Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
ISO/IEC 25706:2022 — Biometrics — Presentation Attack Detection (PAD)
ISO/IEC 25706:2022
Presentation Attack Detection (PAD) is a critical security component in modern biometric systems. ISO/IEC 25706:2022 establishes a comprehensive framework for evaluating and testing the ability of biometric systems to distinguish between genuine biometric samples and artificial presentations (spoof attacks). As fingerprint, facial recognition, iris scanning, and voice authentication systems become ubiquitous in consumer electronics, border control, banking, and healthcare, the threat of presentation attacks has escalated dramatically. This standard provides a structured methodology for assessing PAD performance, ensuring that biometric deployments maintain security integrity against increasingly sophisticated spoofing techniques.
PAD technology is evolving rapidly. The standard is designed to be technology-agnostic, meaning it applies equally to fingerprint, face, iris, voice, and other biometric modalities. Review the specific attack types relevant to your modality.
Presentation attacks using deepfake-generated facial images or high-resolution printed iris images are increasingly difficult to detect. Evaluate your PAD solution against level-2 (unknown attack types) to ensure robustness against novel spoofing methods.
The standard classifies attacks into two broad categories: artifact-based (e.g., silicone fingerprints, printed iris patterns) and human-based (e.g., Cadaver, gummy fingers, or altered gait). Understanding this taxonomy is the foundation of any PAD evaluation plan.
Deploying a biometric system without PAD evaluation is a security liability. Regulatory frameworks such as GDPR and financial compliance requirements increasingly mandate documented PAD testing. Ignoring this can lead to catastrophic authentication failures.
1. PAD Performance Metrics and Classification
The standard defines several key performance metrics that are essential for evaluating PAD effectiveness. The Attack Presentation Classification Error Rate (APCER) measures the proportion of attack presentations incorrectly classified as genuine, while the Bona Fide Presentation Classification Error Rate (BPCER) measures the proportion of genuine presentations incorrectly classified as attacks. These two error rates form the foundation of PAD performance characterization. Additionally, the standard introduces the concept of Attack Type (AT) to differentiate between various spoofing methods.
Always validate PAD performance at multiple operating points, not just the Equal Error Rate (EER). Production systems often require very low APCER at the cost of marginally higher BPCER — understand your deployment’s risk tolerance.
Silicone and gelatin fingerprint attacks have different material properties. Your PAD test plan should include both. Testing with only one material type gives a false sense of security.
Liveness detection techniques (e.g., pulse oximetry, perspiration pattern analysis) can complement PAD but are not covered directly by this standard. Consider layering multiple detection mechanisms.
APCER and BPCER alone do not capture the full picture. Always inspect the Attack Type detection rate and confusion matrix to understand which attack types your system handles poorly.
2. PAD Evaluation Methodology
ISO/IEC 25706 prescribes a rigorous evaluation methodology that includes the selection of appropriate attack instruments, the definition of attack presentation protocols, and the statistical analysis of results. The standard emphasizes the importance of representative datasets that include both bona fide presentations and a diverse range of attack presentations covering different attack types, quality levels, and presentation instruments. The evaluation protocol must consider factors such as presentation environment, sensor interaction, and operator variability.
| Performance Metric | Symbol | Definition | Ideal Target |
|---|---|---|---|
| Attack Presentation Classification Error Rate | APCER | Proportion of attack presentations incorrectly classified as bona fide | As close to 0% as possible |
| Bona Fide Presentation Classification Error Rate | BPCER | Proportion of bona fide presentations incorrectly classified as attacks | Application-dependent |
| Average Classification Error Rate | ACER | (APCER + BPCER) / 2 | Minimize |
| Attack Type Detection Rate | ATDR | Proportion of attack types correctly identified | > 90% recommended |
A well-structured PAD test plan should include at least three distinct attack types (level-0), and preferably extend to level-1 or level-2 testing where attack types unknown to the system developer are included. This ensures generalization capability. The standard also provides guidance on statistical confidence intervals and sample size determination to ensure meaningful results.
