-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
This is in response to #18 about related to having a standardized template for a toolbox. There are 4 files in the main folder (here BIO is used to mark the modality, so this should be EYE, FACE, FINGER, etc): PAD Testing - the description of anything specific to this modality that needs to be documented (in addition to the toolbox overview) along with an introduction to the toolbox. List - a table list of all the tests and any applicability notes (like these are only relevant with certain types of sensors or other considerations) Inventory - a list of the inventory that is used in the test, things like paper, printers, camera, the things used to make the PAI References - external references for any of the attacks (a master list) Within the main folder there would then be subfoldlers marked with XX_<attack category>_attacks. The XX would be numbering for increasing difficulty (i.e. the lowest level PAI, simplest to create would be 01, the most difficult test would be the top number). The <attack category> would be some sort of title that would provide some clarity as to what the tests will be used as a source for the PAI. Within each folder then, you would have the files names XX_YY_attack where the XX matches the folder number and YY is the test number. The List table should match out all the numbers. While I don't have it in here, there is a (Vx) listing for some of the tests, this is when there is a number of variants for the specific test available (so a test with a V1 and V2 would have 2 variants in addition to the "base" test). This could be handled in another way though. This used the eye tests to fill out the template, but I didn't modify any of the files.
- Loading branch information
Brian Wood
committed
Sep 20, 2019
1 parent
3aa4f84
commit d84364a
Showing
22 changed files
with
1,376 additions
and
0 deletions.
There are no files selected for viewing
69 changes: 69 additions & 0 deletions
69
BIO_Toolbox-template/01_Physical_Photo_attacks/01-01_attack.adoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,69 @@ | ||
| == Number | ||
|
|
||
| Eye 1-1 | ||
|
|
||
| == Attack type | ||
| Eye, printed photo attack | ||
|
|
||
| ==== Total Number of Species | ||
| This attack has *2* species to be tested. | ||
|
|
||
| == Overview | ||
| _In this attack, user’s face digital image is not available but photo of the target can be used to create PAI._ | ||
|
|
||
| == Input | ||
|
|
||
| Photo of target user that meet the following conditions:: | ||
| * photo was taken under controlled environment where the background of the scene is uniform, the light in the office is switched on and the window blinds are down | ||
| * photo was taken right after the target user’s enrolment and under the same environment to reduce the possibility that the PAI is rejected because of the difference of the background scene or expression | ||
| * target user’s eyes are open and iris is mostly visible (i.e. well lit room) | ||
| * photo includes user’s full face | ||
|
|
||
| == Tools | ||
|
|
||
| * T.1a, type 2 | ||
| * T.2, type 1 | ||
| * T.3, type 1 | ||
| * T.4, type 2 | ||
| * M.1, type 2 | ||
|
|
||
|
|
||
| == Recipe | ||
|
|
||
| . Attacker scans user’s photo image and saves it in his PC. Resolution of scanner (dpi) should be, for example, 300-600 dpi that achieves best quality of image. | ||
| . Attacker crops the face image using basic image editing software (e.g. Microsoft Paint) to enlarge it to cover as much of the paper as possible while maintaining the original image aspect ratio. If multiple options are available for enlarging the image, an option that achieves best image quality should be selected. Attacker doesn’t use image editing software to enhance quality of face image (such attack is considered later). | ||
| . Attacker prints it out on photo paper. Printer resolution should be, for example, 600 dpi that achieves best quality of image (set to photo print). | ||
|
|
||
| == Variations | ||
|
|
||
| === Variation 1 | ||
| _This variant uses different printer and paper for the same test._ | ||
|
|
||
| Tools and Materials changes:: | ||
| * T.3, type 2 | ||
| * M.1, type 1 | ||
|
|
||
| Recipe changes:: | ||
| * The attacker prints at 600 dpi (or higher) to achieve the best quality print. | ||
|
|
||
| == Prerequisite | ||
|
|
||
| Target user turns on the eye unlock and registers user’s eye following instructions provided by the device and manual under the controlled environment. | ||
