A. Threat Evaluation Setup

In order to get a broader view on what attack creation recipes are a threat to what systems, various feature extraction and comparison schemes are confronted with the attack databases. In total, 15 different biometric vein recognition schemes are employed for the experiments. They can be categorized into four classes of algorithms based on the feature type extracted from the vein samples:

• Binarized vessel networks: Algorithms from this category work by transforming a raw vein image into a binary image where the background (and also other parts of the human body such as flesh) is removed and only the extracted vessel structures remain. The binarized image is then used as a feature image for the comparison step. Seven of such approaches are included in this work. Maximum Curvature (MC) [15] and Repeated Line Tracking (RLT) [14] try to achieve this by looking at the cross sectional profile of the finger vein image. Other methods such as Wide Line Detector (WLD) [13], Gabor Filter (GF) [24] and Isotropic Undecimated Wavelet Transform (IUWT) [25] also consider local neighbourhood regions by using filter convolution. A slightly different approach is given by Principal Curvature (PC) [23] which first computes the normalized gradient field and then looks at the eigenvalues of the Hessian matrix at each pixel. All so far described binary image extraction methods use a correlation measure to compare probe and template samples which is often referred to as Miura-matching due to its introduction in Miura et al. [14]. One more sophisticated vein pattern based feature extraction and matching strategy is Anatomy Structure Analysis-Based Vein Extraction (ASAVE) [26], which includes two different techniques for binary vessel structure extraction as well as a custom matching strategy.

• Keypoints: The term keypoint is generally understood as a specific pixel or pixel region in an digital image that provides some interesting information to a given application. Every keypoint is stored by describing its local neighbourhood and its location. This research uses three keypoint based feature extraction and matching schemes. One such keypoint detection method, known as Deformation Tolerant Feature Point Matching (DTFPM) [27], was especially tailored for the task of finger vein recognition. This is achieved by considering shapes that are common in finger vein structures. Additionally, modified versions of general purpose keypoint detection and matching schemes, SIFT and SURF, as described in [18] are tested in this research. The modification includes filtering such that only keypoints inside the finger are used while keypoints at the finger contours or even in the background are discarded.

• Texture information: Image texture is a feature that describes the structure of an image. Shapiro and Stockman [28] define image texture as something that gives information about the spatial arrangement of color or intensities in an image or selected region of an image. While two images can be identical in terms of their histograms, they can be very different when looking at their spatial arrangement of bright and dark pixels. Three methods are included in this work that can be counted to texture-based approaches. One of which is a Local Binary Pattern (LBP) [29] descriptor that uses the output of Gabor filters in various scales and orientations as an input. The resulting LBP are block-wise transformed into concatenated histograms. For comparison, histogram intersection is used as a similarity metric. The other two methods are convolutional neural network (CNN) based approaches. The first CNN approach (CNN-S) uses a Squeeze-Net architecture together with triplet loss function [30]. The second recognition approach employs a DenseNet-161 network architecture with softmax loss function [31] (CNN-D). Similarity scores for the CNN approaches are obtained by computing the inverse Euclidean distance given two feature vectors corresponding to two finger vein samples.

• Minutiae-based: The term minutiae descends from the domain of fingerprint biometrics. Every fingerprint is a unique pattern that consists of ridges and valleys. The locations where such a pattern has discontinuities such as ridge endings or bifurcations are named “minutiae points”. This concept of finding such minutiae points was successfully transferred [32] to the vein biometrics domain by skeletonization of an extracted binarized vein image, such as described in the first category. This study now employs two schemes in order to perform vein recognition, that both use these extracted minutiae points. First, the proprietary software VeriFinger SDK (VF)5 is used for comparison of these minutiae points. A second method, Location-based Spectral Minutiae Representation (SML) [33] uses the minutiae points as an input in order to generate a representation that can finally be compared using a correlation measure.

Fig. 2 shows the extracted features from one exemplary vein sample, stemming from the PLUS database. The ASAVE method extracts two feature representations, coined vein network and vein backbone, which are overlaid using white and gray, respectively, in order to fit the illustration. The LBP illustration shows four Gabor filter responses after applying the LBP algorithm. Since the output of the CNN based approaches is a vector embedding, such a visualization is not applicable. Acting as a representative for both minutiae schemes, a skeletonized finger vein structure is shown, where the minutiae point locations are marked with circles. Since the minutiae schemes are based on a binarized vessel network, their solidity depends on the robustness of the underlying procedure for extracting the vessel network.

Fig. 2.

Exemplary depiction of extracted features from every category. Since the output of the CNN based approaches is a vector embedding, such a visualization is not applicable.

