Presentation Attack Detection for Iris Recognition: An Assessment of the State of the Art

Presentation Attack Detection for Iris Recognition: An Assessment of the State of the Art

Adam Czajka 0000-0003-2379-2533Research and Academic Computer Network – NASKKolska 12Warsaw01045Poland  and  Kevin W. Bowyer 0000-0002-7562-4390University of Notre Dame384 Fitzpatrick HallNotre DameIN46556USA

Iris recognition is increasingly used in large-scale applications. As a result, presentation attack detection for iris recognition takes on fundamental importance. This survey covers the diverse research literature on this topic. Different categories of presentation attack are described and placed in an application-relevant framework, and the state of the art in detecting each category of attack is summarized. One conclusion from this is that presentation attack detection for iris recognition is not yet a solved problem. Datasets available for research are described, research directions for the near- and medium-term future, and a short list of recommended readings are suggested.

Presentation attack detection, liveness detection, anti-spoofing, iris recognition
journal: CSURjournalvolume: 0journalnumber: 0article: 0journalyear: 2018publicationmonth: 0copyright: acmcopyrightdoi: 0000001.0000001ccs: Security and privacy Biometrics

1. Introduction

In biometrics, the term presentation attack refers to making a presentation to the sensor with the goal of manipulating the system into an incorrect decision. The term spoofing is a related less formal term, and liveness detection can be considered as one of the countermeasures to detect a presentation attack. Commonly envisioned goals of a presentation attack are to impersonate a targeted identity or to evade recognition.

As iris recognition has become increasingly popular, presentation attack detection (PAD) has received substantial attention. Various early publications in this area reported near-perfect accuracy.But it is now recognized that these early efforts addressed idealized versions of the problem, especially when we analyze the results of independent iris PAD competitions presented in Section 8 and the number of various attack instruments and ideas presented in Section 4, and possible instruments used in iris presentation attacks discussed in Section 5. More recent works attempt to address more realistic open set versions of the problem. The results of these more realistic works (e.g.(128; 159; 111; 137)) report accuracy figures lower than in the earlier works. However, we should expect that accuracy on the more realistic versions of the problem will improve as research progresses, and the amount of PAD-related data offered now by researchers is stunning, as summarized in Section 6.

It can be difficult to conceptually organize and evaluate the many different technologies employed in presentation attacks and their detection. Therefore, in Section 7, we present an organizing framework based on two main salient distinctions. PAD methods for iris recognition can be either static or dynamic, and also either passive or active. A static method operates on a single sample, whereas a dynamic method operates on an image sequence to extract features related to dynamics of the observed object. A passive method makes the measurement without any stimulation beyond the normal visible-light or near-infrared illumination used to acquire an iris image, whereas an active method adds some additional element of the stimulation to the eye / iris. This categorization is meant to clearly reflect the complexity of the sensor and of the image acquisition process.

With this framework, relatively under-studied areas become easier to identify. Also, within each category, we can identify the current state-of-the-art. And it becomes easier to assess the value of currently available datasets to support the different categories of research. As a result, we suggest in Section 10 possible avenues for future research efforts, including datasets and algorithms.

We start this survey with basic terminology (Sec. 2) and make comments on visible-light vs near-infrared illumination in iris recognition, which has an influence on the PAD methodology (Sec. 3). Later in Section 9 we discuss also the evaluation of PAD, which is in principle different than evaluation of biometric recognition. Lastly, in Section 11 we provide a short list of “recommended readings” for those wanting to start a deeper dive into this area.

2. Terminology

The iris PAD literature has historically been inconsistent in use of terminology. In this survey, we attempt to follow normative presentation attack vocabulary wherever appropriate, as recommended in ISO/IEC 30107-3:2017. Biometric characteristics (possibly represented by a non-living sample) or artificial objects used in presentation attack are called presentation attack instruments (PAI). A presentation to the biometric sensor is either a bona fide presentation or an attack presentation. The following terms are used for basic error metrics:

  • Attack Presentation Classification Error Rate (APCER): proportion of attack presentations incorrectly classified as bona fide presentations. APCER is a function of a decision threshold .

  • Bona Fide Presentation Classification Error Rate (BPCER): proportion of bona fide presentations incorrectly classified as presentation attacks. As with APCER, BPCER is a function of a decision threshold .

  • Correct Classification Rate (CCR): sum of correctly classified bona fide presentations and correctly classified presentation attacks divided by the number of all presentations.

When the threshold can be set so that APCER() = BPCER(), then the equal error rate EER = APCER() = BPCER() can be reported.

The goal of an attacker is most often envisioned as either (a) impersonating some targeted identity, or (b) avoiding a match to the attacker’s true identity. In this context, the following terms are used for the attacker’s success rate:

  • Impostor Attack Presentation Match Rate (IAPMR): proportion of impostor attack presentations that are successful; that is, in which the biometric reference for the targeted identity is matched. This error metric is analogous to false match rate (FMR) in identity verification.

  • Concealer Attack Presentation Non-Match Rate (CAPNMR): proportion of concealer attack presentations that are successful; that is, in which the biometric reference of the concealer is not matched. This error metric is analogous to false non-match rate (FNMR) in identity verification.

It should not be surprising that an attacker’s intentions may be more nuanced than is envisioned by the current standard terminology. For example, attackers may seek to enroll multiple identities that do not match any existing person, but that they can match successfully to in the future. This could be seen as a more sophisticated form of concealer attack. The standard terminology may expand and evolve in the future to explicitly include such instances.

Meanings of additional acronyms, generally associated with texture features, used throughout the paper are: BSIF: Binary Statistical Image Features (66), CNN: Convolutional Neural Network (78), LBP: Local Binary Patterns (95), SID: Shift-Invariant Descriptor (70), and SVM: Support Vector Machine (13).

3. Near-Infrared and Visible-Light Iris Recognition

Essentially all commercial iris recognition systems operate using near-infrared illumination of the eye. This has been true since the early work by Daugman (29). The use of near-infrared illumination allows the system to better image the iris texture since absorption of the light by melanin decreases with the increasing wavelength of the illuminating light. When using visible-light wavelengths, the melanin will absorb a significant amount of light, and the eyes with high concentration of melanin will appear “dark”, sometimes making the pupil localization process diffficult or impossible. Using near-infrared illumination, the texture of the iris surface can be imaged approximately equally well for all persons.

Iris recognition’s reputation as a highly-accurate biometric is thus established in the context of using near-infrared illumination. According to the most recent IREX IX report (105), the best-performing one-to-one iris matchers achieve a false non-match rate below one percent for a false match rate of (1 in 100,000).

Iris recognition using visible-light illumination has attracted attention in the past, e.g., the UBIRIS effort (136) and again more recently in the context of mobile devices (124; 148). If the same accuracy could be achieved with ambient visible-light as with near-infrared illumination, it would be a truly major advance, enabling lower-cost operation and significant increases in flexibility. However, there is no evidence that visible-light iris recognition can, in similar conditions of use, achieve accuracy anywhere close to that of near-infrared iris recognition. At a FMR of 1-in-1-million, visible-light iris recognition will likely have a FNMR that renders it unusable for many applications. General-purpose estimates of visible-light iris error rates from experimental data are problematic because they vary based on many factors, including whether the subjects in the study have “dark” or “light” eyes.

Nevertheless, visible-light iris recognition may find use in lower-security applications, perhaps enabled by ubiquitous use of mobile devices. Therefore, this survey covers research on PAD for visible-light iris as well as for near-infrared iris. However, the reader is cautioned that the security level achievable with visible-light iris recognition is fundamentally lower than what is achievable with near-infrared iris recognition. Also, comparing near-infrared iris images with visible-light iris images (cross-spectrum matching) is more challenging than comparing iris images illuminated by the same light (same-spectrum). Interested readers can study the results of recent “Cross-eyed 2017” competition (123), and do own research using a cross-spectrum iris image database (124).

4. Known and Potential Vulnerabilities

4.1. Attack Goals: Impersonation vs Identity Concealment

The goal of an “Impostor Attack Presentation” in the standard terminology is to impersonate some targeted identity. In general, this attack goal requires that the attacker gain access to an iris image, the enrolled iris code, or equivalent information for the targeted identity. However, there is a variant of this attack in which the attacker may simply want to match to any enrolled identity without caring which one. This can be the case in “token-less” biometric applications in which a probe sample is acquired and matched against all enrolled identities to identify the user. Matching any enrolled identity, rather than a specific targeted identity, is enough to authorize access. A real-world example where this attack could be relevant is the previous version of the NEXUS system operated jointly by the Canada Border Services Agency and the U.S. Customs and Border Protection111; last accessed March 21, 2018.

Another possible goal is the “Concealer Attack Presentation”. This requires only that the attacker have some means of obscuring the useful texture information in their probe sample. For simpler iris recognition systems, even something as simple as eye drops to cause extreme pupil dilation could enable this type of attack.

A hybrid type of possible attack is that the attacker seeks to enroll an identity that does not correspond to any real person, and then use that identity in the future. This may be realized by generating and enrolling a synthetic iris pattern. However, a simpler approach may be to acquire an iris image with the sensor rotated upside-down. Since not all iris sensors detect the correct orientation, an upside-down image could generate a synthetic identity separate from that corresponding to the right-side-up sample (25). This attack goal is not explicitly considered in the standard terminology.

4.2. Creating Images to Match Iris Templates

To accomplish an impersonation attack, one must present an image that, after processing by a biometric system, results in a match to a targeted iris template. An obvious approach is to take a photograph of one’s eye that can be later printed and presented to the sensor. Due to the prevalence of near-infrared illumination in commercial systems, as discussed in Sec. 3, it is expected that, on average, samples acquired in near-infrared should have higher chances to support a successful presentation attack than visible-light images. However, especially for “dark” irises, the red channel of a visible-light iris image may result in a sample that shows enough iris texture to perform a successful print attack.

What if the attacker has no possibility to acquire an actual iris image? There is a small body of work studying attacks in the context of the attacker not having an iris image of the targeted identity, but having the ability to compare a candidate probe image to the enrollment of the targeted identity and get a measure of the match quality. In principle, one can generate a large number of synthetic images that end up with a good match. However, these images may not look visually similar to the targeted iris, or even not similar to a human iris in general. The possibility of “reversing” an iris template is clear when we analyze this problem from an information theory point of view. Assume that a standard iris image has a resolution of pixels and the gray levels are coded by 8 bits. The total number of images possible to be coded equals to . Assume that a typical iris code is composed of 2048 bits, hence the total number of different iris codes is . There are no formal limitations to have an iris code calculated for each possible grayscale image. Since , and there must exist a grayscale image for each iris code, the number of images (possibly not iris images) ending up with an identical binary code is . The number of images that end up with a different iris code, but one close enough to generate a match, is even greater. Certainly, additional textural limitation must be added if the generated images should be visually similar to an iris. However, “visual similarity” is hard to define and various heuristics can be used to increase “visual realism” of a synthetic sample. Additionally, Rathgeb and Busch (115) showed how to generate a single iris code that will match with iris codes calculated for more than one distinct iris. Such morphed iris codes may be a starting point for preparation of synthetic iris images that, when presented to a sensor, would match more than one identity.

One such work by Rathgeb and Uhl (116) presents results for a hill-climbing approach to creating an iris image that can be used to make a false match to a given iris enrollment. This method operates on a normalized iris image, and assumes that an attempted match to an enrollment returns an indication of match quality rather than a match / non-match result. The method scans the initial fake image and adjusts the pixel value by a positive or negative increment in order to find a modification that improves the match quality. It iteratively scans and modifies the fake image in this hill-climbing manner to synthesize an image that matches the target enrollment. In the best case, about 1,400 iterations over the fake image are needed to obtain an acceptable match. In the other work, Galbally et al. (45) use genetic algorithms to find synthetic irises that match their authentic counterparts. The authors suppressed block artifacts and applied Gaussian smoothing to give the synthetic samples a realistic appearance. Also, Venugopalan and Savvides (151) propose to blend a synthetic image based on someone’s iris code with the image of a different subject’s iris. This operation modifies an image in the frequency range used in matching, and leaves it almost unchanged in other frequency ranges. Drozdowski et al. (35) propose a method to generate synthetic iris codes that have similar statistical properties as iris codes generated for authentic irises.

4.3. Creating Images of Artificial Identities

There are also papers proposing either an iris image synthesis, or alteration of the authentic iris image to generate a new texture, possibly not matching to any existing identity. These techniques cannot be used directly in impersonation attack. However, they can be applied to produce fake irises indiscernible from living irises by a biometric sensor in identity concealment attacks, and in situations where having iris artifacts that resemble real irises is important. One should be careful with taking a claim of high visual realism of such samples for granted, which is less important than the assessment of “authenticity” done by an iris recognition sensor.

The first proposal we are aware of to render a synthetic iris texture (actually the entire eyeball) is by Lefohn et al. in 2003 (82). They claim that their method “can create patterns and colors that match existing human irises.” They follow the approach of composing the artificial eye with multiple, simple layers added incrementally, on top of the already-added layers, to end up with the desired pattern. Shah and Ross (129) proposed to use Markov Random Fields to generate a background iris texture, and then iris-specific features such as crypts, radial and concentric furrows and collarette are embedded into the background. Zuo et al. (164) propose a model-based method of synthesizing iris textures. They start with generation of 3D fibers in cylindrical coordinate system, which are then projected onto a plane to simulate a frontal view of an iris meshwork. The resulting 2D image is then blended with irregular edges, the collarette portion is brightened, the outer boundary between the “iris” and the “sclera” regions is blurred, and, finally, artificial eyelids and eyelashes are added. More recently, Thavalengal et al. (144) describe a means to alter an iris portion of a digital photograph without destroying the photo-realistic features of the eye region. They propose a few simple techniques such as a) vertical flip of the iris portion, b) blurring of the iris texture in radial directions (to preserve a general image sharpness), c) swapping of iris texture sectors, and d) the replacement of the entire iris portion with a real or synthetic image.

5. Presentation Attack Instruments

5.1. Artifacts

(a) Illustration of a print attack. An authentic iris (left) and the corresponding iris printout (right). Samples from a training partition of the LivDet-Iris Warsaw 2017 dataset; file IDs: 0319_REAL_L_14 and 0319_PRNT_L_1, correspondingly.
(b) Illustration of a textured contact lens attack. An authentic iris (left) and the same eye wearing textured contact lens (right). Notre Dame file IDs: 07013d5451 and 07013d5343, correspondingly.
Figure 1. Illustration of two presentation attacks that were reported as successful in spoofing commercial sensors in the past for with the purpose of impersonation (a) and recognition evasion (b).
(a) An authentic iris image; Notre Dame file ID: 04202d1496.
(b) An iris image shown in (a) displayed on the iPhone and photographed by the iPad.
(c) An iris image shown in (a) displayed on the iPhone as seen by the AD100 iris sensor.
(d) An iris image shown in (a) displayed on the Kindle E-reader and photographed by the AD100 iris sensor.
Figure 2. An illustration of a display attack. Only passive displays, such as Kindle, have a potential to be used in successful presentation attacks directed to commercial equipment.
(a) Left: glassy prosthesis; source: A. Czajka, Biometrics course, Univ. of Notre Dame, Fall 2014. Right: glassy prosthesis placed in the eye socket and photographed by the AD100 iris recognition sensor; Notre Dame file ID: 06117d493.
(b) An iris image with an embedded synthetic iris texture. Sample taken from CASIA-Iris-Syn V4; file ID: S6002S05.
(c) Cadaver iris acquired 5 hours after death. Sample taken from Post-Mortem-Iris v1.0; file ID: 0004_L_1_3.
Figure 3. An illustration of artifacts and non-living eye proposed in the literature in the context of attacks on iris recognition systems.

5.1.1. Attack Technology: Paper Printouts

Printouts can be produced in many ways. There is no consensus on whether color or black&white printing is significantly better, or whether matte or glossy paper is better, to make a successful Presentation Attack instrument. However, it is typically easier to get commercial sensors to generate a sample from such artifact when a hole is cut in the place where the pupil is printed, in order to produce specular reflections from an authentic cornea hidden behind the printout when taking a picture, as shown in Fig. 1a.

The earliest demonstration of a successful print attack that we are aware of is in 2002 by Thalheim et al. (141). They used an inkjet printer to spray an iris texture on matte paper with a resolution of dpi, and cut a hole in the place of the pupil. This artifact was presented to the Panasonic Authenticam BM-ET100 with PrivateID software by Iridian by an attacker hidden behind the printout. The attacker was able to (a) get a correct match between the printout and the reference calculated for an authentic eye, and (b) enroll a printed iris texture, thus ending up with a system that granted access to anyone possessing the enrolled printout. Similar experiments were repeated by Pacut and Czajka in 2006 (97) with a different sensor. In their experiments, irises printed in B&W on a glossy paper were accepted (i.e., acquired and matched to the corresponding reference generated for bona fide presentation) on average in 86.7% of verification trials with Panasonic BM-ET100. They also presented the first working algorithm to detect iris printouts, based on earlier Daugman’s idea to detect anomalies in Fourier spectra, and two new methods based on detection of specular reflections and pupil dynamics. This first statistical evaluation of presentation attacks with COTS equipment showed that the detection mechanisms implemented in commercial sensors of that time were insufficient.