|
|
||
| If the ST covers the multiple configurations for eye unlock, the same test should be done for all configurations. | ||
|
|
||
| == Presentation | ||
| Attacker presents the photo to the device by hand at controlled environment. Attacker adjusts the distance between the photo and the device seeing relevant attack video clip or attacker adjusts to right distance so that the device camera can’t see the edge of photo. Attacker also presents the photo to minimize the reflection from ambient lighting. | ||
|
|
||
| == PAD technique | ||
| During scanning, enlarging and copying the image, lots of information like high frequency information of original eye will be lost. Such changes can be detected by, for example, LBP that require relatively low computational power. | ||
|
|
||
| == Reference | ||
| There is no research paper that conduct attacks following this scenario. All PAIs were created using live image of target user, not photo image of the user in all researches. | ||
|
|
||
| == Attack Potential | ||
| tbd | ||
|
|
||
| == Pass Criteria | ||
| All unlock attempts shall be rejected. Proposed algorithms in the existing research papers are capable to detect this primitive attack. | ||
|
|
57 changes: 57 additions & 0 deletions
57
BIO_Toolbox-template/01_Physical_Photo_attacks/01_02_attack.adoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,57 @@ | ||
| == Number | ||
| Eye 1-2 | ||
|
|
||
| == Attack type | ||
| Eye, printed photo attack with contact lens | ||
|
|
||
| ==== Total Number of Species | ||
| This attack has *1* species to be tested. | ||
|
|
||
| == Overview | ||
| _In this attack, user’s face digital image is not available but photo of the target can be used to create PAI._ | ||
|
|
||
| == Input | ||
| Photo of target user that meet the following conditions:: | ||
| * photo was taken under controlled environment where the background of the scene is uniform, the light in the office is switched on and the window blinds are down | ||
| * photo was taken right after the target user’s enrolment and under the same environment to reduce the possibility that the PAI is rejected because of the difference of the background scene or expression | ||
| * target user’s eyes are open and iris is mostly visible (i.e. well lit room) | ||
| * photo includes user’s full face | ||
|
|
||
| == Tools | ||
|
|
||
| * T.1a, type 2 | ||
| * T.2, type 1 | ||
| * T.3, type 2 | ||
| * T.4, type 2 | ||
| * M.1, type 1 | ||
| * M.2, type 1 | ||
|
|
||
|
|
||
| == Recipe | ||
| . Attacker scans user’s photo image and saves it in his PC. Resolution of scanner (dpi) should be, for example, 300-600 dpi that achieves best quality of image. | ||
| . Attacker crops the face image using basic image editing software (e.g. Microsoft Paint) to enlarge it to cover as much of the paper as possible while maintaining the original image aspect ratio. If multiple options are available for enlarging the image, an option that achieves best image quality should be selected. Attacker doesn’t use image editing software to enhance quality of face image (such attack is considered later). | ||
| . Attacker prints it out on photo paper. Printer resolution should be, for example, 600 dpi that achieves best quality of image (set to photo print). Printed photo should have iris size equal to normal iris size. | ||
| . Contact lens is placed on top of iris on photo (place a lens over each visible iris). | ||
|
|
||
| == Variations | ||
| None | ||
|
|
||
| == Prerequisite | ||
| Target user turns on the eye unlock and registers user’s eye following instructions provided by the device and manual under the controlled environment. | ||
|
|
||
| If the ST covers the multiple configurations for eye unlock, the same test should be done for all configurations. | ||
|
|
||
| == Presentation | ||
| Attacker presents the photo with contact lens attached to the device by hand at controlled environment. Attacker adjusts the distance between the photo and the device seeing relevant attack video clip or attacker adjusts to right distance so that the device camera can’t see the edge of photo. Attacker also presents the photo to minimize the reflection from ambient lighting. | ||
|
|
||
| == PAD technique | ||
| During scanning, enlarging and copying the image, lots of information like high frequency information of original eye will be lost. Such changes can be detected by, for example, LBP that require relatively low computational power. | ||