Show All

Every vein recognition scheme has its own set of hyper-parameters. For the experiments in this work, the same settings were applied to every vein database.

The minutiae-based recognition schemes are evaluated using the VeinPLUS + Framework [34]. The binary vessel network based methods, the keypoint based methods and the LBP scheme are evaluated using the PLUS OpenVein Toolkit [35]. The CNN approaches were implemented in Python. The network training for the PLUS databases was done using finger vein images from the PROTECT [36] open source data set, since these descend from a similar imaging sensor. The training for the VeraPV was achieved using the remaining bona fide subjects 51–110 that have no presentation attack counterpart. Network training for the remaining databases was done using 2-fold-cross validation. Due to the fact that such network training is non-deterministic, the EERs and IAPMRs for the CNN methods are calculated by taking the arithmetic mean over both folds.

For comparison the ‘FVC’ protocol, named after the Fingerprint Verification Contest 2004 [37] is used. With this protocol all samples are compared against all remaining samples descending from the same subject as genuine comparisons as given by equation (1). The number of genuine comparisons is denoted as $n_{genuine}$ , the number of impostor comparisons as $n_{impostor}$ and the number of subjects as $n_{subjects}$ . For the case of finger vein data every individual finger is treated as unique subject, while for the palm vein data the term subject refers to a whole hand. For the formulas in this section, is assumed that every subject has the same number of samples $n_{samples}$ .

View Source\begin{equation*} n_{genuine} = \frac {n_{samples}*\left ({n_{samples} - 1 }\right)}{2}* n_{subjects}\tag{1}\end{equation*}

For the Impostor comparisons, the FVC protocol defines that only the first sample of every subject is compared against the first of the remaining subjects. The number of impostor comparisons is given by equation (2) and only depends on the number of unique subjects regardless of the number of samples per subject.

View Source\begin{equation*} n_{impostor} = \frac {n_{subjects}*\left ({n_{subjects} - 1 }\right)}{2}\tag{2}\end{equation*}

Hence, it is ensured that every genuine comparison is made, but largely reduces the amount of impostor scores. Symmetric comparisons are omitted. It is important to note however that the correlation based comparison algorithm used for the binarized vessel network based approaches (Miura matching) is not symmetric.

1) Threat Evaluation Protocol:

Biometric template comparison systems, which are basically binary classifiers, produce four types of outcome: (i) correct match (True Positive, TP), (ii) wrong rejection (False Negative, FN; often called type II error), (iii) correct rejection (True Negative, TN) and (iv) wrong match (False Positive, FP; often called type I error). The decision whether a comparison is considered to be a match or a reject is based on a decision threshold $\tau$ . Through varying the decision threshold, the False Match Rate (FMR, i.e., the ratio of wrongly accepted impostor attempts to the number of total impostor attempts) and the False-Non Match Rate (FNMR, i.e., the ratio of wrongly denied genuine attempts to the total number of genuine verification attempts) can be determined as seen in equations (3) and (4).

$$\begin{align*} \textrm {FMR}(\tau) = \frac {FP}{FP\,+\,TN}\tag{3}\\ \textrm {FNMR}(\tau) = \frac {FN}{FN\,+\,TP}\tag{4}\end{align*}$$ View Source\begin{align*} \textrm {FMR}(\tau) = \frac {FP}{FP\,+\,TN}\tag{3}\\ \textrm {FNMR}(\tau) = \frac {FN}{FN\,+\,TP}\tag{4}\end{align*}

The operating point where FMR = FNMR is called Equal Error Rate (EER) and its corresponding decision threshold value denoted as $\tau _{EER}$ .

A common way to evaluate the level of threat exhibited by a certain database is to use a so called two-scenario or two-step protocol [4], [5], [38]. The two steps are briefly summarized hereafter:

• Scenario 1, Normal Mode: The first scenario employs two types of users: Genuine (positives) and zero effort impostors (negatives). Therefore, both enrollment and verification is accomplished using bona fide finger vein samples. Through calculation of the FMR and FNMR, the EER can be computed and the decision threshold set at $\tau _{EER}$ . The normal mode can be understood as a biometric comparison evaluation experiment which has the goal to determine an operating point $\tau _{EER}$ for the second scenario.

• Scenario 2, Attack Mode: The second scenario uses genuine (positives) and presentation attack (negatives) users. Similar to the first scenario, enrollment is accomplished using bona fide samples. This time, however, verification attempts are performed by comparing presentation attack samples against their corresponding genuine enrollment templates. Given the threshold determined in step 1, the proportion of wrongly matched presentation attacks is then reported as the Impostor Attack Presentation Match Rate (IAPMR), as defined in the ISO/IEC 30107-3:2017 [6].