Ruiz-Albacete et al. (120) considered two types of attack: (1) fake (printed) images used to attempt enrollment and verification, and (2) an original image is used for enrollment, and then a fake image used to attempt verification against the enrollment. Both types of attack may potentially be relevant, but the second type is more commonly studied. They use a modification of the Masek iris matching software (86) for the experiments. Using a matching threshold that represents 0.1% FMR and 17% FNMR on the original images, they find a success rate of 34% for attack type 1 and 37% for attack type 2. This success rate is computed using the 72% of fake images that were correctly segmented, and the matching threshold of 0.1% FMR is higher than normal operation for iris matching.

The above studies show that the success rate of print attacks matching targeted enrollments is not as high as matching authentic iris images. But these print attacks were possible. Presenting an iris printed on a paper is the simplest way today to attempt impersonation, and hence any non-zero success rate is alarming. However, more than a decade has passed since the above experiments, and many PAD methods have been proposed since then.

5.1.2. Attack Technology: Textured Contact Lenses

The term “textured contact lenses” refers to contact lenses that are manufactured to have a visual texture to them; see Fig. 1b. There are also lenses that are “colored” in the sense of being clear but tinted with a certain color, and having no visual texture. “Clear” contact lenses are neither tinted nor have the visible texture. The term “cosmetic contact lenses” is also sometimes used, as the coloring and texturing is for cosmetic (appearance) effect and not for vision correction. The basic problem is that the texture in the contact lens partially overlays the natural iris texture, and hence the image of an iris wearing a textured contact is a mix of contact lens texture and natural iris texture. Additionally, the contact lens moves on the surface of the eye, so that the exact mixture is different from image to image.

It was clear in Daugman’s early work that an iris wearing a textured contact lens would generate an iris code that did not match the code from the iris without the lens (31). More recently, Baker et al. (9; 37) showed that even clear contact lenses with no visible texture cause a small degradation in match score. Clear lenses for toric prescription, and lenses with logo or lettering embedded in them cause slightly larger, but still small, degradation in match score. However, Doyle et al. (34) showed that wearing textured contacts nearly guarantees a FNM result. Images of the same iris from two different sessions wearing the same brand of contact lens do not match appreciably better than images of the iris wearing textured contacts at one time and wearing no contacts at another time. The contact lens dataset used in this work was the first to be made generally available to the research community, and has since been enlarged and used in the LivDet competitions (160; 159). Yadav et al. (157) presented results that largely confirm those of Doyle et al. (34). They added study of an image dataset representing additional commercial iris sensors and some additional manufacturers of lenses. For a moderate security setting (FMR of 1-in-10,000) they observed a drop in verification rate of 22% to 38%, depending on the sensor, when matching an image of an iris with no contact lens with the other image that had a textured contact lens, and from 50% to 64% when matching images of the iris wearing the same brand of textured contact lens.

The general lesson is that an attacker whose goal is to evade detection by generating a FNM result can do so relatively easily and with high confidence by using textured contact lenses. It is also widely believed in the research community that an attacker could, under the right conditions, use textured contact lenses to impersonate a targeted enrollment. First among the conditions is that the attacker would have custom-designed textured contacts chosen to match the targeted enrollment. Also, the textured lenses should be opaque, in the sense of the texture in the textured portion blocking 100% of the natural iris texture. And the textured region in the lens should be broad, to represent a minimal dilation condition, so as to decrease chances of natural texture showing from underneath the contact lens. While this attack seems plausible in principle, it may be difficult and expensive to achieve. We are not aware of this attack having ever (yet) been successfully demonstrated.

5.1.3. Attack Technology: Displays

Numerous papers suggest that an iris image or video displayed on an electronic screen can be used in a presentation attack (56; 133; 60; 154; 20; 138; 126; 85; 77; 53; 128; 38). This can only be successful when the electronic display and the sensor operate in the same range of wavelength, as illustrated in Figs. 2a-b. In particular, iris recognition methods proposed in academic papers for visible-light iris images, if implemented in practice, would have to use visible-light acquisition devices that would photograph iris images displayed on regular LCD screens, as demonstrated in various papers (28; 107; 108; 112; 114; 113).

This, however, cannot be generalized to commercial iris sensors, as they use near-infrared light to illuminate the iris as recommended by ISO/IEC 29794-6. The sensors may additionally cut the light outside of the 700-900 nm range by applying near-infrared filters. Fig. 2c presents what the IrisGuard AD100 sensor can “see” when the content is presented on the iPhone display, in the same way as presented in Fig. 2b. We do not know any off-the-shelf LCD displays emitting near-infrared light, and we do not know any commercial iris recognition systems operating in visible light. Hence, the probability of using regular, visible-light displays in spoofing of current commercial iris recognition systems is minimal. Some earlier tests confirm this: “The tested system was shown to be resistant to (…) an image shown on an iPhone screen” (36).

An exception is application of early e-readers, yet still in use, implementing the e-ink technology that does not require a backlit display, which can present good quality content also if illuminated and observed in near-infrared light by a commercial iris recognition sensor, Fig. 2d.

5.1.4. Attack Technology: Prosthetic Eyes

Use of prosthetic eyes is often mentioned as a potential presentation attack (164; 147; 119; 146; 22; 41; 23). Such prostheses are typically hand-crafted by ocularists with a special care to make the final product as similar as possible to the living eye, Fig. 3a, left.

In general, preparation of a prosthetic eye requires time and a lot of experience. The resulting product is typically so good that even NIR images, acquired by a commercial equipment, resemble NIR samples of living, healthy eyes, Fig. 3a, right, and only specular reflections observed in the central part of the image may suggest unusual structure of the cornea. This means that it is possible to generate an image of the prosthetic eye that is compliant with ISO/IEC 19794-6:2011 and use it in evading recognition. Indeed, Dunstone et al. (36) report that “in 2010 a commercial iris system with liveness turned on was tested” and “tests using a glass eye with a contact lens and blacked-out pupil demonstrated that the removal of visible artefacts in the pupil region, due to misalignment or other factors, did lead to successful spoofs.”

However, we are not aware of any successful impersonation attack that used a prosthetic eye with an iris texture matching a living eye texture. While it is theoretically possible, it would require a significant amount of labor by the ocularist who would have to copy a complicated iris pattern in fine detail.

5.2. Actual Eye

5.2.1. Attack Technology: Non-Conformant Use

Iris recognition requires user cooperation. Thus the easiest way to evade the recognition is a presentation that does not comply with the expected manner of presentation. Such intentional, non-conformant presentations may include excessive eyelid closure that results in a smaller number of iris features possible to be used in matching, thus increasing the probability of incorrect match; or looking away from a camera lens that causes the 2D projection of an actual iris to deviate from a circular shape. If an algorithm does not implement adequate methods for compensating off-axis gaze, such presentation may result in a false match. An attacker can also intentionally increase a mutual rotation between the sensor and the eye, by either rotating the camera (for instance upside-down), or rotating the head, or both (25). Since iris recognition is sensitive to eye rotation, and not all sensors implement countermeasures preventing their excessive rotation during acquisition, the attacker may be able to generate a template that does not match their identity.

A well documented non-conformant use of one’s eye for a presentation attack in an operational environment was based on administering eye drops that result in excessive mydriasis (dilation) to bypass an iris recognition-based border check in the United Arab Emirates (6). An immediate, and pioneering in operational environment, countermeasure applied by UAE was to reject images with the pupil-to-iris radius ratio larger than 60%.

5.2.2. Attack Technology: Cadavers

The idea of using non-living organs in presentation attacks has probably emerged from movies and is often mentioned with exaggeration to embellish the biometric-related news. We are not aware of any reported successful attack on a commercial iris recognition system that would use cadaver eyes. However, it is possible to acquire post-mortem iris image using commercial iris sensors, in cold temperatures (around 6° Celsius / 42.8° Fahrenheit) even up to one month after death, and get a correct match between this sample and either ante-mortem counterpart (121), or the other post-mortem image of the same eye (150; 149). The earliest experiments known to us with matching post-mortem iris images were by Sansola (121), yet unpublished. She used an IriTech IriShield MK 2120U system to show that post-mortem iris recognition is plausible up to 11 days after death, and for intervals up to 72 hours at least 70% of matches were correct. Sansola also presented the only case known to us so far of correct matching of ante-mortem iris image and the corresponding sample taken 9 hours 40 minutes post-mortem. Trokielewicz et al. (149) were the first to present the biometric recognition accuracy of post-mortem iris recognition up to 34 days after death and for four different iris matching methods, and published the only database of post-mortem iris images available to date. Bolme et al. (12) presented a study of iris decomposition in outdoor conditions in cold, medium and warm temperatures and “found a small number of irises that could be matched and only in the early stages of decomposition.” Recently, Sauerwein et al. (122) confirmed earlier conclusions of Trokielewicz et al. about viability of post-mortem iris recognition when the body is kept in cold temperatures, and conclusions delivered by Bolme et al. , reporting that in warm temperatures it’s rather difficult to acquire a clear iris image.

These papers demonstrate that it is possible to use cadavers to get a correct match if the iris is imaged in the first days after death. However, due to novelty of this area, we are not aware of any published methods for detecting a presentation of cadaver eye with an intention to spoof a system.

5.2.3. Coercion

We are not aware of any reported cases of presenting irises under coercion in commercial system. Also, there are no published papers reporting any research in this area. This may be a consequence of a relatively difficult data collection that (a) should be done in authentic situations incorporating coercion, and thus (b) could be rejected by the Institutional Review Board. On the other hand, it is relatively easy to imagine a scenario in which such an attack happens in real-world setups, especially those that are not monitored. Hence, for the sake of completeness, we list the coerced use of someone’s eye as a vulnerability that we should be aware of.

6. Benchmark databases

This section summarizes relevant datasets available to the research community to support development and evaluation of iris presentation attack detection. Most were created specifically to serve as iris PAD benchmarks. We also list a few that were first introduced in papers focused on biometric recognition, and then proved useful in development of iris PAD. We do not discuss the licensing details.

The presented datasets vary significantly in many factors. Table 1 compares their most important technical details. The benchmarks are grouped by the institution that published the data, and oldest datasets are presented first.

Instead of providing a short summary of each dataset separately, in the following subsection we make comments related to the dimensions used in Tab. 1 juxtaposing papers, or group of papers, to illustrate different approaches applied by the authors. Additionally, in the next subsection we provide comments on the general aspects of the preparation and distribution of good quality PAD datasets.

6.1. Summary of current benchmarks

Type of samples.

We follow the most popular categorization of samples into authentic ones, paper printouts, textured contact lenses, prosthetic eyes, post-mortem irises, synthetic irises, but also samples acquired in replay attacks, as well as time series representing pupil dynamics, eye movement and eye gaze.

There are several observations related to the type of samples in various benchmarks. The first observation is that not all datasets offer both authentic and fake samples. For instance, five datasets (IIITD Iris Spoofing, Post-Mortem-Iris v1.0, CASIA-Iris-Syn V4, Synthetic Iris Textured Based and Synthetic Iris Model Based) offer only fake samples. In contrast, two datasets (Pupil-Dynamics v1.0 and CAVE) offer only authentic samples. These example datasets are certainly still useful, and can be used either in development of open-set PAD, or can serve as an additional source of samples when merged with other datasets.

The second observation is that categories of samples are populated non-uniformly across datasets. The most popular are static samples and especially paper printouts: 17 different databases offer images of irises printed on a paper and presented to the sensor. The following databases include printouts having the pupil area cut out: LivDet-Iris Warsaw 2013, LivDet-Iris Warsaw 2015, LivDet-Iris Warsaw 2017, LivDet-Iris Clarkson 2015 LG and ETPAD v1. In preparation of all remaining datasets, the authors presented the original printouts to the sensors. The second most popular static artifacts are images of eyes wearing textured contact lens, offered currently by 11 databases. One important factor differentiating these benchmarks is whether they include contact lenses provided by different vendors. All datasets, except for CASIA-Iris-Fake, include textured contact lenses from different manufacturers.

IIITD Iris Spoofing dataset is the only benchmark that provides a combination of the two above attack means. Namely, it includes photographs of paper printouts of images acquired for eyes wearing textured contact lenses. However, the authors report worse genuine comparison scores when comparing authentic eyes with these hybrid attacks, compared to either using images of textured contact lenses or using images of paper printouts of living eyes. Hence, it seems that this hybrid way of preparing the artifacts does not improve the attacks.

Other types of static samples are less popular. Two datasets (IIITD Combined Spoofing and CASIA-Iris-Fake) include synthetic irises. Five datasets (PAVID, GUC-LF-VIAr-DB, VSIA, and the one prepared by Das et al. (28)) offer recordings of authentic eyes replayed on a screen and presented to another visible-light sensor, typically a smartphone camera. VSIA database is unique in the sense that it offers fake samples originating from 5 different attack types corresponding to the same authentic iris image. We found also two databases that offer images of prosthetic eyes (CASIA-Iris-Fake) and images of postmortem irises (Post-Mortem-Iris v1.0).

There are also databases offering dynamic measurements. There is one benchmark (Pupil-Dynamics v1.0) composed of times series representing pupil size before and after light stimuli. Three datasets (EMBD, ETPAD v1 and ETPAD v2) offer eye movement data, and one (CAVE) offers the eye gaze positions.

Wavelength of the illuminating light and sensors used in acquisition.

In a majority of datasets including static samples a near-infrared illumination has been used to acquire images. Post-Mortem-Iris v1.0 is a unique benchmark in this respect since it offers both near-infrared and visible-light images of the same specimens. Visible-light acquisition makes sense due to an unfading interest in moving iris recognition onto mobile devices that are rarely equipped with near-infrared, iris-recognition-specific illumination. However, since there is no standard for visible-light iris image format (such as ISO/IEC 19794-6:2011 for near-infrared samples), the resulting quality of visible-light samples depends on the subjective assessment of the dataset creator. Samples in all databases were acquired in laboratory environment, except for UVCLI which offers images of the same specimens acquired in both indoor and outdoor conditions.

Spatial or temporal resolution of samples.

The majority of authors used commercial iris recognition sensors and the prevalent resolution of images is thus (IMAGE_TYPE_VGA format defined by ISO/IEC 19794-6:2011). Visible-light samples are acquired by general-purpose cameras and have greater resolution, except for MobBIOfake benchmark. The Nyquist theorem provides a theoretical limit to what maximum spatial frequency we may observe for a given sampling rate. For lower scanning resolutions, one is less capable to use high-frequency properties of patterns in the PAD. In particular, it is relatively easy to print an iris at the resolution at least twice as the actual scanning resolution used in commercial equipment, and thus make the artificial pattern “invisible” to PAD methods, especially when this sensor is equipped with anti-aliasing filter.

Unique patterns in the authentic and fake subsets.

The information about identity (either authentic or fake) associated to each sample is important and allows to perform subject-disjoint analyses. Number of unique identities offered by authentic samples is provided by the authors except for LivDet-Iris Clarkson 2015 Dalsa and ND CCL 2012. However, the number of unique fake identities, either derived from actual identities (as for paper printouts) or artificially generated (as for contact lenses or synthetic irises) is less often provided. The authors of LivDet-Iris Warsaw (all three editions), ATVS-FIr, ETPAD v1, GUC-LF-VIAr-DB, VSIA and MobBIOfake datasets declare that the same identities are represented by both authentic and fake samples. This allows not only to test the PAD mechanisms but also to verify the robustness of the iris recognition software to print attacks. One should note that providing the reliable number of unique fake patterns in the case of patterned contact lenses is not possible. First, the central part of the contact lens (with no artificial pattern) is larger than a pupil. That is, the resulting pattern observed by the sensor is a mixture of a printed contact lens and an authentic iris pattern located near the pupil. Second, non-toric contact lenses (i.e., those with no correction for astigmatism) can freely rotate when being worn, and hence end up with multiple non-matching patterns.

Number of samples representing authentic and fake specimens.

Databases differ significantly in this dimension, offering from zero to more than 100 thousand fake samples. It starts to be a reasonably large number of samples to prepare PAD solutions with good generalization capabilities.

Train/test split.

The official splits into train, validation and test subsets facilitate a fair comparison of the performance across different algorithms using the same benchmark. Without official splits, the cross-validation techniques, applied in different ways on the entire dataset, may bring results that are impossible to be compared. For instance, non-subject disjoint splits may result in underestimation of the error rates, when compared to subject-disjoint evaluations. In the worst case some papers may report only the accuracy on the training set (e.g., if all samples from a given benchmark were used in training). Thus, offering official, well-designed splits (e.g., subject-disjoint, sensor-disjoint, artifact-brand-disjoint, etc.) is highly appreciated and leverages the progress in development of PAD techniques that generalize well into unknown specimens.

6.2. Preparation and distribution of good quality PAD datasets

The previous subsection, delineating the state of currently published benchmarks, shows that the ways that the datasets are prepared, described and distributed are heterogeneous. In this subsection we discuss a few directions we can follow to increase the uniformity of future benchmarks.

Assessment of the quality of fake samples.