|
|
||
| == Reference | ||
| There is no research paper that conduct attacks following this scenario. All PAIs were created using live image of target user, not photo image of the user in all researches. | ||
|
|
||
| == Attack Potential | ||
| tbd | ||
|
|
||
| == Pass Criteria | ||
| All unlock attempts shall be rejected. Proposed algorithms in the existing research papers are capable to detect this primitive attack. |
52 changes: 52 additions & 0 deletions
52
BIO_Toolbox-template/01_Physical_Photo_attacks/01_03_attack.adoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,52 @@ | ||
| == Number | ||
| Eye 1-3 | ||
|
|
||
| == Attack type | ||
| Eye, digital photo attack | ||
|
|
||
| ==== Total Number of Species | ||
| This attack has *1* species to be tested. | ||
|
|
||
| == Overview | ||
| _This attack scenario changes the spoofing medium from the paper to the screen._ | ||
|
|
||
| == Input | ||
| Photo of target user that meet the following conditions:: | ||
| * photo was taken under controlled environment where the background of the scene is uniform, the light in the office is switched on and the window blinds are down | ||
| * photo was taken right after the target user’s enrolment and under the same environment to reduce the possibility that the PAI is rejected because of the difference of the background scene or expression | ||
| * target user’s eyes are open and iris is mostly visible (i.e. well lit room) | ||
| * photo includes user’s full face | ||
|
|
||
| == Tools | ||
| * T.1a, type 2 | ||
| * T.2, type 1 | ||
| * T.4, type 2 | ||
| * T.5, type 2 | ||
|
|
||
| == Recipe | ||
| . Attacker scans user’s photo image and saves it in his PC. Resolution of scanner (dpi) should be, for example, 300-600 dpi that achieves best quality of image. | ||
| . Attacker crops the face image using basic image editing software (e.g. Microsoft Paint) to enlarge it to cover as much of the paper as possible while maintaining the original image aspect ratio. If multiple options are available for enlarging the image, an option that achieves best image quality should be selected. Attacker doesn’t use image editing software to enhance quality of face image (such attack is considered later). | ||
| . Attacker displays it on the screen. | ||
|
|
||
| == Variations | ||
| None | ||
|
|
||
| == Prerequisite | ||
| Target user turns on the eye unlock and registers user’s eye following instructions provided by the device and manual under the controlled environment. | ||
|
|
||
| If the ST covers the multiple configurations for eye unlock, the same test should be done for all configurations. | ||
|
|
||
| == Presentation | ||
| Attacker presents the mobile device to the screen by hand at controlled environment. Attacker adjusts the distance between the screen and the device seeing relevant attack video clip or attacker adjusts to right distance so that the device camera can’t see the bezels of screen. Attacker also presents the screen to minimize the reflection from ambient lighting. | ||
|
|
||
| == PAD technique | ||
| During scanning, enlarging and copying the image, lots of information like high frequency information of original eye will be lost. Such changes can be detected by, for example, LBP that require relatively low computational power. | ||
|
|
||
| == Reference | ||
| There is no research paper that conduct attacks following this scenario. All PAIs were created using live image of target user, not photo image of the user in all researches. | ||
|
|
||
| == Attack Potential | ||
| tbd | ||
|
|
||
| == Pass Criteria | ||
| All unlock attempts shall be rejected. Proposed algorithms in the existing research papers are capable to detect this primitive attack. |
59 changes: 59 additions & 0 deletions
59
BIO_Toolbox-template/02_Selfie_Image_attacks/02-01_attack.adoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,59 @@ | ||
| == Number | ||
| Eye 2-1 | ||
|
|
||
| == Attack type | ||
| Eye, printed photo attack | ||
|
|
||
| ==== Total Number of Species | ||
| This attack has *2* species to be tested. | ||
|
|
||
| == Overview | ||
| _In this attack, normal quality of target user’s digital face image is available to attacker._ | ||
|
|
||
| == Input | ||
| Digital image of target user that meet the following conditions:: | ||