B. Presentation Attack Detection Setup

Throughout the following section, genuine scores (i.e., scores that descend from intra-subject comparisons) are viewed as bona fide scores and scores that descend from comparisons where an attack sample is compared to its bona fide counterpart are considered to be presentation attack scores.

Solving the presentation attack problem via combination of multiple similarity scores from different recognition schemes can be formally written as follows. Let $s_{ij}$ be the $i$ th comparison score out of $m$ total eligible comparisons that was assigned by the $j$ th recognition scheme out of $n$ considered recognition schemes at a time, i.e., $i \in \{1,\ldots, m\}$ and $j \in \{1,\ldots, n\}$ . Note that for an $i$ th comparison, every recognition scheme needs to compare the same biometric samples. Further, let $x_{i}$ be the vector $x_{i}\,=\,(s_{i1},\ldots, s_{in})$ that describes the $i$ th comparison by concatenation of all $n$ recognition schemes considered at a time. Let $\mathrm {\textbf {X}}$ be the set of all $m$ eligible comparisons from a certain database $\mathrm {\textbf {X}} = \{x_{1},\ldots, x_{m}\}$ . Since some of the following fusion strategies demand for training data, the set of all comparisons $\mathrm {\textbf {X}}$ is always divided into a train ${\mathbf {{X_{train}}}}$ and a test split ${\mathbf {{X_{test}}}}$ using 2-fold cross validation. The combined score that remains after score level fusion for the $i$ th comparison shall be denoted as $S_{i}$ . The comparison can then be classified as bona fide or attack comparison by simple thresholding of $S_{i}$ .

In total, seven score fusion strategies and six score normalization (including the possibility to omit normalization) approaches are included in the experiments. An illustration of this process can be seen in Figure 3.

Fig. 3.

Block diagram illustration of the presentation attack detection scheme evaluated in this article.

Show All

1) Fusion Strategies:

Three rather simple fusion strategies (Min-Rule Fusion, Max-Rule Fusion and Simple Sum-Rule Fusion) were adopted from [39] that are formally defined in equations (5)–​(7).

• Min-Rule Fusion

  $$\begin{equation*} S_{i} = \min \left ({x_{i} }\right)\tag{5}\end{equation*}$$ View Source\begin{equation*} S_{i} = \min \left ({x_{i} }\right)\tag{5}\end{equation*}

• Max-Rule Fusion

  $$\begin{equation*} S_{i} = \max \left ({x_{i} }\right)\tag{6}\end{equation*}$$ View Source\begin{equation*} S_{i} = \max \left ({x_{i} }\right)\tag{6}\end{equation*}

• Simple Sum-Rule Fusion

  $$\begin{equation*} S_{i} = \sum _{j=1}^{n} s_{ij}\tag{7}\end{equation*}$$ View Source\begin{equation*} S_{i} = \sum _{j=1}^{n} s_{ij}\tag{7}\end{equation*}

A more sophisticated method, Weighted Sum-Rule Fusion, is defined in equation (8). Here every similarity score is multiplied by a weighting constant. The weights remain constant for all subjects, thus also known as “Matcher Weighting” [40]. All weights together form a convex combination, i.e., are non negative and add up to one.

• Weighted Sum-Rule Fusion

  $$\begin{equation*} S_{i} = \sum _{j=1}^{n} s_{ij} * w_{j} \tag{8}\end{equation*}$$ View Source\begin{equation*} S_{i} = \sum _{j=1}^{n} s_{ij} * w_{j} \tag{8}\end{equation*}

To use the weighted sum rule fusion, a strategy has to be chosen on how to assign the weights $w_{j}$ . Snelick et al. [40] propose to choose weights indirect proportional to the error rates. Hence, the training split ${\mathbf {{X_{train}}}}$ is used to calculate an Equal Error Rate estimate $EER_{j}$ per recognition scheme $j$ . This decision can be justified since ${\mathbf {{X_{train}}}}$ consists of bona fide scores and presentation attack scores, therefore giving a rough estimate on how much a particular recognition scheme contributes to the PAD-task. The formula in equation (9) depicts the calculation of $w_{j}$ .

$$\begin{equation*} w_{j} = \frac {\frac {1}{EER_{j}}}{\sum _{v=1}^{n} \frac {1}{EER_{v}} }\tag{9}\end{equation*}$$ View Source\begin{equation*} w_{j} = \frac {\frac {1}{EER_{j}}}{\sum _{v=1}^{n} \frac {1}{EER_{v}} }\tag{9}\end{equation*}

In addition to the four fusion strategies above, three learning based classifiers are included in this study. The classifiers that are trained using ${\mathbf {{X_{train}}}}$ in order to predict the test data ${\mathbf {{X_{test}}}}$ per fold: (i) Linear Discriminant Analysis, (ii) Support Vector Machine with Linear Kernel and (iii) Support Vector Machine with Radial Basis Function Kernel.