The quality of data used in development of the PAD methods cannot be accidental. There are two contradictory dimensions that should be considered simultaneously: a) diversity of data that helps in development of solutions that generalize well to unknown samples, b) high quality of samples to make them close to artifacts used in real attacks. “High quality” does not necessarily refer to common definitions such as resolution, image clarity or contrast. It should be rather understood as a possibility to use the artifacts in successful presentation attacks, conducted on the commercial system. These two goals, however, cannot be achieved at the same time. It is relatively easy to increasing the diversity, sometimes called “difficulty”, and immediately fall into the trap of adding samples that would never be correctly processed or even acquired by a commercial system. On the other hand, by strict control of the quality one may produce samples that illustrate only a narrow spectrum of possible attacks.

Ideally, we should aim at both high quality and high diversity of samples. One possible approach is to start with high, yet reasonable diversity, and decrease it until all samples are successfully used in real presentation attack. This is a very rare practice, and the only databases that followed such quality control are LivDet-Iris Warsaw 2013, LivDet-Iris Warsaw 2015 and partially LivDet-Iris Warsaw 2017 (train and known test subsets). The authors of LivDet-Iris Warsaw benchmarks first enrolled all subjects to the Panasonic ET100 iris recognition system, created printed versions of their irises (using different printers, resolutions, papers, number of color channels, and applying various image enhancement methods prior printing), and they selected to the final benchmark only those samples that were matched to the genuine biometric references by a commercial system.

Lack of standards related to data re-distribution.

The way that the PAD databases are re-distributed differs among the benchmarks. We are not discussing here legal aspects related to the license agreements, as those must adhere to specific rules that are in force in the country of data owner. However, various aspects such as declaration of time from executing the license to getting a copy of the data, or type of metadata attached to the samples are barely standardized.

Standard format of presenting a database.

Papers offering PAD benchmarks use various formats of presenting the data and the baseline results. In particular, it is a rare practice to provide a number of fake identities represented in artifacts, especially for textured contact lenses. Database creators also rarely discuss how the quality of fake samples was verified and if the artifacts correspond to real presentation attacks. Approximately half of current benchmarks offer official splits into train and test subsets, however informing if the proposed splits are subject-, sensor-, or attack-instrument-disjoint, is rare. Also, despite the ISO/IEC SC37 efforts to standardize the PAD evaluation, the performance of baseline methods does not always conform to the ISO/IEC 30107-3 standard.

7. Presentation Attack Detection Methods

7.1. Classification of methodologies

The literature in PAD for iris recognition encompasses many different approaches, and with a variety of terminology that is not always consistent. A useful framework for understanding the many different PAD research efforts is built from two simple distinctions: Is the iris (eye) considered as a static or a dynamic object? Is the stimulation of the iris by the sensor considered as passive (not designed to induce a change in the iris) or active? These two dimensions result in four classes of PAD methods, earlier proposed by Czajka (22), we use in this survey:

  1. Static iris passively imaged. Methods of this class employ a still image able to reveal only static eye features. No additional active measurement steps are performed. Usually the same picture as used later in iris recognition is employed for PAD. The use of various texture descriptors, such as LBP or BSIF, is a good example of methods belonging to this class.

  2. Static iris actively imaged: As above, methods of this kind do not use eye dynamics. However, an iris image acquisition is performed with an additional stimulation of the eye that delivers an extra information about structural properties of the eye not observed without such stimulation. An example PAD method in this group can be based on multi-spectral imaging, in which additional information not related to iris dynamics is derived from multiple measurements.

  3. Dynamic iris passively imaged. Methods of this group detect dynamic properties of the measured object, yet without its stimulation. For instance, an algorithm detecting spontaneous pupil size oscillations (a.k.a. hippus) belongs to this group.

  4. Dynamic iris, actively imaged. Methods belonging to this category are the most comprehensive, and dynamic features of the eye are estimated with the specially designed stimulation. This increases the chances to find features of an authentic object that significantly differ from a noise. Analyzes of the stimulated pupil reflex is an example method belonging to this class.

It is interesting to see how many of the proposed PAD methods can be implemented in current iris acquisition systems with little or no effort. This is the third dimension we use in grouping of the PAD methods, in which we group the methods into two classes:

  1. Commercially-ready PAD methods. Methods in this group can be applied in a basic iris sensor, which a) has two illuminants that can do direct-eye illumination or cross-eye illumination (e.g., IrisGuard AD100 or LG4000) using at least two different near-infrared wavelengths (e.g., CrossMatch ISCAN2 or Vista EY2P), or implements a single visible-light illumination, b) is capable of acquiring still images and analyzing iris videos in a single presentation, and c) allows to upgrade its firmware to incorporate PAD-related processing. For instance, a PAD method using LBP texture features and an SVM classification can be implemented in such a basic iris sensor.

  2. Hypothesized PAD methods. Methods in this group require some hardware beyond that in the basic iris sensor. For instance, use of pupil dynamics in PAD would require adding visible light stimulus to the hardware.

Current commercial iris sensors vary in illumination, optics, and the acquisition procedure, and the technical details are often not fully available. We are thus aware that some commercial systems implement more complicated capture processes than assumed in the basic model, and some methods identified as hypothesized in this survey might be implementable in current equipment from selected vendors. One example is IrisGuard AD100 sensor that uses a visible light stimulus when the pupil is excessively dilated.

Figure 4 depicts the number of papers proposing various PAD methods discussed in this survey. There are three general conclusions from this Figure. First, it seems that the first iris PAD competitions organized in 2013 (LivDet-Iris, Tab. 2) and 2014 (MobILive, Tab. 2), stimulated the research in iris PAD since in 2014 and 2015 a larger number of iris PAD-related papers appeared. Second, we can observe a gradual decrease in the number of accepted papers, probably due to more demanding state-of-the-art results observed each year that are more difficult to surpass. Third, the number of methods using feature extractors that learn an appropriate processing directly has come to be larger than the number of methods that use experts’ knowledge in algorithm’s design.

Figure 4. Number of papers proposing iris presentation attack detection methods. Note that a single paper may offer more than one algorithm for the same presentation attack instrument, and it may include multiple algorithms for different presentation attack instruments. Thus, the actual number of the proposed PAD methods is larger than a simple paper count.

Figure 5 depicts how the PAD methods discussed in this survey fall are grouped in this way (Sec. 7.37.6). A few papers propose multiple methods, and so may appear in more than one quadrant in Fig. 5. One immediate observation is that methods using a single iris image, and not analyzing dynamic features of the eye, greatly outnumber all other PAD approaches. Also, almost all approaches in this group are commercially-ready algorithms. The second largest group of methods, including those classified as commercially-ready, corresponds to stimulus-driven measurement of dynamic iris features. Two remaining groups, related to active measurement of static iris and passive measurement of dynamic iris, are less populated. This may suggest that it is more difficult to achieve good performance when dynamic features are not stimulus-driven, and the active, thus more complicated, measurement of a static iris does not significantly increase the PAD reliability when compared to a simpler, passive measurement.

Figure 5. References to papers offering methods grouped into four main categories: a) static iris, passively imaged, b) dynamic iris, passively imaged, c) static iris, actively imaged, and d) dynamic iris, actively imaged. Additionally, in each category we show a split into methods that can be used in a baseline configuration of current commercial sensors (blue circles), and methods that hypothetically can be used in sensors going beyond a baseline configuration (green squares).

7.2. Past reviews and general considerations

Despite a rich literature on iris PAD, there are currently no surveys providing a comprehensive assessment of the state of the art. The first short survey on iris PAD by Galbally et al. (40) lists ideas and implementations proposed by Daugman (detection of “alien” spatial frequencies present for printed irises, coaxial retinal back reflection, Purkinje reflections, detection of spontaneous pupil size changes), Pacut and Czajka (estimation of 3D properties of an eyeball, and pupil light reflex), along with challenge-response transactions, wherein subjects’ blinking or eye movement is analyzed. The same PAD methods are mentioned by Nixon et al. (94), and Singh and Singh (133) in their short surveys on biometric liveness detection. These iris PAD methods are grouped by Toth into hardware-based and software-based techniques (146), and hardware-based methods are divided into three subcategories a) intrinsic properties of a living body, b) involuntary signals of a living body, and c) bodily responses to external stimuli, and replaced with coarser categorization (147).

Looking for potential iris PAD surveys published in last five years, Wei et al. (154) give a brief overview of PAD in the context of the European FastPass automated border control project. Bowyer and Doyle (14) give a brief overview specifically of the problem of detecting textured contact lenses in iris images. They make the point that a technique that appears successful when trained and tested with images representing one contact lens manufacturer may fail drastically to generalize to lenses from a different manufacturer. Akhtar et al. (4) categorize iris PAD into frequency spectrum analysis, reflectance analysis, dynamics analysis, and texture analysis. They suggest a number of directions for future research, including a comprehensive evaluation framework to rate PAD performance, integrating comparison scores with liveness values, and cross-sensor and cross-dataset liveness detection. Galbally and Gomez-Barrero (41) divide the area into sensor-level (hardware-based) and feature-level (software-based) approaches. Thavalengal and Corcoran (142) discuss the challenges of implementing iris recognition on smartphones. They consider the literature on iris PAD as divided into two categories: “techniques that require special hardware or user interaction” and “algorithms designed to work on static images / videos”. They suggest that a PAD technique appropriate to smartphones should not require additional hardware, not require additional user interaction, and should have computational requirements that can be met by a smartphone processor or possible dedicated digital signal processor. Galbally and Gomez-Barrero (42) divide presentation attack detection techniques into sensor-level, feature-level and score-level methods, and consider three types of presentation attack instruments: photos, contact-lenses and artificial eyes. The most recent short summary of iris presentation attack detection was proposed by Morales et al. (89). The authors consider zero-effort, photo and video, contact lens and synthetic eye attacks in their work. They also group various PAD approaches found in the literature into hardware-based, software-based and challenge-response, and suggest either serial or parallel integration of PAD with biometric recognition.

We do not consider multi-modal biometrics as PAD methodology. Although, we are aware that multi-modal recognition may decrease spoofing probability. For example, Johnson et al. (64) suggest that fusing results in a multi-modal biometric system makes it more spoof-resistant, even if not all modes are spoofed simultaneously by an impostor. De Marsico et al. (84) describes an application of face and iris recognition on mobile devices, in which only face mode implements PAD. This paper suggests that in a multi-biometric setup, which implementation forces several modes to be used indissolubly (for instance the same high-resolution sample is used for face and iris recognition), the PAD method applied to only one mode, for instance face, may strengthen the security of the other mode, for instance iris.

PAD is an important standardization effort of the ISO/IEC Joint Technical Committee 1, sub-committee 37 (SC37) on biometrics, since 2011, when the first working draft of the PAD-related standard was prepared. The term “presentation attack detection” was developed in 2012 by the SC37 experts, when the fourth working draft of the PAD standard was prepared, and provided a unified definition of previously inconsistent terms such as “anti-spoofing”, “liveness detection”, “spoof detection”, or “ artefact detection”. Currently, ISO/IEC 30107 has four parts. ISO/IEC 30107-1:2016 harmonizes the PAD-related vocabulary and is freely available at the ISO/IEC Information Technology Task Force (ITTF) web site222 ISO/IEC 30107-2:2017 defines data formats to communicate the PAD results. ISO/IEC 30107-3:2017 provides vocabulary terms related to PAD testing and reporting, and specifies methods and error metrics used to assess the PAD performance. ISO/IEC NP 30107-4 is a new proposal that aims at providing recommendations for assessing the performance of PAD on mobile devices.

7.3. Static-Passive PAD methods

The general approach in this category of PAD is that a classifier is trained to categorize images as authentic or fake, based on a set of features that describe image texture and / or quality. Particular instances of this approach may differ in: (1) the features used, (2) whether the features are computed for the whole image or only the detected iris region, (3) the classifier used, (4) the dataset(s) used in training and testing, and (5) the training and testing methodology. APCER and BPCER can change greatly between two different datasets, or two different train and test methodologies for the same dataset. For this reason, it is generally not meaningful to compare accuracy numbers between publications that use different datasets, or different train and test methodologies for the same dataset.

Most works in this category focus on two main types of attack: (1) presenting a printed image or an image on a display instead of a live iris, and (2) wearing a textured contact lens. Research on detecting textured contacts may be more advanced than research for print attacks, as will be outlined below. Each of these two types of attack can be studied for visible-light images, and / or for near-IR images. This leads to four natural sub-categories, below, for summarizing nearly all publications in this category. The same general approach is often viable for multiple sub-categories, and so some publications present results for multiple sub-categories. These summaries are followed by descriptions of PAD for two additional types of attack that have received less attention: targeted synthetic image attack, and image-orientation-based attack. Finally, we describe the one approach that falls into this category that is not commercially-ready.

Print/Display Attack In Visible-Light

Publications that consider print or display attack in the context of visible-light images include (5; 3; 7; 28; 51; 88; 108; 114; 125; 126; 128). One commonly used dataset in these works is the MobBIOfake dataset. Multiple publications report achieving zero or near-zero classification error in PAD for fake (printed and displayed) images (e.g.(51)), but research in this area has mostly used the same type of fake images in both the training and the testing, with a few exceptions, for instance (128) or (159), which showed that the classification error rates increase significantly when models are trained and tested with different presentation attack instrument species. However, the one-class classification solution proposed by Sequeira et al. (128) does not render better results for all tested presentation attack instrument species, showing that application of open-set classification in the PAD context requires additional research efforts. Menotti et al. (88) describe one of the earliest iris PAD approaches to use deep learning, which they call SpoofNet. They experiment with datasets representing visible-light and near-IR print attacks, and also consider face and fingerprint print attacks. Fathy et al. (39) consider a variant of a print or display attack, in which they train a classifier to distinguish between real and synthetic iris images from the CASIA-Iris-Syn dataset. Surprisingly, they report significantly worse performance for normalized iris images than for original samples. Sun et al. (139) use their Hierarchical Visual Codebook approach to detect multiple types of fake iris images in the CASIA-Iris-Fake dataset. In addition to printed iris images and textured contact lenses, the dataset also contains iris texture printed on plastic eyeballs and images “artificially synthesized from iris images with cosmetic contact lenses.”

Print/Display Attack In Near-IR

Publications that consider print or display attack in the context of near-IR images include (10; 21; 44; 43; 48; 56; 67; 88; 96; 97; 27; 106; 126; 139; 140; 103; 125; 15; 111; 137).

Czajka (21) offered the first publicly available database for this type of attack, consisting of 1274 images of 243 authentic irises, and 729 images of paper printouts (LivDet-Iris Warsaw 2013 in Tab. 1). The other commonly used dataset in this area is the ATVS-FIr datasets proposed by Galbally et al. (44), who report that a combination of just two features, iris-to-image size ratio and pupil dilation, achieved zero classification error on the ATVS-FIr dataset. Neither of these two features seem specific to presentation attacks, suggesting that authentic and fake samples in ATVS-FIr may have been acquired in different ways that can be estimated by non-PAD-related features. In any case, given the zero or near-zero classification error rates reported in some papers using ATVS-FIr and LivDet-Iris Warsaw 2013, it seems time to retire them from use in iris PAD research. Datasets used in the recent LivDet-Iris competition (159) could be a better choice, or larger and more challenging new datasets, especially in light of experiments presented by Pinto et al. (103), which show that generalization capabilities of deep-learning based models to new presentation attack instruments is limited.

Textured-Contacts Attack In Visible-Light

We are aware of just one paper to date that looks at detection of textured contact lenses in visible-light images (158). Reasons contributing to the lack of works in this sub-category are: (1) greater difficulty of creating experimental datasets for studying contact-lens attacks compared to the relative simplicity of creating datasets to study print / display attacks, and (2) lack of any commercially viable application of visible-light iris recognition. Yadav et al. (158) created the Unconstrained Visible Contact Lens Iris (UVCLI) dataset, which contains visible-light images of 70 subjects with and without textured contact lenses, from two different acquisition sessions. They report a baseline identity verification experiment for indoor, same-session (!) iris images without contact lenses, which achieves an EER of just over 13%. This illustrates the challenge in obtaining acceptable accuracy with visible-light iris recognition. The EER when matching between a live enrollment and a contact-lens probe is generally around 40%. This illustrates the magnitude of the problem created by textured contacts. Experimenting with three algorithms originally developed for detecting textured contacts in near-IR images, they report a maximum CCR of about 83%. And, this accuracy is achieved with a train/test methodology that is not lens-type-disjoint. Lens-type-disjoint train and test partitions would likely result in significantly lower estimated accuracy.

Textured-Contacts Attack In Near-Infrared

Detection of textured contacts in near-IR images has seen more work than the sub-categories summarized above, namely (31; 34; 33; 32; 39; 48; 49; 47; 50; 54; 53; 55; 57; 68; 75; 83; 98; 109; 110; 126; 131; 139; 145; 155; 157; 163; 132; 125; 15). A number of early papers reported perfect or near-perfect accuracy in detecting textured contact lenses. However, these works generally had the same types of textured contacts in both the train and test data. Doyle and Bowyer (32) emphasized the importance of lens-type-disjoint train and testing methodology in order to obtain a more real-world estimate of error rates. Their results show that CCR on lens types not in the training data is generally much lower than for lens types in the training data, and that training on a larger variety of textured lens types improves generalization to unseen lens types.

