Encyclopedia of Biometrics

Living Edition
| Editors: Stan Z. Li, Anil K. Jain

Anti-spoofing: Multimodal

  • Gian Luca MarcialisEmail author
  • Battista Biggio
  • Giorgio Fumera
Living reference work entry
DOI: https://doi.org/10.1007/978-3-642-27733-7_9047-2



Anti-spoofing, or liveness detection, in multimodal biometrics is intended as the ability of a multimodal biometric system of detecting and rejecting access trials in which one or more spoofed biometric traits are submitted. For example, if a malicious user tries to access a system protected by personal verification through face and fingerprint, by submitting his/her own face and a replica of the targeted client’s fingerprint, the system must be able to detect and reject this attack.


Liveness detection in multimodal biometric systems refers to the case where each “modality” consists of a different kind of biometric trait (e.g., fingerprint and face), which is processed by a different biometric verification module. The classification performed by each module, independently, is then combined by score-level or decision-level fusion rules [13].

As well as unimodal biometric systems, multimodal ones can be attacked by submission of a “fake” trait, that is, an artificial replica of at least one of the system’s biometrics [7, 11]. Therefore, the problem is to reject this kind of attack.

This can be done by adding a liveness detection module to each biometric modality to provide “robust” fusion rules against spoofing attacks. According to the literature, ad hoc score fusion rules, capable to exploit the information coming from a match score generated when comparing a spoofed biometric against the related genuine template(s) [7, 9, 11, 12], are the ones basically investigated. No evidence has been reported so far about the integration of multiple liveness detection and matching algorithms in multi-biometric systems, while several evidences have been reported in the case of mono-modal systems [1, 8].

Basic Achievements

The subject issue has been addressed first in [9, 11, 12]. In these works, the performance of multimodal biometric systems using parallel score fusion rules has been studied. In particular, only a subset of the modalities used in the system, or even a single modality, have been spoofed, and the attackers have presented their own traits for the remaining biometrics.

Motivation of this exploration has been explained in [11]:

“Intuitively, a multimodal system is intrinsically more secure than unimodal systems since it is more difficult to spoof two or more biometric traits than a single one. However, is it really necessary to spoof all the fused biometric traits to crack a multimodal system? This question is especially important when a very secure biometric (e.g., retina scan) is combined with another that is easily spoofed (e.g., face). In this scenario, the benefits of adding the face information may be negated by reduction in overall security”.

But [12]:

“If an intruder can break the multimodal system by attacking only one mode, then the multimodal system is not more secure than the least secure mode (i.e., the “weakest link”). In this case, we can even argue that the multimodal system is less secure than its unimodal systems alone since the use of several modes leads to a bigger number of vulnerability points, increasing the possibility of an intruder to take advantage of at least one of these vulnerabilities. For example, consider a multimodal system combining signature and fingerprint traits under a spoof attack. In this scenario, a forger can choose which trait to spoof according to his skills, what may increase his chances of being successful”.

In fact, the authors in [9, 10, 11, 12] showed that parallel multimodal systems that combine from two up to four different modalities and that use several state-of-the-art score-level fusion rules can be evaded by spoofing of a single trait. In [11], it was supposed that distribution of match scores derived from spoofing attacks was exactly the same as the matching scores of genuine users; thus, a very pessimistic scenario was hypothesized. Reference [9] used a multimodal database consisting of face, iris, and fingerprint match scores from genuine and imposter pairs. This database was created by West Virginia University and is available on the CITER website [2]. Even using three personal verification modalities, a significant increase of the probability that an attacker was misclassified as a genuine user has been reported, although only one biometric trait was spoofed. This probability is called spoof-false accept rate or SFAR. Finally, in [10] four different modalities were considered: one was the face and the three others were different fingerprints. The likelihood ratio (LR) and sum fusion rules were used, as well as in the previous publications.

This investigation has been extended in [3, 4, 5, 6, 7] to real spoof attacks, focusing on biometric systems involving two modalities, face and fingerprint, combined in parallel and serially. To this aim, several face and fingerprint data sets were collected, fake traits were fabricated using several techniques, and several multimodal systems were evaluated using different sensors, matchers, and score fusion rules. The reported results have clearly confirmed that the submission of even a single fake trait can drastically increase the probability that an impostor is wrongly classified as a genuine user.

In order to counteract the dramatic loss of performance due to spoofing attacks, Refs. [9, 11, 12] proposed different “anti-spoofing” measures, aimed at reducing the SFAR, by using parallel score-level fusion rules according to three approaches. The first approach is based on choosing the acceptance threshold related to the fused score [9]; the second one involves some modifications to existing fusion rules [11, 12]; and the third one consists of a novel fusion rule [11], specifically designed to build a multimodal biometric system intrinsically robust against spoofing attacks.

The second approach [11, 12] allows to tune the score fusion rule, instead of the acceptance threshold, thus obtaining a more flexible system than that reported in [9]. On the other hand, the method has been presented for the LR rule only and is based on the same pessimistic assumption initially made by Rodrigues et al. [11]. In fact, the results reported in [7] have clearly shown that this assumption does not hold in several real cases.

The rationale of the third strategy [11] is to explicitly define, from high-level linguistic expressions, the decision criteria to fuse the following information: the matching scores, the quality measures of the acquired biometric traits (if available), and the prior information about the security of each matcher. This has been done by devising a fuzzy score fusion rule. The input data and the output score were associated respectively to the linguistic expressions “high score/quality/security” and “high output” under the assumption that the higher the output value, the higher the probability that the user is genuine. Each of these inputs and outputs was modeled as a fuzzy variable.

