An Iris-Based Authentication Framework to Prevent Presentation Attacks

Abstract

Attacks on authentication services are major security concerns. Password-based authentication systems can be compromised using known techniques, such as brute force and dictionary-based attacks. Biometric-based authentication systems are becoming the preferred choice to replace password-based authentication systems. Among several variations of biometrics (e.g., face, eye, fingerprint), iris-based authentication is commonly used in various applications. In iris-based authentication systems, iris images from legitimate users are captured and certain features are extracted to be used for matching during the authentication process. Literature works suggest that iris-based authentication systems can be subject to presentation attacks where an attacker obtains printed copy of the victim's eye image and displays it in front of an authentication system to gain unauthorized access. Such attacks can be performed by displaying static eye images on mobile devices or ipads (known as screen attacks). Since human iris features so not changed, once the iris image is compromised, it is hard to avoid this type of attack. To address this challenge, this paper proposes a framework for iris code generation by considering the changes of the area between the pupil and the sclera due to light density level. The proposed approach relies on capturing iris images using near infrared light. We train HaarCascade and LBP classifiers to capture the area between the pupil and the cornea. The image of iris is then stored in the database. This approach also generates a QR code from the iris. The code acts as a password and the user is required to provide it during authentication. A prototype is built using OpenCV platform tool. The prototype has been tested using samples obtained from publicly available iris database. The initial results show that the proposed approach has lower false positive and false negative rates.