Komulainen et al.  (75; 76) present a detailed analysis of using BSIF texture features to detect textured contact lenses. They use the Notre Dame ND CLD 2013 dataset and present cross-sensor results and leave-one-lens-type-out results. One conclusion from their study is that BSIF texture features outperform LBP features for this problem.

Clear contact lenses are generally thought to not degrade iris matching performance enough to be considered a presentation attack. Nevertheless, several groups have considered the problem of detecting clear contact lenses as well as detecting textured contact lenses: (34; 49; 131; 157; 132). Silva et al. train a CNN for the three-class problem of classifying iris images as having: (1) a textured contact lens, (2) a clear contact lens, or (3) no contact lens (131). Interestingly, they find that different numbers of convolutional layers are better for images acquired with different iris sensors, and they report that using versions of the images results in lower correct classification rate than using versions.

The hot current direction in this sub-category is to find methods that generalize well to unseen types of textured contact lenses and to images from different sensors. Experimental datasets that can support this line of research have been collected at multiple institutions and made available to other researchers, and been used in the LivDet-Iris competitions (159).

PAD for Targeted Synthesized Impersonations

Galbally et al. (46) describe an unusual approach to creating a presentation attack, and a method to detect such an attack. The attack assumes that an attacker obtains a copy of an iris code for someone they want to impersonate. Using the stolen iris code, the attacker synthesizes a (somewhat) realistic-looking iris texture image that, if segmented and coded by standard iris recognition algorithms, will result in an very similar iris code. Galbally et al. show that it is possible to synthesize iris images that can give iris codes that are close matches to the original stolen iris code. Note that the human visual perception of the original iris texture and the synthesized iris texture may be that they look very different. The attack simply needs for the code that results from the synthesized iris texture to be close to the code that results from the original iris texture. The authors also show that fake images created using this approach can be detected using an approach based on image quality features.

PAD for Image-Orientation Attacks

In Daugman-style iris recognition, difference in mutual rotation between the enrolled and probe samples may result in a false non-match. Because of this, rotating an iris image by 180 degrees allows for generating a second, distinct biometric reference for the same eye. Also, rotating a sensor by 180 degrees can be a way to conduct a concealment attack if one wants to evade recognition, or to create an alternative identity. (A few manufacturers implement hardware countermeasures against accidental rotation of a sensor333e.g., BMT-20 offered by CMITech:, or IriShield series offered by IriTech Inc.: Czajka et al. (25) propose and compare two approaches to detect the orientation of an iris image. The first one employs “hand-crafted” geometrical and intensity features classified by an SVM, while the second employs a CNN that learns an appropriate feature extraction and classification directly from the data. The SVM was able to correctly classify from 98.4% to 100% of left/right orientations, and from 94.4% to 98.5% of upright/upside-down orientations, depending on the sensor used. The CNN was better than the SVM when the same sensor was used in training and testing, and slightly worse in cross-sensor evaluations.


Raghavendra and Busch (107) propose a static-passive approach that could not be immediately fielded on current sensors. They consider print or display attack presentations, in which the fake image is on a flat surface. They approach PAD in visible-light images by analyzing the variation in focus in the depth images from a light field camera. A discrete wavelet transform analysis is used to estimate the difference in focus values. A dataset is collected representing 104 live irises, imaged with multiple cameras, and 104 fake images. The dataset is stated to be available to other researchers. Results indicate that an APCER between 0.5% - 2.5% can be achieved using the proposed approach, depending on the combination of camera for the authentic image and method of presenting the fake image.


More recently, Chen and Ross (15) proposed an interesting multi-task convolutional neural network-based approach that simultaneously performs iris localization and presentation attack detection. The authors obtained state-of-the-art performance when testing their solution on two public benchmarks: LivDet-Iris Warsaw 2015 and CASIA-Iris-Fake.

7.4. Static-Active PAD methods

A straightforward idea to extend Static-Active PAD methods is to use static features calculated for multiple images, and make a decision fusion. This approach is presented by Raja et al. (112) who applied Laplacian pyramid decomposition for multiple visible-light images acquired by a mobile device, and used them with an SVM classifier. The novel element of this work is the creation and evaluation of a (visible-light) video-based presentation attack. The attack video is assumed to come from playing back the enrolled iris video on a display and recording it from another mobile device.

Two other approaches are more common in this category: (1) multi-spectral image analysis, and (2) investigation of the selected three-dimensional properties of the eye.

Multi-spectral imaging

This approach assumes that multiple measurements of light reflected from the eye, for a small number (typically two) bands, will deliver features that can distinguish between bona fide and attack presentation. The proposed methods use either a few bands of near-infrared light (99; 100; 81), or a mixture of bands from both near-infrared and visible light (16; 143; 59).

Looking closer at these methods, Park and Kang (99; 100) propose to fuse images of the iris regions acquired for individual bands into a single intensity image used for matching. This provides an additional barrier against fake irises being able to produce a usable image, because the fused texture of the fake would likely not be able to match the fused texture of the real iris. Experimental results suggest that this approach appears to provide quite strong recognition of fake iris images. In turn, Lee et al. (81) propose a scheme based on the fact that the iris and the sclera reflect near-infrared light of 750 nm and 850 nm differently, and for most types of fake irises, such as a printout, the reflectance will not change significantly between the bands.

Thavalengal et al. (143) explore the use of a hybrid visible-light and near-infrared sensor on a smartphone for a two-stage PAD scheme. The visible-light and the near-IR images are used together to obtain multi-spectral features to classify a single frame as bona fide or attack presentation. Also, pupil characteristics are analyzed across a sequence of frames. Results of initial proof-of-concept experiments suggest that this two-stage approach can be highly effective. Hsieh et al. (59) propose a dual-band (near-infrared and visible-light) acquisition and apply ICA to separate the actual iris pattern and the texture printed on a contact lens. This allows for both presentation attack detection and also increase of the biometric recognition performance for eyes wearing textured contact lenses.

Estimation of three-dimensional features

The simplest approaches in this group check near-infrared reflections from the cornea and lens to check the basic three-dimensional properties of the eyeball. Lee et al. (80) propose to use an earlier Daugman’s and detect Purkinje reflections, i.e., specular reflections that occur at different boundaries in the eye: a) the outer and the inner boundaries of the cornea, and the outer and the inner boundaries of the lens. The PAD method proposed by Lee et al. acquires two images, in sequence, each with a different collimated near-infrared LED. One of these is used to acquire the distance from the sensor to the eye. This value is used to instantiate an eye model, and based on the eye model, windows in the image are defined to search for the Purkinje reflections. If the reflections are found in the predicated locations, then the iris image is accepted as coming from a bona fide presentation, otherwise the image is rejected as an attack. Pacut and Czajka (97; 27) assume the cornea to have a spherical shape and, due to its moistness, to generate specular reflections of NIR light. In their experiments, the sensor was extended with two supplementary sources of NIR light, placed equidistantly to the camera lens. They stimulated reflections from the cornea by switching on and off these additional NIR diodes in a predefined manner. For a bona fide presentation, the detected sequence of reflections should match the original sequence stimulating the NIR diodes. This simple method proved to be very effective for paper printouts, since the authors did report APCER=BPCER=0.

An estimation of more complicated 3D properties were proposed by Lee and Park (79), who used photometric stereo approach and multiple illuminants from different directions, to exploit the fact that the surface of a real, live iris is not flat and so will cast different shadows with illumination from different directions. This provides a means of detecting printed iris images and contact lens images, where the surface that provides the apparent texture does not also cast shadows. Experiments are performed with a dataset of 600 live iris images and 600 fake iris images, and an EER of 0.33% is reported.

Connell et al. (20) use a structured-light approach to classify the texture of the iris region as resulting from a live iris or a textured contact. The basic idea is that a light stripe projected onto the iris region appears more like a straight light for a live iris (or clear contact lens), and more like a curved line in the case of a textured contact. Hughes and Bowyer (61) present an approach to contact lens detection based on stereo imaging. They approach the problem as classifying the texture in the iris region as coming from a surface better approximated as planar (bona fide presentation) or spherical (contact lens attack presentation). These two approaches are able to cleanly separate the textured contact images from the others, however they requires custom imaging systems (light-stripe projection or stereo vision) to acquire images.

7.5. Dynamic-Passive PAD methods

Shaydyuk and Cleland (130) describe an experiment to use laser speckle contrast imaging as a means of liveness testing in retinal biometrics. Liveness testing is approached here as detecting blood flow in the retinal vasculature. This approach perhaps could in principle be used in iris imaging. However, typical retinal imaging is generally considered to be less user-friendly than typical iris images, and of course the imaging device for laser speckle contrast would be more complicated.

Villalobos-Castaldi and Suaste-Gómez (152) explore, for the first time to our knowledge, the use of pupillary oscillation as a biometric trait, which would naturally incorporate liveness detection. The key insight is that the the spontaneous pupillary oscillations (“hippus”) that all irises undergo can be unique to a particular eye to a degree that allows it to be used as a biometric. A custom imaging apparatus was used to record video sequences of about 5 seconds duration for each of 50 subjects. EER = 0.23% is reported. Even though it appears that the samples for a given person are “same session” samples, this is a promising result. However, the observation of hippus may be subject dependent and earlier studies (97) suggest its limited usefulness when applied to PAD.

Raja et al. (113) study PAD in the context of smartphone video. They create a dataset of video clips, of 2 to 4 seconds each, using two different smartphones. They manually process the video to obtain 30 frames without eye blinks. Attack clips are created by acquiring video of clips playing on an iPad. The PAD detection scheme consists of using Eulerian video magnification to analyze whether the video is of a live iris or a video playback on an electronic screen. They report that 100% correct classification as bona fide / attack presentation can be achieved with as few as 11 frames.

7.6. Dynamic-Active PAD methods

PAD ideas dominating in this subsection can be in general grouped into those employing conscious reactions to stimuli, and unconditioned responses.

Conscious reactions to stimuli

Adamiak et al. (2) use a gaze direction estimation algorithm to develop a challenge-response approach that could in principle be used for PAD. In their experiments, it is assumed that a marker to attract the subject’s gaze is displayed randomly at one of three locations on the display. They find that the “number of required presentations of a marker necessary for obtaining a T=95% level of confidence that a subject is actually following the marker equals 23.” This level of user interaction is probably too extensive for practical use in typical iris recognition scenarios. However, it is possible that different eye tracking technology could improve this approach, as proposed by Rigas and Komogortsev (118; 119). They use an eye-tracking approach to the problem of print attack detection. The basic insight for their approach is that the eye gaze direction as estimated for a live eye is different from that estimated for a fake (printed) iris. They suggest that, “due to the hardware similarities between eye tracking and iris capturing systems”, their approach could be used with iris recognition. They report achieving an EER in the range of 3-5% for print attack detection with about 7 seconds of eye-movement recording, and moderate increase in EER for recording times as short as one second. Additionally, Matthew (87) suggests to use similar eye tracking device, in addition to an iris acquisition sensor, to detect if a person looks at the designated area in case of coercion. This is the only approach proposed to detect coerced use of someone’s eye.

Unconditioned reflex

Komogortsev et al. (73; 74) discuss PAD in the context of eye movement biometrics. They do not deal specifically with iris texture or iris recognition, but their detailed model of the “oculomotor plant” may be relevant to some approaches to iris PAD.

The other ideas in this group use an obvious behaviour of the pupil, which constricts and dilates depending on visible-light stimulus. Park (101) describes an approach based on pupil dilation and the iris texture near the pupillary boundary. The sensor uses visible light to change pupil dilation and near-IR to acquire a low-dilation and a high-dilation image. The iris texture near the pupillary boundary is compared between the two images. Lack of a dilation change and lack of similarity in the texture comparison are indications of an attack. The approach was evaluated with real images representing print attack, artificial eye attack, and contact lens attack.

Kanematsu et al. (65) compare iris image brightness calculated in pre-defined regions of the iris stimulated by visible light. The average brightness is calculated in two angular iris sections before and after light stimuli, and the normalized difference between these quantities is used as a PAD score. The authors were able to recognize correctly all printed irises that were kept still, shaken, brought back and forward, or rotated during acquisition. Puhan et al. (104) propose an approach to detecting textured contact lenses by comparing the iris region texture before and after dilation induced by lighting change. However, the authors present no experimental evaluation on real images of subjects wearing textured contact lenses.

Huang et al. (60) propose to use two iris images acquired under varying illumination and thus with different pupil dilation ratio. The authors use two features calculated for a pair of iris images: a) Kullback-Leibler divergence measuring the difference between two sets of four small image patches selected within the iris annulus and b) ratio of iris and pupil diameters. The trained classifier was able to recognize static (attack presentation) and dynamic (bona fide presentation) objects with a CCR of 82.0%–99.7%, depending on the strength of the stimulus.

The presentation attack detection based on pupil dynamics has been first proposed by Pacut and Czajka (97; 27; 26). The authors applied a nonlinear pupil reaction model proposed earlier by Clynes and Kohn. Pupil size was measured for 4 seconds after stimulating the eye with visible light and the resulting time series was represented in the feature space defined by model parameters, identified for each measurement by a two-layer nonlinear perceptron. Static paper printouts were easily recognized by this method. Later Czajka extended this work to recognize time series representing odd or no pupil reactions, evaluated both negative and positive visible light stimuli, and used an SVM in classification (22; 23). He suggests that changes in pupil reaction, when a subject is acting under stress, potentially could be detected automatically without a need of voluntary actions. However, there are no experiments presenting viability of the above approach, mainly due to unfathomable data collection, and so the assumptions underlying the use of pupil dynamics for detection of coercion remain to be evaluated. Recently Czajka and Becker (24) applied also a few variants of recurrent neural networks to recognize correct pupil reaction, however neural models do not present a significant improvement over parametric models explored earlier by Czajka.

Thavalengal et al. (143) propose a two-stage PAD scheme that exploits a hybrid visible-light and near-IR sensor that is available for smartphones. Thus they have four wavebands to work with: blue, green, red and near-IR. A one-class classifier for multi-spectral features of live images is used in the first stage, and an analysis of pupil dynamics is used in the second stage. They find that analysis of the pupil dynamics is important in reducing the APCER in mannequin-based attacks from over 6% to 0%.

8. Competitions

Competitions use a benchmark dataset and a standardized evaluation protocol to estimate performance of algorithms developed by participants. The dataset is typically split into a training portion, used by competitors to develop their algorithm, and a sequestered testing portion, used by the organizers to make the final accuracy estimate. All of this allows for a more rational assessment of the current state-of-the-art than comparing accuracy numbers across different published papers. Table 2 summarizes four international iris liveness competitions organized to date.

The first iris PAD competition was LivDet-Iris 2013, organized by Clarkson University, University of Notre Dame, and Warsaw University of Technology (160). The competition attracted algorithm submissions from three other universities: Universidad Autonoma de Madrid, Università degli Studi di Napoli Federico II, and Universidade do Porto. The training data included images of both iris printouts and textured contact lenses. All iris printouts used in this competition were first used to successfully spoof a commercial iris recognition system, and hence the quality of printouts in LivDet 2013 was not accidental and represented real presentation attacks.

The first observation from LiveDet 2013 was that recognition of the fake images in the testing data was very hard, despite the relative simplicity of the attacks. The best algorithm, in terms of an average of APCER and BPCER, detected 88.07% of fake (printed) images while rejecting 5.23% of authentic irises. The same method detected 92.73% of textured contact lenses, while rejecting 29.67% of authentic irises. The second observation was that detection of textured contact lenses is more difficult than detection of printed iris images. One factor in explaining this is that the printed image reveals its artificial nature in the entire image, while textured contacts change only (a part of) the iris region.

The second iris PAD competition was organized in 2014 by INESC TEC and Universidade do Porto (127). This competition used images of irises printed on a paper and acquired by mobile device in visible light. There were six participants and the best algorithm was perfect in recognizing fake images and incorrectly rejected only 0.5% of authentic irises. This achievement dramatically differs from the results observed for the LivDet 2013 winner. However, there are two possible factors why the MobBIOfake dataset, used in this competition, resulted in such high accuracy. First, we read that the “ranking was updated after each new submission by evaluating the algorithms in the same randomly obtained subset of the test set composed by 200 images” (127). This means that the participants were able to observe the performance on a subset of testing data to increase the generalization capabilities of their submissions. Second, the authors did not report how the quality of the data was controlled, in terms of whether the fake images would be accepted for use by any commercial, visible-light iris recognition system operating on mobile devices. Consequently, the MobBIOfake dataset might not be challenging for the submitted algorithms.

LivDet-Iris 2015 (162), a continuation of LivDet-Iris 2013, was organized by Clarkson University and Warsaw University of Technology. The organizers extended their databases used in 2013 edition, which for 2015 included more than 8,000 images of paper printouts, more than 2,500 images of textured contact lenses, and more than 4,700 authentic samples. Four competitors obtained the training datasets and were evaluated on the sequestered testing data. The organizers did not break out their analysis by attack type, paper printouts versus printed contacts, and presented averaged results that suggest a significant improvement in accuracy since 2013. The best ACPER was 5.48%, versus 9.98% in LivDet-Iris 2013, and the best BPCER was 1.68%, versus 12.18% in LivDet-Iris 2013. It is important to note that the winning algorithm presented perfect classification on the LivDet-Iris Warsaw 2015 test partition. This suggests that this dataset should be retired from use as a benchmark.