| * captured by the mobile device camera whose resolution is at least equal to the front-facing camera of the device to be tested (or to use a second device of the same model). Evaluator shall not use the specific mobile device that embeds the TOE (because the TOE may be trained using images captured by the mobile device) | ||
| * photo was taken under controlled environment where the background of the scene is uniform, the light in the office is switched on and the window blinds are down | ||
| * photo was taken right after the target user’s enrolment and under the same condition to reduce the possibility that the PAI is rejected because of the difference of the background scene or expression | ||
| * target user’s eyes are open and iris is mostly visible (i.e. well lit room) | ||
| * photo includes user’s full face | ||
|
|
||
| == Tools | ||
| * T.1a, type 1 | ||
| * T.3, type 1 | ||
| * T.4, type 2 | ||
| * M.1, type 2 | ||
|
|
||
| == Recipe | ||
| . Attacker prints it out on photo paper. Printer resolution should be, for example, 600 dpi that achieves best quality of image (set to photo print). | ||
|
|
||
| == Variations | ||
| === Variation 1 | ||
| _This variant uses different printer and paper for the same test._ | ||
|
|
||
| Tools and Materials changes:: | ||
| * T.3, type 2 | ||
| * M.1, type 1 | ||
|
|
||
| Recipe changes:: | ||
| * The attacker prints at 600 dpi (or higher) to achieve the best quality print. | ||
|
|
||
| == Prerequisite | ||
| Target user turns on the eye unlock and registers user’s eye following instructions provided by the device and manual under the controlled environment. | ||
|
|
||
| If the ST covers the multiple configurations for eye unlock, the same test should be done for all configurations. | ||
|
|
||
| == Presentation | ||
| Attacker presents the photo to the device by hand at controlled environment. Attacker adjusts the distance between the photo and the device seeing relevant attack video clip or attacker adjusts to right distance so that the device camera can’t see the edge of photo. Attacker also presents the photo to minimize the reflection from ambient lighting. | ||
|
|
||
| == PAD technique | ||
| Different types of image aliasing appear during the recapture of the image that can be detected by the PAD. [Patel et al., 2015] study the PAD method that can be implemented on the mobile device. | ||
|
|
||
| == Reference | ||
| For example, see [Zhang et al., 2012], [Patel et al., 2015] and [Boulkenafet et al., 2017] | ||
|
|
||
| == Attack Potential | ||
| tbd | ||
|
|
||
| == Pass Criteria | ||
| All unlock attempts shall be rejected. Proposed algorithms in the existing research papers are capable to detect this primitive attack. |
53 changes: 53 additions & 0 deletions
53
BIO_Toolbox-template/02_Selfie_Image_attacks/02-02_attack.adoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,53 @@ | ||
| == Number | ||
| Eye 2-2 | ||
|
|
||
| == Attack type | ||
| Eye, printed photo attack with contact lens | ||
|
|
||
| ==== Total Number of Species | ||
| This attack has *1* species to be tested. | ||
|
|
||
| == Overview | ||
| _This attack scenario changes how to present the PAI and add a contact lens to adjust how the image is presented to the sensor._ | ||
|
|
||
| == Input | ||
| Digital image of target user that meet the following conditions:: | ||
| * captured by the mobile device camera whose resolution is at least equal to the front-facing camera of the device to be tested (or to use a second device of the same model). Evaluator shall not use the specific mobile device that embeds the TOE (because the TOE may be trained using images captured by the mobile device) | ||
| * photo was taken under controlled environment where the background of the scene is uniform, the light in the office is switched on and the window blinds are down | ||
| * photo was taken right after the target user’s enrolment and under the same condition to reduce the possibility that the PAI is rejected because of the difference of the background scene or expression | ||
| * target user’s eyes are open and iris is mostly visible (i.e. well lit room) | ||
| * photo includes user’s full face | ||
|
|
||
| == Tools | ||
| * T.1a, type 1 | ||
| * T.3, type 1 | ||
| * T.4, type 2 | ||
| * M.1, type 2 | ||
| * M.2, type 1 | ||
|
|
||
| == Recipe | ||
| . Attacker prints target user’s face image on photo paper using the printer. | ||
| . Contact lens is placed on top of iris on photo (place a lens over each visible iris). | ||
|
|
||
| == Variations | ||
| None | ||
|
|
||