A. Threat Evaluation

The experiments carried out in this section aim to evaluate how harmful the attack recipes used for creation of the attack samples in the databases from Section II are. To do so, every database undergoes the threat evaluation protocol described in Section III-A1. The results from the threat evaluation experiments are listed in Table I. The dashed horizontal line is meant to separate finger vein and palm vein results. Note that for the PLUS LED and PLUS Laser databases, where different attacks descend from the same bona fide samples, the reported EER values for thin and thick are equal since the error rate calculation is solely based on bona fide data.

TABLE I Results Threat Evaluation Using 2-Scenario-Protocol in Terms of EER and IAPMR. The Horizontal Line Separates Finger Vein (Above Dashed Line) and Palm Vein (Below Dashed Line) Experiments. Values in %

Using the same hyper-parameters per recognition scheme for every database makes the results more comparable, while performing an exhaustive grid search for every experiment could potentially lead to improved EER values. Lower EER values imply a better vein recognition performance. High IAPMR values indicate that a high proportion of the presented attack artifacts are wrongfully accepted.

B. Presentation Attack Detection Using Score Fusion

The PAD performance is reported in Table II in terms of detection equal error rate D-EER (operating point where BPCER = APCER), BPCER20 (BPCER at APCER $< =0.05$ ) and BPCER100 (BPCER at APCER $< =0.01$ ).

TABLE II Selection of Best Working Method Constellations in Terms of Detection Error Rate. Note That There are Often Multiple Eligible Options. Only the Constellation That Uses the Least Amount of Recognition Schemes as Possible. Values in %

For every database, an exhaustive cross combination including all the described fusion strategies, normalization techniques and recognition algorithms is applied. This results in 7 (fusion) * 6 (normalization) * $32\,\,767\,\,(2^{15}-1$ , all possible combinations of the 15 recognition algorithms) = 1 376 214 D-EER values per database. The results reported in Table II are the best working constellation for a given database in terms of D-EER, that is, if a single best constellation exists. For the case where multiple method constellations result in the same D-EER (especially the PLUS databases tend to have many solutions that would yield 0.00% D-EER, i.e., perfect separation), the method constellation is reported that uses as the least amount of feature extraction schemes as possible. The employed recognition schemes for the best working constellation are indicated using a check symbol. The fact that the PLUS databases are well separable also coincides with the observation from Section IV-A, where the PLUS samples were only a major threat to one category of recognition algorithms (the ones that extract binary images of vessel structures as feature images). This can be explained by the visual difference as seen in Fig. 1, which is due to the process used to create these kind of attack samples.

For further analyzing the contribution of every recognition scheme, fusion strategy and score normalization method, the following figures depict their relative occurrence in the best working constellations. For better visibility which methods provide the most valuable information, only those method constellations which yield D-EERs $< 5\%$ are considered. To keep the plots easy to interpret, the databases are split into PLUS databases (Figs. 6 and 7) and the rest (Figs. 4 & 5). It is important to note that for the PLUS databases, roughly 95% of all 1 376 214 method constellations would be included within the 5% D-EER threshold, resulting in mostly uniform distributions. Therefore, the threshold for the PLUS databases was reduced to D-EERs $< 0.5\%$ , where a subset of roughly 13% out of all method constellations remain.

Fig. 4.

Influence of each recognition scheme for the best (D-EER $< 5\%$ ) constellations.

Show All

Fig. 5.

Influence fusion strategies (left) and score normalization (right) schemes for the best (D-EER $< 5\%$ ) constellations.

Show All

Fig. 6.

Influence of each recognition scheme for the best (D-EER $< 0.5\%$ ) constellations.

Show All

Fig. 7.

Influence fusion strategies (left) and score normalization (right) schemes for the best (D-EER $< 0.5\%$ ) constellations.

Show All

It can be concluded that through combination of fundamentally different approaches, complementary information is available that finally leads to the ability to reasonably well detect presentation attacks. While perfect separation of bona fide and attack samples is not always achieved, using a combination of multiple recognition schemes for this task constitutes a method that has not been explored so far in the domain of hand-vascular biometrics. Of course, however, by doing so, the ability to detect presentation attacks is limited by the performance of the considered recognition schemes, which could potentially be improved by exhaustive hyper parameter optimization.