The most recent edition of LiveDet-Iris is LivDet-Iris 2017 (159) was organized again by Clarkson University, Warsaw University of Technology, University of Notre Dame, and two new co-organizers: West Virginia University, and Indraprastha Institute of Information Technology, Delhi. This competition again used paper iris printouts and textured contact lenses as the types of attack, and introduced two novel elements to the evaluation protocol.

The first novel element was splitting the testing datasets, used by Clarkson, Warsaw and Notre Dame in evaluation of the submitted algorithms, into known and unknown partitions. The known partitions were composed of samples having similar properties to the images offered to the participants for development. In this case, “similar” means acquired by the same sensor and in a similar environment. In turn, the unknown partitions included samples having different properties from those in the known subsets. Typically, the organizers used different sensors and/or different materials to produce the unknown samples, and these were not revealed to the participants. IIITD/WVU was the only organizer who offered an unknown partition but not a known test partition. Warsaw was the only organizer who offered known and unknown samples for both authentic and fake irises.

The second novel element in LivDet-Iris 2017 was cross-dataset testing. The competitors were informed that their submissions would be evaluated on all the benchmarks (known and unknown partitions) and they were able to prepare multiple versions of their submissions. For instance, in same-dataset testing on Warsaw, the organizers used the submissions that were supposed to be prepared only for Warsaw benchmark. In turn, in cross-dataset testing on Warsaw, the organizers used the submissions that were prepared to perform well on an arbitrary dataset. That procedure was repeated for each benchmark. The organizers obtained three submissions. One used SVM on top of the SID, the second was based on CNN, and the underlying concepts of the third method, submitted by an anonymous participant, have not been revealed. The winning solution achieved APCER=0.55% and BPCER=2.23% on known partition (averaged over all three datasets offering known samples), and APCER=23.8% and BPCER=3.36% on unknown partition (averaged over all four datasets offering unknown samples). In cross-dataset testing, the same winning solution presented APCER=14.71% and BPCER=3.36%. These results clearly suggest that generalization to unknown samples is far more difficult than recognizing attacks of known properties. Despite the relative simplicity of the fake samples used in LivDet-Iris 2017, they are still very challenging when either the brand of the contact lenses, printer resolution, or sensor used in acquisition is unknown.

Yambay and Schuckers have recently prepared a concise summary of all editions of LivDet-Iris competitions (161).

9. Evaluation of Presentation Attack Detection methods

Evaluation of the PAD effectiveness fundamentally differs from a statistical evaluation of biometric system performance. ISO/IEC 30107-3:2017 lists five dimensions that differentiate these two assessments. First, it is virtually impossible to get a representative number of samples of a given presentation attack instrument due to indeterminate ways the attacker can prepare them. This means that methods used to evaluate biometric recognition will not provide good statistical estimates that would generalize well to other databases. For instance, Sequeira et al. (128) consider the traditional classification approach, in which the assumption is made that both authentic and fake samples represent well bona fide and attack classes, as a “One-attack” methodology. They suggest alternative classification approaches such as the “Unseen-Attack”, in which a binary model is evaluated with samples representing unknown type of attack and not present in the training step. They also propose a “Single-Class”, in which a one-class classifier is trained only with the authentic samples and evaluated with both authentic and fake samples.

Second, the evaluation results are application dependent and thus hard to compare. Third, the PAD evaluation always includes non-cooperative subjects, and the ways they interact with a system are impossible to be generalized to other potential attackers. Consequently, the same evaluation protocol may end up with different results depending on subjects used in testing or data preparation. Fourth, the PAD data collected by one biometric system may be insufficient to predict the performance of another system, due to proprietary sensors acquiring PAD signals. And fifth, the same-quality samples presented by testers having different skills may result in large differences in the estimated performance. It may happen that bad-quality samples in hands of a skilled attacker may be more effective than high-quality artifacts presented to the sensor by a novice. Consequently, ISO/IEC 30107-3:2017 provides the following recommendations: a) presentation attack instrument types shall be tested separately, b) acknowledge that a given presentation attack instrument is successful if at least one successful attack was observed, c) when the error rates are calculated, such as APCER or BPCER, the details about a given PAD mechanism, the presentation attack instrument types, the application, the test approach, and the tester’s skills should be provided.

There also is a need to address a common pitfall related to use of a biased data in PAD training and evaluation. The data will be biased when samples have additional cues for being classified as authentic or fake that are correlated with the true class labels, however not related to the presentation attack type. One example is use one camera settings to acquire authentic samples, and different settings to acquire PA samples. Such heterogeneous setups may result, for instance, from deactivation of PAD mechanisms in commercial sensors to acquire fake samples. Another example could be different ratio of males and females in authentic and fake classes. Since there is much higher probability of observing mascara for women than for men, some cosmetics-related properties of an image (e.g., darker eyelashes) can be linked by the classifier with the state of being authentic of fake. Biased data will especially influence the data-driven approaches, such as those based on deep-learning, since we have limited control of what kind of features these structures derive from samples to perform a classification. Consequently, we propose to add the following dimension to be considered in PAD evaluation protocol, apart from the three recommended by ISO/IEC 30107-3:2017: the countermeasures to avoid bias in the evaluation, and estimation of the potentially remaining bias in the data should be provided along with the PAD evaluation results.

10. Steps Toward Improved Iris PAD

Successful presentation attacks in iris recognition have been observed for almost two decades now. Despite a huge effort by both research and industry to develop effective countermeasures, this survey shows that there is still a significant gap between the actual reliability of current PAD methods and the hoped-for reliability. This section proposes a few ideas to push the effectiveness of iris PAD forward.

Generalization to unknown presentation attacks

One important limitation of current iris PAD methods is their limited generalization onto unknown presentation attack types. This can be clearly observed when analyzing the LivDet-Iris 2017 results (159) and the work (128) that demonstrates the faults in the evaluation of the performance of the PAD methods by using models trained and tested with a single presentation attack instrument species. The LivDet-Iris 2017 winning algorithm accepted, on average, 14.71% of unknown artifacts used in the competition, and for the most challenging of the LivDet 2017 datasets (IIITD/WVU), the false acceptance of fake samples by the same winning algorithm was almost 30%! Open-set classification and anomaly detection are two research areas that may bring new PAD solutions to the table. This generalization requirement is explicitly articulated in one of the biggest PAD-related research efforts worldwide, i.e., the IARPA’s Odin program444; last accessed March 21, 2018. The goal of the Odin project is to use PAD to identify both known and unknown presentation attacks.

Open-source iris PAD methods

There are various open-source initiatives, such as OpenCV in computer vision, that effectively collect contemporary solutions and global knowledge in the field as ready-to-use software tools. To our knowledge, there are no such initiatives for iris PAD; we do not know of even a single well-documented iris PAD algorithm that is available to the research community as open source. Therefore, one idea is to create a repository of open-source iris PAD methods that can be tested and continuously updated by volunteers working in the iris PAD area. These methods could then serve as baselines for various PAD evaluations.

Seamless exchange of iris PAD databases

Attackers are typically one step ahead of our PAD proposals, due to informal, and hence probably effective, exchange of skills and conclusions among them. It thus seems that the efforts towards making the PAD databases more versatile and more accessible to the research institutions might get us closer to PAD solutions capable to counteract up-to-date attacks. One possible idea is to create a well-maintained, cross-national, free-to-access, repository of links to iris PAD databases. This repository would gather contact details for the data distributors, distribution rules, declared reaction times (from an execution of the license agreement to getting a copy of to the data), and current performance achieved on a given dataset. This would promote the existing PAD-related data, and enable the community to “retire” some datasets as no longer challenging.

Trusted and accessible platform for PAD evaluation

The only current iris PAD evaluation initiative known to us is the LivDet-Iris series (160; 162; 159). We are not aware of any platforms specifically prepared to offer ongoing, asynchronous evaluation of iris PAD algorithms, as for instance FVC-onGoing – a platform for an on-line evaluation of fingerprint recognition algorithms555; last accessed March 21, 2018. The usage of open-science platforms such as BEAT, proposed by Anjos et al. (8) as a part of the BEAT European Project, should facilitate these efforts.

11. Suggested reading

For those wanting to begin a deeper dive into PAD for iris, we suggest a list of six readings. These readings are quite different from each other. The purpose is to help to establish a firm foundation and boundaries for better understanding of the big picture of iris PAD research.

Current state-of-the-art experimental competition

Yambay et al. (159) discuss the results of the iris “LivDet-Iris 2017” competition. At the time that this this survey is written, LivDet-Iris 2017 is the most recent rigorous evaluation of iris PAD techniques, and Yambay et al. (159) is suggested reading for that reason. The LivDet-Iris 2017 competition deals with the current two main types of attack – images of printed iris images and images of persons wearing textured contact lenses. It also deals with the current important theme of real-world testing data being different in some respect from the training data. As you read this paper, keep in mind that LivDet-Iris competitions have so far happened every other year, and the standards for rigorous evaluation are rapidly evolving, and so this paper may be quickly superseded by more recent work.

What if your biometric is stolen? Revocable biometrics

Often in the popular press, and still on occasion in the research literature, there will be a comment about one danger of biometrics being that if you biometric is stolen, it is compromised forever. This is simply misinformation born out of a lack of knowledge about the field. First, the presentation of printed irises, passively displayed on e-reader, with a goal to impersonate us can be detected by most of the methods presented in this survey. Second, the study of “template protection”, “cancelable” or “revocable” biometrics goes back about two decades. There is a rich literature on the subject, for instance (63; 117), and at least one major iris recognition company has been using a revocable biometric scheme for a number of years. The review by Patel et al. (102) is recommended reading for an overview of this important topic.

Standard terminology

We mentioned earlier that terminology has historically been used inconsistently in this area. In this context, it is worth pointing out that there is a relevant ISO standard (ISO/IEC 30107-1:2016). Reading the standard, while possibly a chore, is good for giving a precise definition to many important fundamental concepts for iris PAD, and should move the field toward more consistent use of terminology in the future.

Early liveness ideas by John Daugman

Some familiarity with the history of iris recognition helps to have a mature perspective. In this regard, it is recommended to return to the beginning and read Daugman’s iris recognition patent (29). There we see that the two main categories of presentation attack were already envisioned - “One obvious method for trying to defeat an identification system based on iris patterns would be to present to the videocamera a photograph of another person’s eye, or even to wear contact lenses imprinted with the image of an authorized iris.” Later, Daugman proposed a few ideas that became a basis of some current effective PAD methods (30). In particular, we see that both the idea of looking for spontaneous and stimulated pupil size variations are anticipated here as indications of iris liveness: “one obvious method is to track the ratio of pupil diameter to iris diameter, either when light levels are changing, or even under steady illumination.” Simpler approaches, such as detecting correct placement of specular reflections, or finding anomalies in Fourier spectrum, were also mentioned by Daugman 18 years ago.

Reverse engineering a matching iris pattern

Galbally et al. (46) describe their approach to reverse-engineering an image that can generate a match to a targeted enrollment. This paper is recommended because it discusses a type of attack that is very different from the print attacks and contact lens attacks that dominate the iris PAD literature. It should give a better appreciation of the need for a systems-level approach to designing against presentation attacks.

Hollywood’s favorite spoof: “cold irises”

You may recall a favorite movie in which a character used an eyeball extracted from a body to carry out an impersonation attack on a biometric system; Tom Cruise in Minority Report, Loki in The Avengers, …. There is a small amount of research published on the feasibility of iris recognition to verify the identity of a deceased person. Understandably, this is a difficult area in which to carry out experimental research. For those interested in this topic, the paper by Trokielewicz et al. (149) is a good starting point.

Research group(s) Benchmark name Type Wavelength Sensor(s) Spatial or temporal # Distinct irises # Samples Train/test
[paper] [www link] of samples range used resolution live fake1 live fake total split
Clarkson Univ., USA LivDet-Iris Clarkson 2013 (160) CL NIR DA N/R 64 N/A N/R N/R N/R yes
LivDet-Iris Clarkson 2015 LG (162) PP, CL NIR L2 px 90 N/A 828 2,898 3,726 yes
LivDet-Iris Clarkson 2015 Dalsa (162) PP, CL NIR DA N/R N/R N/A 1,078 3,177 4,255 yes
LivDet-Iris Clarkson 20172    (159) PP, CL NIR L2, DA, IP px3 50 N/A 3,954 4,141 8,095 yes
Indraprastha Inst. IIITD-WVU4    (159)(62) CL, PP NIR C, V, IS, HP, KM irregular5 N/R N/A 2,952 4,507 7,459 yes
of Information IIITD Contact Lens Iris (68) (62) CL NIR C, V px 202 N/A N/R N/R 6,570 yes
Technology Delhi, IN IIITD Iris Spoofing6    (52) PP NIR C, V, HP px7 202 N/R 0 4,848 4,848 no
IIITD Combined Spoofing PP, CL, SY NIR C, V, HP px 1,744 20008 9,325 11,368 20,693 no
Database9    (69) (62)
UVCLI10    (158) CL VIS CN6 N/R 70 N/A 1,877 1,925 3,802 no
Univ. of Notre Dame, USA ND CCL 2012 (34) CL NIR L4 px 270 N/A 2,800 1,400 4,200 yes
ND CLD 2013 (33) CL NIR A, L4 px 330 N/A 3,400 1,700 5,100 yes
ND CLD 2015 (32) CL NIR A, L4 px 556 N/A 4,800 2,500 7,300 yes
Universidad Autónoma ATVS-FIr (44) PP NIR L3 px 100 100 800 800 1,600 yes
de Madrid, ES
Warsaw Univ. LivDet-Iris Warsaw 2013 (21) (153) PP NIR A px 284 276 852 815 1,667 yes
of Technology, PL LivDet-Iris Warsaw 201511    (162) (153) PP NIR A px 384 376 2,854 4,705 7,559 yes
LivDet-Iris Warsaw 201712    (159) (153) PP NIR A, P px 457 446 5,168 6,845 12,013 yes
Pupil-Dynamics v1.013    (22) (153) PD NIR P 25 Hz 52 0 204 0 204 no
Post-Mortem-Iris v1.0 (149) (153) PM NIR IS px 0 34 0 480 480 no
PM VIS TG3 4,608 3,456 px 0 34 0 850 850 no
Texas State Univ., USA EMBD v2 (58) EM NIR TX, EL, PS 75, 300 and 1,000 Hz 227 0 1,808 0 1,808 no
ETPAD v1 (118) (71) EM, PP NIR EL, BM 1,000 Hz, px 100 100 400 800 1,200 no
ETPAD v2 (72) EM, PP NIR EL, BM 1,000 Hz, px 200 200 800 800 1,600 no
Chinese Academy CASIA-Iris-Syn V4 (156) (17) SY N/A N/A px 0 1,000 0 10,000 10,000 no
of Sciences Int. CASIA-Iris-Fake (139) PP, CL, NIR H px 1,000 815 6,000 4,120 10,240 no
of Automation, CN PE, SY
West Virginia Univ., USA Synthetic Iris Textured Based (129) (18) SY N/A N/A N/R 0 1,000 0 7,000 7,000 no
Synthetic Iris Model Based (164) (19) SY N/A N/A N/R 0 10,000 0 160,000 160,000 no
Columbia Univ., USA CAVE (135) (134) EG VIS CN3 5,184 3,456 px 56 0 5,880 0 5,880 no
Gjøvik University PAVID (112) (93) RA VIS IP, NL N/R 152 152 608 608 1,216 no
College, NO GUC-LF-VIAr-DB (107) (91) PP, RA VIS LY, CN5 N/R 104 104 4,847 7,607 12,454 no
VSIA (108) (92) PP, RA VIS CN5 N/R 110 110 550 2,750 3,300 no
VISSIV (113) (90) RA VIS NL, IP N/R 62 62 248 248 496 yes
Griffith University, AU (no name) (28) RA VIS NK 3,264 2,448 px 50 50 500 500 1,000 yes
Indian Statistical Institute, IN
University of Las Palmas
de Gran Canaria, ES
INESC TEC, PT and MobBIOfake (125) PP VIS AT px 800 800 1,600 no
Universidade Federal px 100 100
de São Paulo, BR
Univ. of Rome, IT MICHE-I (85) (11) PP VIS GS, IP, GT 2,322 4,128 px, 184 40 3,652 80 3,732 no
Univ. of Salerno, IT 1,536 2,048 px and
Univ. of Naples Federico II, IT px
George Mason Univ., USA
  • Notes:

  • N/A = not applicable, N/R = not reported

  • number of distinct patterns representing different subjects

  • superset of the LivDet-Iris Clarkson 2015

  • unknown for Dalsa sensor

  • includes IIIT-Delhi CLI and IIITD IS samples

  • prevailing resolution is px

  • subset of live samples from the IIIT-Delhi CLI has been used

  • unknown for “print+scan” samples (prepared with HP scanner)