For instance, two of these rules can be phrased as:
  • “If the two match scores are ‘high’, then the output is ‘high’ (independently on the quality measures and security levels).”

  • “If one of the matchers has a ‘low’ security and produces a ‘high’ score, while the other produces a ‘low’ match score (independently on its security level), then the output is ‘high’.”

The main advantage of this anti-spoofing method lies in the possibility to explicitly defining high-level rules to fuse the input information. On the other hand, the drawback is that the number of fuzzy rules grows exponentially with the number of matchers, which makes it difficult to define these rules for biometric systems involving three or more modalities. Moreover, empirical evidence provided in [11] shows that also this anti-spoofing measure is likely to increase the FRR.

To the best of the current knowledge, and in the opinion of this entry’s authors, the problem of providing countermeasures able to face with the trade-off between multimodal verification performance and anti-spoofing ability is open and involves aspects related to modules interaction (is integrating an anti-spoofing module better than making an intrinsically robust fusion rule? When and why? Or is the best choice in between?), data sets and experimental protocol design.

Related Entries


  1. 1.
    A. Abhyankar, S. Schuckers, Integrating a wavelet based perspiration liveness check with fingerprint recognition. Pattern Recognit. 42, 452–464 (2009)CrossRefzbMATHGoogle Scholar
  2. 2.
    A. Adler, S. Schuckers, Security and liveness, overview, in Encyclopedia of Biometrics, S.Z. Li and A.K. Jain Eds., Springer, pp. 1145–1152, 2009.Google Scholar
  3. 3.
    Z. Akhtar, B. Biggio, G. Fumera, G.L. Marcialis, Robustness of multi-modal biometric systems under realistic spoof attacks against all traits, in IEEE Workshop on Biometric Measurements and Systems for Security and Medical Applications (BioMS), Milano (Italy), Sept 28th 2011, pp. 5–10Google Scholar
  4. 4.
    Z. Akhtar, G. Fumera, G.L. Marcialis, F. Roli, Evaluation of multimodal biometric score fusion rules under spoof attacks, in 5th IAPR/IEEE International Conference on Biometrics, New Delhi, 29 March–1 April 2012, pp. 402-407. ISBN:978-1-4673-0396-5, doi:10.1109/ICB.2012.6199784Google Scholar
  5. 5.
    Z. Akthar, G. Fumera, G.L. Marcialis, F. Roli, Evaluation of serial and parallel multibiometric systems under spoofing attacks, in IEEE 5th International Conference on Biometrics: Theory, Applications, and Systems, Washington, DC, 23–26 Sept 2012. IEEE Catalog Number: CFP12BTA-USB, ISBN:978-1-4673-1383-4Google Scholar
  6. 6.
    B. Biggio, Z. Akhtar, G. Fumera, G.L. Marcialis, F. Roli Robustness of multimodal biometric verification systems under realistic spoofing attacks, in IEEE/IAPR International Joint Conference on Biometrics (IJCB’11), Washington, DC, 11–13 Oct 2011. ISBN:978-1-4577-1358-3, doi:10.1109/IJCB.2011.6117474, pp. 1–6Google Scholar
  7. 7.
    B. Biggio, Z. Akthar, G. Fumera, G.L. Marcialis, F. Roli, Security evaluation of biometric authentication systems under real spoofing attacks. IET Biometrics 1(1), 11–24 (2012). doi:10.1049/iet-bmt.2011.0012CrossRefGoogle Scholar
  8. 8.
    I. Chingovska, A. Anjos, S. Marcel, Anti-spoofing in action: joint operation with a verification system, in IEEE Computer Vision and Pattern Recognition – Workshop on Biometrics (CVPR), Portland, Oregon (USA), June 23–28, 2013, in pressGoogle Scholar
  9. 9.
    P. Johnson, B. Tan, S. Schuckers, Multimodal fusion vulnerability to non-zero effort (spoof) imposters, in IEEE International Workshop on Information Forensics and Security (WIFS), Seattle (USA), Dec 12–15 2010, pp. 1–5Google Scholar
  10. 10.
    E. Marasco, P. Johnson, C. Sansone, S. Schuckers, Increase the security of multibiometric systems by incorporating a spoofing detection algorithm in the fusion mechanism, in Proceedings of Workshop on Multiple Classifiers Systems (MCS’11), Napoli (Italy), June 15–17 2011, pp. 309–318, doi:10.1007/978-3-642-21557-5-33Google Scholar
  11. 11.
    R.N. Rodrigues, L.L. Ling, V. Govindaraju, Robustness of multimodal biometric fusion methods against spoof attacks. J. Vis. Lang. Comput. 20(3), 169–179 (2009)CrossRefGoogle Scholar
  12. 12.
    R.N. Rodrigues, N. Kamat, V. Govindaraju, Evaluation of biometric spoofing in a multimodal system, in International Conference on Biometrics: Theory Applications and Systems (BTAS), Washington DC (USA), Sept 27–29 2010, pp. 1–5Google Scholar
  13. 13.
    A. Ross, K. Nandakumar, A.K. Jain, Handbook of Multibiometrics (Springer, New York, 2006)Google Scholar

Copyright information

© Springer Science+Business Media New York 2014

Authors and Affiliations

  • Gian Luca Marcialis
    • 1
    Email author
  • Battista Biggio
    • 1
  • Giorgio Fumera
    • 1
  1. 1.Department of Electrical and Electronic EngineeringUniversity of CagliariCagliariItaly