| == Prerequisite | ||
| Target user turns on the eye unlock and registers user’s eye following instructions provided by the device and manual under the controlled environment. | ||
|
|
||
| If the ST covers the multiple configurations for eye unlock, the same test should be done for all configurations. | ||
|
|
||
| == Presentation | ||
| Attacker presents the photo with contact lens attached to the device by hand at controlled environment. Attacker adjusts the distance between the photo and the device seeing relevant attack video clip or attacker adjusts to right distance so that the device camera can’t see the edge of photo. Attacker also presents the photo to minimize the reflection from ambient lighting. | ||
|
|
||
| == PAD technique | ||
| Different types of image aliasing appear during the recapture of the image that can be detected by the PAD. [Patel et al., 2015] study the PAD method that can be implemented on the mobile device. | ||
|
|
||
| == Reference | ||
| For example, see [Zhang et al., 2012], [Patel et al., 2015] and [Boulkenafet et al., 2017] | ||
|
|
||
| == Attack Potential | ||
| tbd | ||
|
|
||
| == Pass Criteria | ||
| tbd |
53 changes: 53 additions & 0 deletions
53
BIO_Toolbox-template/02_Selfie_Image_attacks/02-03_attack.adoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,53 @@ | ||
| == Number | ||
| Eye 2-3 | ||
|
|
||
| == Attack type | ||
| Eye, digital photo attack | ||
|
|
||
| ==== Total Number of Species | ||
| This attack has *1* species to be tested. | ||
|
|
||
| == Overview | ||
| _This attack scenario changes the spoofing medium from the paper to the screen._ | ||
|
|
||
| == Input | ||
| Digital image of target user that meet the following conditions:: | ||
| * captured by the mobile device camera whose resolution is at least equal to the front-facing camera of the device to be tested (or to use a second device of the same model). Evaluator shall not use the specific mobile device that embeds the TOE (because the TOE may be trained using images captured by the mobile device) | ||
| * photo was taken under controlled environment where the background of the scene is uniform, the light in the office is switched on and the window blinds are down | ||
| * photo was taken right after the target user’s enrolment and under the same condition to reduce the possibility that the PAI is rejected because of the difference of the background scene or expression | ||
| * target user’s eyes are open and iris is mostly visible (i.e. well lit room) | ||
| * photo includes user’s full face | ||
|
|
||
| == Tools | ||
| * T.1a, type 1 | ||
| * T.4, type 2 | ||
| * T.5, type 2 | ||
|
|
||
| == Recipe | ||
| . Attacker downloads user’s photo image and saves it in his PC. | ||
| . Attacker crops the face image using basic image editing software (e.g. Microsoft Paint) to enlarge it to cover as much of the screen as possible while maintaining the original image aspect ratio. If multiple options are available for enlarging the image, an option that achieve best image quality should be selected. Attacker doesn’t use image editing software (e.g. Photoshop) to enhance quality of face image (such attack is considered later) | ||
| . Attacker displays it on the screen. | ||
|
|
||
| == Variations | ||
| None | ||
|
|
||
| == Prerequisite | ||
| Target user turns on the eye unlock and registers user’s eye following instructions provided by the device and manual under the controlled environment. | ||
|
|
||
| If the ST covers the multiple configurations for eye unlock, the same test should be done for all configurations. | ||
|
|
||
| == Presentation | ||
| Attacker presents the mobile device to the screen by hand at controlled environment. Attacker adjusts the distance between the screen and the device seeing relevant attack video clip or attacker adjusts to right distance so that the device camera can’t see the bezels of screen. Attacker also presents the screen to minimize the reflection | ||
| from ambient lighting. | ||
|
|
||
| == PAD technique | ||
| Different types of image aliasing appear during the recapture of the image that can be detected by the PAD. [Patel et al., 2015] study the PAD method that can be implemented on the mobile device. | ||
|
|
||
| == Reference | ||
| For example, see [Zhang et al., 2012], [Patel et al., 2015] and [Boulkenafet et al., 2017] | ||
|
|
||
| == Attack Potential | ||
| tbd | ||
|
|
||
| == Pass Criteria | ||
| tbd |
Oops, something went wrong.