  • known only for synthetic irises

  • includes IIIT-Delhi CLI and IIITD IS databases

  • database not available at the time of writing this paper

  • superset of the LivDet-Iris Warsaw 2013

  • superset of the LivDet-Iris Warsaw 2015

  • iris segmentation results are made publicly available

Table 1. Technical properties of datasets used in development of iris PAD methods. Abbreviations are explained on p. 2.
Competition name Organizers Type Wavelength Type Number Best performance (%)1 Algorithm
of fakes of evaluation of submissions BPCER APCER name
LivDet-Iris 2013 (160) Clarkson Univ., USA PP, CL NIR known fake / authentic type 3 28.56 5.72 Federico
Warsaw Univ. of Technology, PL
Univ. of Notre Dame, USA
LivDet-Iris 2015 (162) Clarkson Univ., USA PP, CL NIR known fake / authentic type 4 1.68 5.48 Federico
Warsaw Univ. of Technology, PL
LivDet-Iris 2017 (159) Clarkson Univ., USA PP, CL NIR known fake / authentic type 3 0.59 0.94 UNINA
Warsaw Univ. of Technology, PL unknown fake / authentic type 3 23.80 3.64 anonymous
Univ. of Notre Dame, USA cross-sensor 3 3.36 14.71 anonymous
West Virginia Univ., USA
IIITD Delhi, India
MobILive 2014 (127) INESC TEC, PT PP VIS known fake / authentic type 6 0.5 0.0 IIT Indore
Univ. of Porto, PT
  • Notes:

  • based on average of APCER and BPCER calculated on all datasets in a given evaluation category

  • Explanation of abbreviations used in the tables 1 and 2

  • Type of samples:

  • PP – live + paper printouts; CL – live + textured contact lenses; PE – live + prosthetic eyes; SY – live + synthetic irises;

  • RA – live + replay attack; PD – pupil dynamics; EM – eye movement tracking; EG – eye gaze video; PM – post-mortem (cadaver) iris

  • Wavelength:

  • NIR – Near-Infrared light; VIS – visible light

  • Sensor(s) used:

  • Commercial iris recognition sensors:

  • A – IrisGuard AD100

  • H – IrisGuard H100

  • C – Cogent CIS 202

  • L2 – LG 2200

  • L3 – LG Iris Access EOU3000

  • L4 – LG 4000

  • V – Vista Imaging VistaFA2E

  • BM – CMTech BMT-20

  • IS – IriTech IriShield M2120U

  • Commercial eye trackers:

  • TX – Tobi TX300 binocular eye tracker (300 Hz)

  • EL – EyeLink 1000 monocular eye tracker (1000 Hz)

  • Prototype iris recognition sensors:

  • P – Aritech ARX-3M3C (SONY EX-View CCD), Fujinon DV10X7.5A-SA2, B+W 092 NIR filter

  • P – DMK 4002-IR (SONY ICX249AL CCD), B+W 092 NIR filter

  • Non-biometric (general-purpose) equipment:

  • LY – Lytro Light Field Camera

  • IP – iPhone 5S

  • NL – Nokia Lumia 1020

  • GS – Galaxy Samsung IV

  • GT – Galaxy Tablet II

  • DA – Dalsa (unknown model)

  • CN3 – Canon EOS Rebel T3i with EF-S 18-135 mm IS f/3.5-5.6 zoom lens

  • CN5 – Canon 550 D

  • CN6 – Canon 60 D

  • NK – Nikon D 800 with 20-300 mm lens

  • PS – PlayStation eye camera (75 Hz)

  • AT – back 8MP camera in Asus Transformer Pad TF 300T

  • HP – HP flatbed optical scanner

  • KM – Konica Minolta Bizhub C454E

  • TG3 – Olympus TG-3

Table 2. Summary of iris presentation attack detection competitions open to the public.


