continue to develop and evaluate new techniques to help keep ahead of these threats. Find out more about the R&D work of the Daon Biometric Research Lab. Or, learn more about IdentityX and multi-factor authentication.