  • (1)
  • Adamiak et al. (2015) Krzysztof Adamiak, Dominik Żurek, and Krzysztof Ślot. 2015. Liveness detection in remote biometrics based on gaze direction estimation. In Federated Conference on Computer Science and Information Systems (FedCSIS). IEEE, Łódź, Poland, 225–230.
  • Akhtar et al. (2014a) Zahid Akhtar, Christian Michelon, and Gian Luca Foresti. 2014a. Liveness detection for biometric authentication in mobile applications. In IEEE Int. Carnahan Conference on Security Technology (ICCST). IEEE, Rome, Italy, 1–6.
  • Akhtar et al. (2015) Zahid Akhtar, Christian Micheloni, and Gian Luca Foresti. 2015. Biometric Liveness Detection: Challenges and Research Opportunities. IEEE Security Privacy 13, 5 (Sept 2015), 63–72.
  • Akhtar et al. (2014b) Zahid Akhtar, Christian Micheloni, Claudio Piciarelli, and Gian Luca Foresti. 2014b. MoBio_LivDet: Mobile biometric liveness detection. In IEEE Int. Conference on Advanced Video and Signal Based Surveillance (AVSS). IEEE, Seoul, South Korea, 187–192.
  • Al-Raisi and Al-Khouri (2008) Ahmad N. Al-Raisi and Ali M. Al-Khouri. 2008. Iris recognition and the challenge of homeland and border control security in UAE. Telematics and Informatics 25, 2 (2008), 117 – 132.
  • Alonso-Fernandez and Bigün (2014) Fernando Alonso-Fernandez and Josef Bigün. 2014. Exploiting periocular and RGB information in fake iris detection. In Int. Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO). IEEE, Opatija, Croatia, 1354–1359.
  • Anjos et al. (2017) André Anjos, Laurent El-Shafey, and Sébastien Marcel. 2017. BEAT: An Open-Source Web-Based Open-Science Platform. (2017). arXiv:cs.SE/1704.02319. Retrieved from
  • Baker et al. (2009) Sarah E. Baker, Amanda Hentz, Kevin W. Bowyer, and Patrick J. Flynn. 2009. Contact lenses: Handle with care for iris recognition. In IEEE Int. Conference on Biometrics: Theory Applications and Systems (BTAS). IEEE, Washington, DC, USA, 1–8.
  • Bhogal et al. (2017) Amrit Pal Singh Bhogal, Dominik Söllinger, Pauline Trung, and Andreas Uhl. 2017. Non-reference image quality assessment for biometric presentation attack detection. In Int. Workshop on Biometrics and Forensics. IEEE, Coventry, UK, 1–6.
  • BIPLab – Biometric and Image Processing Lab, University of Salerno (2014) BIPLab – Biometric and Image Processing Lab, University of Salerno. 2014. Mobile Iris CHallenge Evaluation I (MICHE-I) Database. (March 2014). Retrieved Retrieved August 8, 2017 from
  • Bolme et al. (2016) David S. Bolme, Ryan A. Tokola, Chris B. Boehnen, Tiffany B. Saul, Kelly A. Sauerwein, and Dawnie Wolfe Steadman. 2016. Impact of environmental factors on biometric matching during human decomposition. In IEEE Int. Conference on Biometrics: Theory Applications and Systems (BTAS). IEEE, Niagara Falls, NY, USA, 1–8.
  • Boser et al. (1992) Bernhard E. Boser, Isabelle M. Guyon, and Vladimir N. Vapnik. 1992. A Training Algorithm for Optimal Margin Classifiers. In Proceedings of the Fifth Annual Workshop on Computational Learning Theory (COLT’92). ACM, New York, NY, USA, 144–152.
  • Bowyer and Doyle (2014) Kevin W. Bowyer and James S. Doyle. 2014. Cosmetic Contact Lenses and Iris Recognition Spoofing. IEEE Computer 47, 5 (May 2014), 96–98.
  • Chen and Ross (2018) Cunjian Chen and Arun Ross. 2018. A Multi-task Convolutional Neural Network for Joint Iris Detection and Presentation Attack Detection. In IEEE Winter Conference on Applications of Computer Vision (WACV). 44–51.
  • Chen et al. (2012) Rui Chen, Xirong Lin, and Tianhuai Ding. 2012. Liveness detection for iris recognition using multispectral images. Pattern Recognition Letters 33, 12 (2012), 1513 – 1519.
  • Chinese Academy of Sciences (2004) Chinese Academy of Sciences. 2004. CASIA-Iris-Syn v4. (2004). Retrieved March 21, 2018 from
  • CITeR (2006) CITeR. 2006. Synthetic Iris Textured Based. (2006). Retrieved March 21, 2018 from
  • CITeR (2007) CITeR. 2007. Synthetic Iris Model Based. (2007). Retrieved March 21, 2018 from
  • Connell et al. (2013) Jonathan Connell, Nalini Ratha, James Gentile, and Ruud Bolle. 2013. Fake iris detection using structured light. In IEEE Int. Conference on Acoustics, Speech and Signal Processing. IEEE, Vancouver, BC, Canada, 8692–8696.
  • Czajka (2013) Adam Czajka. 2013. Database of iris printouts and its application: Development of liveness detection method for iris recognition. In IEEE Int. Conference on Methods and Models in Automation and Robotics (MMAR). IEEE, Miȩdzyzdroje, Poland, 28–33.
  • Czajka (2015) Adam Czajka. 2015. Pupil Dynamics for Iris Liveness Detection. IEEE Trans. Inf. Forens. Security 10, 4 (April 2015), 726–735.
  • Czajka (2016) Adam Czajka. 2016. Iris Liveness Detection by Modeling Dynamic Pupil Features. In Handbook of Iris Recognition, Kevin W. Bowyer and Mark J. Burge (Eds.). Springer London, London, 439–467.
  • Czajka and Becker (2018) Adam Czajka and Benedict Becker. 2018. Application of Dynamic Features of the Pupil for Iris Presentation Attack Detection. In Handbook of Biometric Anti-Spoofing (2nd Edition, to appear), Sébastien Marcel, Mark Nixon, Julian Fierrez, and Nicholas Evans (Eds.). Springer International Publishing AG, 1–17.
  • Czajka et al. (2017) Adam Czajka, Kevin W. Bowyer, Michael Krumdick, and Rosaura G. VidalMata. 2017. Recognition of image-orientation-based iris spoofing. IEEE Trans. Inf. Forens. Security PP, 99 (2017), 1–1.
  • Czajka et al. (2011) Adam Czajka, Andrzej Pacut, and Marcin Chochowski. 2011. Method of eye aliveness testing and device for eye aliveness testing, United States Patent, US 8,061,842. (2011).
  • Czajka et al. (2007) Adam Czajka, Przemek Strzelczyk, and Andrzej Pacut. 2007. Making iris recognition more reliable and spoof resistant. SPIE Newsroom (June 2007).
  • Das et al. (2016) Abhijit Das, Umapada Pal, Miguel Angel Ferrer, and Michael Blumenstein. 2016. A framework for liveness detection for direct attacks in the visible spectrum for multimodal ocular biometrics. Pattern Recognition Letters 82 (2016), 232 – 241. An insight on eye biometrics.
  • Daugman (1994) John Daugman. 1994. Biometric personal identification system based on iris analysis, United States Patent, US 5,291,560. (11 July 1994).
  • Daugman (2000) John Daugman. 2000. Wavelet Demodulation Codes, Statistical Independence, and Pattern Recognition. In Institute of Mathematics and its Applications, Proc. 2nd IMA-IP. IMA, Horwood, London, UK, 244–260.
  • Daugman (2003) John Daugman. 2003. Demodulation By Complex-Valued Wavelets For Stochastic Pattern Recognition. Int. Journal of Wavelets, Multi-resolution and Information Processing 1 (2003), 1–17.
  • Doyle and Bowyer (2015) James S. Doyle and Kevin W. Bowyer. 2015. Robust Detection of Textured Contact Lenses in Iris Recognition Using BSIF. IEEE Access 3 (2015), 1672–1683.
  • Doyle et al. (2013a) James S. Doyle, Kevin W. Bowyer, and Patrick J. Flynn. 2013a. Variation in accuracy of textured contact lens detection based on sensor and lens pattern. In IEEE Int. Conference on Biometrics: Theory Applications and Systems (BTAS). IEEE, Arlington, VA, USA, 1–7.
  • Doyle et al. (2013b) James S. Doyle, Patrick J. Flynn, and Kevin W. Bowyer. 2013b. Automated classification of contact lens type in iris images. In 2013 International Conference on Biometrics (ICB). IEEE, Madrid, Spain, 1–6.
  • Drozdowski et al. (2017) Pawel Drozdowski, Christian Rathgeb, and Christoph Busch. 2017. Sic-Gen: A Synthetic Iris-Code Generator. In Int. Conference of the Biometrics Special Interest Group (BIOSIG). IEEE, Darmstadt, Germany, 1–6.
  • Dunstone and Poulton (2011) Ted Dunstone and Geoff Poulton. 2011. Vulnerability assessment. Biometric Technology Today 2011 (May 2011), 5–7. Issue 5.
  • E.Baker et al. (2010) Sarah E.Baker, Amanda Hentz, Kevin W.Bowyer, and Patrick J.Flynn. 2010. Degradation of Iris Recognition Performance Due to Non-Cosmetic Prescription Contact Lenses. Computer Vision and Image Understanding 114, 9 (September 2010), 1030–1044.
  • Fathy and Ali (2017) Waleed S.-A. Fathy and Hanaa S. Ali. 2017. Entropy with Local Binary Patterns for Efficient Iris Liveness Detection. Wireless Personal Communications (04 Dec 2017), 1–14.
  • Fathy et al. (2017) Waleed S-A. Fathy, Hanaa S. Ali, and Imbaby I. Mahmoud. 2017. Statistical representation for iris anti-spoofing using wavelet-based feature extraction and selection algorithms. In National Radio Science Conference (NRSC). IEEE, Alexandria, Egypt, 221–229.
  • Galbally et al. (2007) Javier Galbally, Julian Fierrez, and Javier Ortega-Garcia. 2007. Vulnerabilities in Biometric Systems: Attacks and Recent Advances in Liveness Detection. In Spanish Workshop on Biometrics (SWB). Springer, Girona, Spain, 1–8.
  • Galbally and Gomez-Barrero (2016) Javier Galbally and Marta Gomez-Barrero. 2016. A review of iris anti-spoofing. In Int. Conference on Biometrics and Forensics (IWBF). IEEE, Limassol, Cyprus, 1–6.
  • Galbally and Gomez-Barrero (2017) Javier Galbally and Marta Gomez-Barrero. 2017. Presentation Attack Detection in Iris Recognition. In Iris and Periocular Biometric Recognition, Christian Rathgeb and Christoph Busch (Eds.). IET, London, UK, Chapter 11, 235–263.
  • Galbally et al. (2014) Javier Galbally, Sebastien Marcel, and Julian Fierrez. 2014. Image Quality Assessment for Fake Biometric Detection: Application to Iris, Fingerprint, and Face Recognition. IEEE Trans. Image Process. 23, 2 (February 2014), 710–724.
  • Galbally et al. (2012) Javier Galbally, Jaime Ortiz-Lopez, Julian Fierrez, and Javier Ortega-Garcia. 2012. Iris liveness detection based on quality related features. In 2012 5th IAPR International Conference on Biometrics (ICB). IEEE, New Delhi, India, 271–276.
  • Galbally et al. (2013) Javier Galbally, Arun Ross, Marta Gomez-Barrero, Julian Fierrez, and Javier Ortega-Garcia. 2013. Iris image reconstruction from binary templates: An efficient probabilistic approach based on genetic algorithms. Computer Vision and Image Understanding 117, 10 (2013), 1512 – 1525.
  • Galbally et al. (2016) Javier Galbally, Marios Savvides, Shreyas Venugopalan, and Arun A. Ross. 2016. Iris Image Reconstruction from Binary Templates. In Handbook of Iris Recognition, Kevin W. Bowyer and Mark J. Burge (Eds.). Springer London, London, 469–496.
  • Gragnaniello et al. (2014) Diego Gragnaniello, Giovanni Poggi, Carlo Sansone, and Luisa Verdoliva. 2014. Contact Lens Detection and Classification in Iris Images through Scale Invariant Descriptor. In Int. Conference on Signal-Image Technology Internet-Based Systems (SITIS). IEEE, Marrakech, Morocco, 560–565.
  • Gragnaniello et al. (2015a) Diego Gragnaniello, Giovanni Poggi, Carlo Sansone, and Luisa Verdoliva. 2015a. An Investigation of Local Descriptors for Biometric Spoofing Detection. IEEE Trans. Inf. Forens. Security 10, 4 (April 2015), 849–863.
  • Gragnaniello et al. (2016a) Diego Gragnaniello, Giovanni Poggi, Carlo Sansone, and Luisa Verdoliva. 2016a. Using iris and sclera for detection and classification of contact lenses. Pattern Recognition Letters 82 (2016), 251 – 257. An insight on eye biometrics.
  • Gragnaniello et al. (2016b) Diego Gragnaniello, Carlo Sansone, Giovanni Poggi, and Luisa Verdoliva. 2016b. Biometric Spoofing Detection by a Domain-Aware Convolutional Neural Network. In Int. Conference on Signal-Image Technology Internet-Based Systems (SITIS). IEEE, Naples, Italy, 193–198.
  • Gragnaniello et al. (2015b) Diego Gragnaniello, Carlo Sansone, and Luisa Verdoliva. 2015b. Iris liveness detection for mobile devices based on local descriptors. Pattern Recognition Letters 57 (2015), 81 – 87. Mobile Iris {CHallenge} Evaluation part I (MICHE I).
  • Gupta et al. (2014) Priyanshu Gupta, Shipra Behera, Mayank Vatsa, and Richa Singh. 2014. On Iris Spoofing Using Print Attack. In Int. Conference on Pattern Recognition (ICPR). IEEE, Stockholm, Sweden, 1681–1686.
  • He et al. (2016) Lingxiao He, Haiqing Li, Fei Liu, Nianfeng Liu, Zhenan Sun, and Zhaofeng He. 2016. Multi-patch convolution neural network for iris liveness detection. In 2016 IEEE 8th International Conference on Biometrics Theory, Applications and Systems (BTAS). IEEE, Niagara Falls, NY, USA, 1–7.
  • He et al. (2007) Xiaofu He, Shujuan An, and Pengfei Shi. 2007. Statistical Texture Analysis-Based Approach for Fake Iris Detection Using Support Vector Machines. In Advances in Biometrics: International Conference, ICB 2007, Seoul, Korea, August 27-29, 2007. Proceedings, Seong-Whan Lee and Stan Z. Li (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 540–546.
  • He et al. (2008) Xiaofu He, Yue Lu, and Pengfei Shi. 2008. A Fake Iris Detection Method Based on FFT and Quality Assessment. In Chinese Conference on Pattern Recognition. IEEE, Beijing, China, 1–4.
  • He et al. (2009a) Xiaofu He, Yue Lu, and Pengfei Shi. 2009a. A New Fake Iris Detection Method. In IEEE Int. Conference on Biometrics (ICB), Massimo Tistarelli and Mark S. Nixon (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 1132–1139.
  • He et al. (2009b) Zhaofeng He, Zhenan Sun, Tieniu Tan, and Zhuoshi Wei. 2009b. Efficient Iris Spoof Detection via Boosted Local Binary Patterns. In IEEE Int. Conference on Biometrics (ICB), Massimo Tistarelli and Mark S. Nixon (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 1080–1090.
  • Holland and Komogortsev (2013) Corey D. Holland and Oleg V. Komogortsev. 2013. Complex Eye Movement Pattern Biometrics: The Effects of Environment and Stimulus. IEEE Transactions on Information Forensics and Security 8, 12 (Dec 2013), 2115–2126.
  • Hsieh et al. (2018) Sheng-Hsun Hsieh, Yung-Hui Li, Wei Wang, and Chung-Hao Tien. 2018. A Novel Anti-Spoofing Solution for Iris Recognition Toward Cosmetic Contact Lens Attack Using Spectral ICA Analysis. Sensors 18, 3 (2018), 1–15.
  • Huang et al. (2013) Xinyu Huang, Changpeng Ti, Qi zhen Hou, Alade Tokuta, and Ruigang Yang. 2013. An experimental study of pupil constriction for liveness detection. In IEEE Workshop on Applications of Computer Vision (WACV). IEEE, Tampa, FL, USA, 252–258.
  • Hughes and Bowyer (2013) Ken Hughes and Kevin W. Bowyer. 2013. Detection of Contact-Lens-Based Iris Biometric Spoofs Using Stereo Imaging. In 2013 46th Hawaii International Conference on System Sciences. IEEE, Wailea, Maui, HI, USA, 1763–1772.
  • Image Analysis and Biometrics Lab (2016) Image Analysis and Biometrics Lab. 2016. IIITD Contact Lens Iris Database, Iris Combined Spoofing Database. (2016). Retrieved August 8, 2017 from
  • Jain et al. (2008) Anil K. Jain, Karthik Nandakumar, and Abhishek Nagar. 2008. Biometric Template Security. EURASIP Journal on Advances in Signal Processing 2008, Article 113 (Jan. 2008), 17 pages.
  • Johnson et al. (2010) Peter Johnson, Bin Tan, and Stephanie Schuckers. 2010. Multimodal fusion vulnerability to non-zero effort (spoof) imposters. In IEEE Int. Workshop on Information Forensics and Security. IEEE, Seattle, WA, USA, 1–5.
  • Kanematsu et al. (2007) Masashi Kanematsu, Hironobu Takano, and Kiyomi Nakamura. 2007. Highly reliable liveness detection method for iris recognition. In SICE Annual Conference. IEEE, Takamatsu, Japan, 361–364.
  • Kannala and Rahtu (2012) Juho Kannala and Esa Rahtu. 2012. BSIF: Binarized statistical image features. In Proceedings of the 21st International Conference on Pattern Recognition (ICPR2012). IEEE, Tsukuba, Japan, 1363–1366.
  • Karunya and Kumaresan (2015) R. Karunya and S. Kumaresan. 2015. A study of liveness detection in fingerprint and iris recognition systems using image quality assessment. In Int. Conference on Advanced Computing and Communication Systems. IEEE, Coimbatore, India, 1–5.
  • Kohli et al. (2013) Naman Kohli, Daksha Yadav, Mayank Vatsa, and Richa Singh. 2013. Revisiting iris recognition with color cosmetic contact lenses. In IEEE Int. Conference on Biometrics (ICB). IEEE, Madrid, Spain, 1–7.
  • Kohli et al. (2016) Naman Kohli, Daksha Yadav, Mayank Vatsa, Richa Singh, and Afzel Noore. 2016. Detecting medley of iris spoofing attacks using DESIST. In IEEE Int. Conference on Biometrics: Theory Applications and Systems (BTAS). IEEE, Niagara Falls, NY, USA, 1–6.
  • Kokkinos and Yuille (2008) Iasonas Kokkinos and Alan Yuille. 2008. Scale invariance without scale selection. In IEEE Int. Conference on Computer Vision and Pattern Recognition (CVPR). IEEE, Anchorage, AK, USA, 1–8.
  • Komogortsev (2014a) Oleg Komogortsev. 2014a. Eye Tracker Print-Attack Database (ETPAD) v1. (2014). Retrieved August 8, 2017 from
  • Komogortsev (2014b) Oleg Komogortsev. 2014b. Eye Tracker Print-Attack Database (ETPAD) v2. (2014). Retrieved August 8, 2017 from
  • Komogortsev and Karpov (2013) Oleg V. Komogortsev and Alex Karpov. 2013. Liveness detection via oculomotor plant characteristics: Attack of mechanical replicas. In IEEE Int. Conference on Biometrics (ICB). IEEE, Madrid, Spain, 1–8.
  • Komogortsev et al. (2015) Oleg V. Komogortsev, Alexey Karpov, and Corey D. Holland. 2015. Attack of Mechanical Replicas: Liveness Detection With Eye Movements. IEEE Trans. Inf. Forens. Security 10, 4 (April 2015), 716–725.
  • Komulainen et al. (2014) Jukka Komulainen, Abdenour Hadid, and Matti Pietikäinen. 2014. Generalized textured contact lens detection by extracting BSIF description from Cartesian iris images. In IEEE Int. Joint Conference on Biometrics (IJCB). IEEE, Clearwater, FL, USA, 1–7.
  • Komulainen et al. (2017) Jukka Komulainen, Abdenour Hadid, and Matti Pietikäinen. 2017. Contact lens detection in iris images. In Iris and Periocular Biometric Recognition, Christian Rathgeb and Christoph Busch (Eds.). IET, London, UK, Chapter 12, 265–290.
  • Kumar and Puhan (2015) Mohit Kumar and Niladri Bihari Puhan. 2015. Iris liveness detection using texture segmentation. In National Conference on Computer Vision, Pattern Recognition, Image Processing and Graphics (NCVPRIPG). IEEE, Patna, India, 1–4.
  • LeCun et al. (1998) Yann LeCun, Leon Bottou, Yoshua Bengio, and Patrick Haffner. 1998. Gradient-based learning applied to document recognition. Proc. IEEE 86, 11 (Nov 1998), 2278–2324.
  • Lee and Park (2010) Eui Chul Lee and Kang Ryoung Park. 2010. Fake iris detection based on 3D structure of iris pattern. International Journal of Imaging Systems and Technology 20, 2 (2010), 162–166.
  • Lee et al. (2005) Eui Chul Lee, Kang Ryoung Park, and Jaihie Kim. 2005. Fake Iris Detection by Using Purkinje Image. In Lecture Notes in Computer Science, David Zhang and Anil K. Jain (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 397–403.
  • Lee et al. (2006) Sung Joo Lee, Kang Ryoung Park, and Jaihie Kim. 2006. Robust Fake Iris Detection Based on Variation of the Reflectance Ratio Between the Iris and the Sclera. In Biometrics Symposium: Special Session on Research at the Biometric Consortium Conference. IEEE, Baltimore, MD, USA, 1–6.
  • Lefohn et al. (2003) Aaron Lefohn, Brian Budge, Peter Shirley, Richard Caruso, and Erik Reinhard. 2003. An ocularist’s approach to human iris synthesis. IEEE Computer Graphics and Applications 23, 6 (Nov 2003), 70–75.
  • Lovish et al. (2015) Lovish, Aditya Nigam, Balender Kumar, and Phalguni Gupta. 2015. Robust Contact Lens Detection Using Local Phase Quantization and Binary Gabor Pattern. In Int. Conference on Computer Analysis of Images and Patterns (CAIP), G. Azzopardi and N. Petkov (Eds.). Springer, Valletta, Malta, 702–714.
  • Marsico et al. (2014) Maria De Marsico, Chiara Galdi, Michele Nappi, and Daniel Riccio. 2014. FIRME: Face and Iris Recognition for Mobile Engagement. Image and Vision Computing 32, 12 (2014), 1161 – 1172.
  • Marsico et al. (2015) Maria De Marsico, Michele Nappi, Daniel Riccio, and Harry Wechsler. 2015. Mobile Iris Challenge Evaluation (MICHE)-I, biometric iris dataset and protocols. Pattern Recognition Letters 57 (2015), 17 – 23. Mobile Iris CHallenge Evaluation part I (MICHE I).
  • Masek and Kovesi (2003) Libor Masek and Peter Kovesi. 2003. MATLAB Source Code for a Biometric Identification System Based on Iris Patterns. (2003). Retrieved January 3, 2018 from
  • Matthew (2016) Peter William Matthew. January 2016. Novel approaches to biometric security with an emphasis on liveness and coercion detection. (January 2016).
  • Menotti et al. (2015) David Menotti, Giovani Chiachia, Allan Pinto, William Robson Schwartz, Helio Pedrini, Alexandre Xavier Falcao, and Anderson Rocha. 2015. Deep Representations for Iris, Face, and Fingerprint Spoofing Detection. IEEE Trans. Inf. Forens. Security 10, 4 (April 2015), 864–879.
  • Morales et al. (2018) Aythami Morales, Julian Fierrez, Javier Galbally, and Marta Gomez-Barrero. 2018. Introduction to Iris Presentation Attack Detection. In Handbook of Biometric Anti-Spoofing (2nd Edition, to appear), Sébastien Marcel, Mark Nixon, Julian Fierrez, and Nicholas Evans (Eds.). Springer International Publishing AG, 1–15.
  • NISLab, NTNU (2016a) NISLab, NTNU. 2016a. GUC - VIsible Spectrum Smartphone Iris Video (VISSIV) Database. (2016). Retrieved August 10, 2017 from
  • NISLab, NTNU (2016b) NISLab, NTNU. 2016b. GUC Light Field Visible Spectrum Iris Artefact Database (GUC-LF-VIAr-DB). (2016). Retrieved August 8, 2017 from
  • NISLab, NTNU (2016c) NISLab, NTNU. 2016c. GUC Visible Spectrum Iris Artefact (VSIA) Database. (2016). Retrieved August 8, 2017 from
  • NISLab, NTNU (2016d) NISLab, NTNU. 2016d. PAVID - Presentation Attack Video Iris Database. (2016). Retrieved August 8, 2017 from
  • Nixon et al. (2008) Kristin Adair Nixon, Valerio Aimale, and Robert K. Rowe. 2008. Spoof Detection Schemes. In Handbook of Biometrics, Anil K. Jain, Patrick Flynn, and Arun A. Ross (Eds.). Springer US, Boston, MA, 403–423.
  • Ojala et al. (1994) Timo Ojala, Matti Pietikäinen, and David Harwood. 1994. Performance evaluation of texture measures with classification based on Kullback discrimination of distributions. In Proceedings of 12th International Conference on Pattern Recognition, Vol. 1. IEEE, Jerusalem, Israel, 582–585 vol.1.
  • Ortiz-Lopez et al. (2011) Jaime Ortiz-Lopez, Javier Galbally, Julian Fierrez, and Javier Ortega-Garcia. 2011. Predicting iris vulnerability to direct attacks based on quality related features. In IEEE Int. Carnahan Conference on Security Technology (ICCST). IEEE, Barcelona, Spain, 1–6.
  • Pacut and Czajka (2006) Andrzej Pacut and Adam Czajka. 2006. Aliveness Detection for Iris Biometrics. In IEEE Int. Carnahan Conference on Security Technology (ICCST). IEEE, Lexington, KY, USA, 122–129.
  • Pala and Bhanu (2017) Federico Pala and Bir Bhanu. 2017. Iris Liveness Detection by Relative Distance Comparisons. In The IEEE Conference on Computer Vision and Pattern Recognition (CVPR) Workshops. IEEE, Honolulu, HI, USA, 664–671.
  • Park and Kang (2005) Jong Hyun Park and Moon Gi Kang. 2005. Iris Recognition Against Counterfeit Attack Using Gradient Based Fusion of Multi-spectral Images. In Advances in Biometric Person Authentication: International Wokshop on Biometric Recognition Systems, IWBRS 2005, Beijing, China, October 22-23, 2005. Proceedings, Stan Z. Li, Zhenan Sun, Tieniu Tan, Sharath Pankanti, Gérard Chollet, and David Zhang (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 150–156.
  • Park and Kang (2007) Jong Hyun Park and Moon Gi Kang. 2007. Multispectral iris authentication system against counterfeit attack using gradient-based image fusion. Optical Engineering 46, 11 (2007), 117003–117003–14.
  • Park (2006) Kang Ryoung Park. 2006. Robust Fake Iris Detection. In Articulated Motion and Deformable Objects: 4th International Conference, AMDO 2006, Port d’Andratx, Mallorca, Spain, July 11-14, 2006. Proceedings, Francisco J. Perales and Robert B. Fisher (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 10–18.
  • Patel et al. (2015) Vishal M. Patel, Nalini K. Ratha, and Rama Chellappa. 2015. Cancelable Biometrics: A review. IEEE Signal Processing Magazine 32, 5 (Sept 2015), 54–65.
  • Pinto et al. (2018) Allan Pinto, Helio Pedrini, Michael Krumdick, Benedict Becker, Adam Czajka, Kevin W. Bowyer, and Anderson Rocha. 2018. Counteracting Presentation Attacks in Face, Fingerprint, and Iris Recognition. In Deep Learning in Biometrics, Angshul Majumdar Mayank Vatsa, Richa Singh (Ed.). CRC Press, Boca Raton, London, New York, 245–293.
  • Puhan et al. (2011) Niladri Bihari Puhan, Sudha Natarajan, and A. Suhas Hegde. 2011. A new iris liveness detection method against contact lens spoofing. In IEEE Int. Symposium on Consumer Electronics (ISCE). IEEE, Singapore, 71–74.
  • Quinn et al. (2018) George W. Quinn, Patrick Grother, and James Matey. 2018. IREX IX Part One: Performance of Iris Recognition Algorithms. Technical Report. NIST. Interagency Report 7629.
  • Raghavendra and Busch (2014a) Ramachandra Raghavendra and Christoph Busch. 2014a. Presentation attack detection algorithm for face and iris biometrics. In European Signal Processing Conference (EUSIPCO). IEEE, Lisbon, Portugal, 1387–1391.
  • Raghavendra and Busch (2014b) Ramachandra Raghavendra and Christoph Busch. 2014b. Presentation attack detection on visible spectrum iris recognition by exploring inherent characteristics of Light Field Camera. In IEEE Int. Joint Conference on Biometrics (IJCB). IEEE, Clearwater, FL, USA, 1–8.
  • Raghavendra and Busch (2015) Ramachandra Raghavendra and Christoph Busch. 2015. Robust Scheme for Iris Presentation Attack Detection Using Multiscale Binarized Statistical Image Features. IEEE Trans. Inf. Forens. Security 10, 4 (April 2015), 703–715.
  • Raghavendra et al. (2014) Ramachandra Raghavendra, Kiran B. Raja, and Christoph Busch. 2014. Ensemble of Statistically Independent Filters for Robust Contact Lens Detection in Iris Images. In Proceedings of the 2014 Indian Conference on Computer Vision Graphics and Image Processing (ICVGIP ’14). ACM, New York, NY, USA, Article 24, 7 pages.
  • Raghavendra et al. (2017) Ramachandra Raghavendra, Kiran B. Raja, and Christoph Busch. 2017. ContlensNet: Robust Iris Contact Lens Detection Using Deep Convolutional Neural Networks. In IEEE Winter Conference on Applications of Computer Vision (WACV). IEEE, Santa Rosa, CA, USA, 1160–1167.
  • Raja et al. (2016b) Kiran B. Raja, R. Raghavendra, Jean-Noel Braun, and Christoph Busch. 2016b. Presentation attack detection using a generalizable statistical approach for periocular and iris systems. In Int. Conference of the Biometrics Special Interest Group (BIOSIG), Arslan Brömme, Christoph Busch, Christian Rathgeb, and Andreas Uhl (Eds.). Gesellschaft für Informatik e.V., Bonn, 111–122.
  • Raja et al. (2015a) Kiran B. Raja, Ramachandra Raghavendra, and Christoph Busch. 2015a. Presentation attack detection using Laplacian decomposed frequency response for visible spectrum and Near-Infra-Red iris systems. In IEEE Int. Conference on Biometrics: Theory Applications and Systems (BTAS). IEEE, Arlington, VA, USA, 1–8.
  • Raja et al. (2015b) Kiran B. Raja, Ramachandra Raghavendra, and Christoph Busch. 2015b. Video Presentation Attack Detection in Visible Spectrum Iris Recognition Using Magnified Phase Information. IEEE Trans. Inf. Forens. Security 10, 10 (October 2015), 2048–2056.
  • Raja et al. (2016a) Kiran B. Raja, Ramachandra Raghavendra, and Christoph Busch. 2016a. Color Adaptive Quantized Patterns for Presentation Attack Detection in Ocular Biometric Systems. In Int. Conference on Security of Information and Networks (SIN’16). ACM, New York, NY, USA, 9–15.
  • Rathgeb and Busch (2017) Christian Rathgeb and Christoph Busch. 2017. On the feasibility of creating morphed iris-codes. In IEEE Int. Joint Conference on Biometrics (IJCB). IEEE, Denver, CO, USA, 152–157.
  • Rathgeb and Uhl (2010) Christian Rathgeb and Andreas Uhl. 2010. Attacking Iris Recognition: An Efficient Hill-Climbing Technique. In Int. Conference on Pattern Recognition (ICPR). IEEE, Istanbul, Turkey, 1217–1220.
  • Rathgeb and Uhl (2011) Christian Rathgeb and Andreas Uhl. 2011. A survey on biometric cryptosystems and cancelable biometrics. EURASIP Journal on Information Security 2011, 1 (23 Sep 2011), 3.
  • Rigas and Komogortsev (2014) Ioannis Rigas and Oleg V. Komogortsev. 2014. Gaze estimation as a framework for iris liveness detection. In IEEE Int. Joint Conference on Biometrics (IJCB). IEEE, Clearwater, FL, USA, 1–8.
  • Rigas and Komogortsev (2015) Ioannis Rigas and Oleg V. Komogortsev. 2015. Eye movement-driven defense against iris print-attacks. Pattern Recognition Letters 68, Part 2 (2015), 316 – 326. Special Issue on “Soft Biometrics”.
  • Ruiz-Albacete et al. (2008) Virginia Ruiz-Albacete, Pedro Tome-Gonzalez, Fernando Alonso-Fernandez, Javier Galbally, Julian Fierrez, and Javier Ortega-Garcia. 2008. Direct Attacks Using Fake Images in Iris Verification. In Lecture Notes in Computer Science. Lecture Notes in Computer Science, Vol. 5372. Springer, Roskilde, Denmark, 181–190.
  • Sansola (2015) Alora Sansola. 2015. Postmortem iris recognition and its application in human identification. Master’s thesis. Boston University, Boston, MA, USA.
  • Sauerwein et al. (2017) Kelly Sauerwein, Tiffany B. Saul, Dawnie Wolfe Steadman, and Chris B. Boehnen. 2017. The Effect of Decomposition on the Efficacy of Biometrics for Positive Identification. Journal of Forensic Sciences 62, 6 (2017), 1599–1602.
  • Sequeira et al. (2017) Ana F. Sequeira, Lulu Chen, James Ferryman, Peter Wild, Fernando Alonso-Fernandez, Josef Bigun, Kiran B. Raja, Ramachandra Raghavendra, Christoph Busch, Tiago de Freitas Pereira, Sebastien Marcel, Sushree Sangeeta Behera, Mahesh Gour, and Vivek Kanhangad. 2017. Cross-eyed 2017: Cross-spectral iris/periocular recognition competition. In IEEE Int. Joint Conference on Biometrics (IJCB). IEEE, Denver, CO, USA, 725–732.
  • Sequeira et al. (2014a) Ana F. Sequeira, João C. Monteiro, Ana Rebelo, and Hélder P. Oliveira. 2014a. MobBIO: A multimodal database captured with a portable handheld device. In IEEE Int. Conference on Computer Vision Theory and Applications (VISAPP), Vol. 3. IEEE, Lisbon, Portugal, 133–139.
  • Sequeira et al. (2014b) Ana F. Sequeira, Juliano Murari, and Jaime S. Cardoso. 2014b. Iris liveness detection methods in mobile applications. In IEEE Int. Conference on Computer Vision Theory and Applications (VISAPP), Vol. 3. IEEE, Lisbon, Portugal, 22–33.
  • Sequeira et al. (2014c) Ana F. Sequeira, Juliano Murari, and Jaime S. Cardoso. 2014c. Iris liveness detection methods in the mobile biometrics scenario. In IEEE Int. Joint Conference on Neural Networks (IJCNN). IEEE, Beijing, China, 3002–3008.
  • Sequeira et al. (2014d) Ana F. Sequeira, Hélder P. Oliveira, João C. Monteiro, João P. Monteiro, and Jaime S. Cardoso. 2014d. MobILive 2014 - Mobile Iris Liveness Detection Competition. In IEEE Int. Joint Conference on Biometrics (IJCB). IEEE, Clearwater, FL, USA, 1–6.
  • Sequeira et al. (2016) Ana F. Sequeira, Shejin Thavalengal, James Ferryman, Peter Corcoran, and Jaime S. Cardoso. 2016. A realistic evaluation of iris presentation attack detection. In Int. Conference on Telecommunications and Signal Processing (TSP). IEEE, Vienna, Austria, 660–664.
  • Shah and Ross (2006) Samir Shah and Arun Ross. 2006. Generating Synthetic Irises by Feature Agglomeration. In 2006 International Conference on Image Processing. IEEE, Atlanta, GA, USA, 317–320.
  • Shaydyuk and Cleland (2016) Nazariy K. Shaydyuk and Timothy Cleland. 2016. Biometric identification via retina scanning with liveness detection using speckle contrast imaging. In IEEE Int. Carnahan Conference on Security Technology (ICCST). IEEE, Orlando, FL, USA, 1–5.
  • Silva et al. (2015) Pedro Silva, Eduardo Luz, Rafael Baeta, Helio Pedrini, Alexandre Xavier Falcao, and David Menotti. 2015. An Approach to Iris Contact Lens Detection based on Deep Image Representations. In Conference on Graphics, Patterns and Images (SIBGRAPI). IEEE, IEEE, Salvador, Brazil, 157–164.
  • Singh et al. (2018) Avantika Singh, Vishesh Mistry, Dhananjay Yadav, and Aditya Nigam. 2018. GHCLNet: A Generalized Hierarchically tuned Contact Lens detection Network. In IEEE Int. Conference on Identity, Security and Behavior Analysis (ISBA). IEEE, Singapore, 1–6.
  • Singh and Singh (2011) Yogendra Narain Singh and Sanjay Kumar Singh. 2011. Vitality detection from biometrics: State-of-the-art. In World Congress on Information and Communication Technologies. IEEE, Mumbai, India, 106–111.
  • Smith et al. (2013a) Brian A. Smith, Qi Yin, Steven K. Feiner, and Shree K. Nayar. 2013a. Columbia Gaze Data Set. (2013). Retrieved August 8, 2017 from
  • Smith et al. (2013b) Brian A. Smith, Qi Yin, Steven K. Feiner, and Shree K. Nayar. 2013b. Gaze Locking: Passive Eye Contact Detection for Human-object Interaction. In Annual ACM Symposium on User Interface Software and Technology (UIST ’13). ACM, New York, NY, USA, 271–280.
  • SOCIA Lab. - Soft Computing and Image Analysis Group (2004) SOCIA Lab. - Soft Computing and Image Analysis Group. 2004. Noisy Visible Wavelength Iris Image Databases (UBIRIS). (2004). Retrieved January 19, 2018 from
  • Söllinger et al. (2018) Dominik Söllinger, Pauline Trung, and Andreas Uhl. 2018. Non-reference image quality assessment and natural scene statistics to counter biometric sensor spoofing. IET Biometrics (January 2018), 1–11.
  • Sun and Tan (2014) Zhenan Sun and Tieniu Tan. 2014. Iris Anti-spoofing. In Handbook of Biometric Anti-Spoofing: Trusted Biometrics under Spoofing Attacks, Sébastien Marcel, Mark S. Nixon, and Stan Z. Li (Eds.). Springer London, London, 103–123.
  • Sun et al. (2014) Zhenan Sun, Hui Zhang, Tieniu Tan, and Jianyu Wang. 2014. Iris Image Classification Based on Hierarchical Visual Codebook. IEEE Trans. Pattern Anal. Mach. Intell. 36, 6 (June 2014), 1120–1133.
  • Takano and Nakamura (2009) Hironobu Takano and Kiyomi Nakamura. 2009. Rotation independent iris recognition by the rotation spreading neural network. In IEEE Int. Symposium on Consumer Electronics. IEEE, Kyoto, Japan, 651–654.
  • Thalheim et al. (2002) Lisa Thalheim, Jan Krissler, and Peter-Michael Ziegler. 2002. Biometric Access Protection Devices and their Programs Put to the Test, Available online in c’t Magazine, No. 11/2002, p. 114. on-line. (2002).
  • Thavalengal and Corcoran (2016) Shejin Thavalengal and Peter Corcoran. 2016. User Authentication on Smartphones: Focusing on iris biometrics. IEEE Consumer Electronics Magazine 5, 2 (April 2016), 87–93.
  • Thavalengal et al. (2016) Shejin Thavalengal, Tudor Nedelcu, Petronel Bigioi, and Peter Corcoran. 2016. Iris liveness detection for next generation smartphones. IEEE Trans. Consumer Electronics 62, 2 (May 2016), 95–102.
  • Thavalengal et al. (2014) Shejin Thavalengal, Ruxandra Vranceanu, Razvan G. Condorovici, and Peter Corcoran. 2014. Iris pattern obfuscation in digital images. In IEEE Int. Joint Conference on Biometrics (IJCB). IEEE, Clearwater, FL, USA, 1–8.
  • Tomeo-Reyes and Chandran (2013) Inmaculada Tomeo-Reyes and Vinod Chandran. 2013. Iris based identity verification robust to sample presentation security attacks. International Journal of Information Science and Intelligent System 2, 1 (June 2013), 27–41.
  • Toth and Galbally (2015) Anna Bori Toth and Javier Galbally. 2015. Anti-spoofing, Iris. In Encyclopedia of Biometrics, Stan Z. Li and Anil Jain (Eds.). Springer US, New York, 87–97.
  • Toth (2009) Bori Toth. 2009. Liveness Detection: Iris. In Encyclopedia of Biometrics, Stan Z. Li and Anil Jain (Eds.). Springer US, Boston, MA, 931–938.
  • Trokielewicz and Bartuzi (2016) Mateusz Trokielewicz and Ewelina Bartuzi. 2016. Cross-spectral Iris Recognition for Mobile Applications using High-quality Color Images. Journal of Telecommunications and Information Technology 3 (2016), 91–97.
  • Trokielewicz et al. (2016a) Mateusz Trokielewicz, Adam Czajka, and Piotr Maciejewicz. 2016a. Human iris recognition in post-mortem subjects: Study and database. In IEEE Int. Conference on Biometrics: Theory Applications and Systems (BTAS). IEEE, Niagara Falls, NY, USA, 1–6.
  • Trokielewicz et al. (2016b) Mateusz Trokielewicz, Adam Czajka, and Piotr Maciejewicz. 2016b. Post-mortem human iris recognition. In IEEE Int. Conference on Biometrics (ICB). IEEE, Halmstad, Sweden, 1–6.
  • Venugopalan and Savvides (2011) Shreyas Venugopalan and Marios Savvides. 2011. How to Generate Spoofed Irises From an Iris Code Template. IEEE Trans. Inf. Forens. Security 6, 2 (June 2011), 385–395.
  • Villalbos-Castaldi and Suaste-Gómez (2014) Fabiola M. Villalbos-Castaldi and Ernesto Suaste-Gómez. 2014. In the use of the spontaneous pupillary oscillations as a new biometric trait. In Int. Workshop on Biometrics and Forensics. IEEE, Valletta, Malta, 1–6.
  • Warsaw University of Technology (2013) Warsaw University of Technology. 2013. Warsaw Datasets Webpage. (2013). Retrieved August 10, 2017 from
  • Wei et al. (2013) Hong Wei, Lulu Chen, and James Ferryman. 2013. Biometrics in ABC: counter-spoofing research. In FRONTEX 2nd Global Conference on Future Developments of Automated Border Control. FRONTEX, Warsaw, Poland, 1–4.
  • Wei et al. (2008a) Zhuoshi Wei, Xianchao Qiu, Zhenan Sun, and Tieniu Tan. 2008a. Counterfeit iris detection based on texture analysis. In Int. Conference on Pattern Recognition (ICPR). IEEE, Tampa, FL, USA, 1–4.
  • Wei et al. (2008b) Zhuoshi Wei, Tieniu Tan, and Zhenan Sun. 2008b. Synthesis of large realistic iris databases using patch-based sampling. In Int. Conference on Pattern Recognition (ICPR). IEEE, Tampa, FL, USA, 1–4.
  • Yadav et al. (2014) Daksha Yadav, Naman Kohli, James S. Doyle, Richa Singh, Mayank Vatsa, and Kevin W. Bowyer. 2014. Unraveling the Effect of Textured Contact Lenses on Iris Recognition. IEEE Trans. Inf. Forens. Security 9, 5 (May 2014), 851–862.
  • Yadav et al. (2017) Daksha Yadav, Naman Kohli, Mayank Vatsa, Richa Singh, and Afzel Noore. 2017. Unconstrained Visible Spectrum Iris with Textured Contact Lens Variations: Database and Benchmarking. In IEEE Int. Joint Conference on Biometrics (IJCB). IEEE, Denver, CO, USA, 1–6.
  • Yambay et al. (2017a) David Yambay, Benedict Becker, Naman Kohli, Daksha Yadav, Adam Czajka, Kevin W. Bowyer, Stephanie Schuckers, Richa Singh, Mayank Vatsa, Afzel Noore, Diego Gragnaniello, C. Sansone, L. Verdoliva, Lingxiao He, Yiwei Ru, Haiqing Li, Nianfeng Liu, Zhenan Sun, and Tieniu Tan. 2017a. LivDet Iris 2017 – Iris Liveness Detection Competition 2017. In IEEE Int. Joint Conference on Biometrics (IJCB). IEEE, Denver, CO, USA, 1–6.
  • Yambay et al. (2014) David Yambay, James S. Doyle, Kevin W. Bowyer, Adam Czajka, and Stephanie Schuckers. 2014. LivDet-iris 2013 - Iris Liveness Detection Competition 2013. In IEEE Int. Joint Conference on Biometrics (IJCB). IEEE, Clearwater, FL, USA, 1–8.
  • Yambay and Schuckers (2018) David Yambay and Stephanie Schuckers. 2018. Review of Iris Presentation Attack Detection Competitions. In Handbook of Biometric Anti-Spoofing (2nd Edition, to appear), Sébastien Marcel, Mark Nixon, Julian Fierrez, and Nicholas Evans (Eds.). Springer International Publishing AG, 1–16.
  • Yambay et al. (2017b) David Yambay, Brian Walczak, Stephanie Schuckers, and Adam Czajka. 2017b. LivDet-Iris 2015 - Iris Liveness Detection Competition 2015. In IEEE Int. Conference on Identity, Security and Behavior Analysis (ISBA). IEEE, New Delhi, India, 1–6.
  • Zhang et al. (2010) Hui Zhang, Zhenan Sun, and Tieniu Tan. 2010. Contact Lens Detection Based on Weighted LBP. In Int. Conference on Pattern Recognition (ICPR). IEEE, Istanbul, Turkey, 4279–4282.
  • Zuo et al. (2007) Jinyu Zuo, Natalia A. Schmid, and Xiaohan Chen. 2007. On Generation and Analysis of Synthetic Iris Images. IEEE Trans. Inf. Forens. Security 2, 1 (March 2007), 77–90.
Comments 0
Request Comment
You are adding the first comment!
How to quickly get a good reply:
  • Give credit where it’s due by listing out the positive aspects of a paper before getting into which changes should be made.
  • Be specific in your critique, and provide supporting evidence with appropriate references to substantiate general statements.
  • Your comment should inspire ideas to flow and help the author improves the paper.

The better we are at sharing our knowledge with each other, the faster we move forward.
The feedback must be of minimum 40 characters and the title a minimum of 5 characters
Add comment
Loading ...
This is a comment super asjknd jkasnjk adsnkj
The feedback must be of minumum 40 characters
The feedback must be of minumum 40 characters

You are asking your first question!
How to quickly get a good answer:
  • Keep your question short and to the point
  • Check for grammar or spelling errors.
  • Phrase it like a question
Test description