Warning: Testing with only known attack types (level-0) provides a highly optimistic assessment. Real-world attackers will use techniques your system has never seen. Level-2 testing with unknown attack types is strongly recommended for any security-critical deployment. This is where most commercial PAD solutions show significant performance degradation.
3. Engineering Design Insights for Robust PAD
Implementing a PAD solution that meets ISO/IEC 25706 requirements demands a multi-layered architectural approach. Hardware-based liveness detection (e.g., multispectral imaging, ultrasonic sensing) can be combined with software-based analysis (e.g., texture analysis, motion analysis, deep learning classifiers) to create a robust defense-in-depth strategy. The standard does not mandate specific technologies, enabling engineers to select the most appropriate combination for their application domain and cost constraints.
Key engineering considerations include: (a) sensor selection — higher resolution sensors capture more detail but also increase computational load; (b) feature extraction — handcrafted features (e.g., Local Binary Patterns, Gabor filters) can complement deep learning approaches; (c) classifier architecture — ensemble methods combining multiple classifiers typically outperform single-classifier approaches; and (d) update mechanisms — the ability to update PAD models post-deployment is critical for addressing emerging attack types. The standard recommends a modular architecture that supports model updates without full system revalidation.
Consider using a two-stage PAD pipeline: a fast lightweight classifier for real-time screening, followed by a more accurate but computationally expensive classifier for ambiguous cases. This balances security and user experience.
Evaluate your PAD system under real-world conditions including varying lighting, temperature, and sensor cleanliness. Laboratory performance rarely translates directly to field performance — environmental factors significantly impact PAD accuracy.
The choice between software-only and hardware-assisted PAD depends on your security requirements and cost budget. For high-security applications (e.g., border control, financial transactions), hardware-assisted approaches are strongly recommended.
Maintain a test database that grows over time. As new attack types emerge, add them to your evaluation set and retest. PAD is not a one-time evaluation — it requires continuous monitoring and improvement.
Frequently Asked Questions
Q: What is the difference between ISO/IEC 25706 and ISO/IEC 30107?
A: ISO/IEC 30107 is the more commonly referenced standard for presentation attack detection in biometrics. ISO/IEC 25706 was an earlier precursor standard that established the foundational concepts. ISO/IEC 30107-1 through -4 have largely superseded 25706 for detailed testing methodologies, but 25706 remains valuable for its comprehensive conceptual framework and historical context.
A: ISO/IEC 30107 is the more commonly referenced standard for presentation attack detection in biometrics. ISO/IEC 25706 was an earlier precursor standard that established the foundational concepts. ISO/IEC 30107-1 through -4 have largely superseded 25706 for detailed testing methodologies, but 25706 remains valuable for its comprehensive conceptual framework and historical context.
Q: Does ISO/IEC 25706 apply to all biometric modalities?
A: Yes, the standard is modality-agnostic. The concepts of APCER, BPCER, and attack classification apply equally to fingerprint, facial recognition, iris, voice, and even behavioral biometrics. However, the specific attack types and presentation instruments vary significantly by modality.
A: Yes, the standard is modality-agnostic. The concepts of APCER, BPCER, and attack classification apply equally to fingerprint, facial recognition, iris, voice, and even behavioral biometrics. However, the specific attack types and presentation instruments vary significantly by modality.
Q: What is the minimum sample size required for PAD testing per the standard?
A: The standard recommends at least 100 attack presentations per attack type and at least 1000 bona fide presentations for statistically meaningful results. However, for high-security applications, significantly larger sample sizes are recommended to achieve the required confidence intervals.
A: The standard recommends at least 100 attack presentations per attack type and at least 1000 bona fide presentations for statistically meaningful results. However, for high-security applications, significantly larger sample sizes are recommended to achieve the required confidence intervals.
Q: How often should PAD evaluation be repeated?
A: The standard recommends re-evaluation whenever the PAD algorithm is updated, when new attack types are identified, or at minimum annually. For continuously learning systems, ongoing monitoring with periodic formal evaluation is recommended.
A: The standard recommends re-evaluation whenever the PAD algorithm is updated, when new attack types are identified, or at minimum annually. For continuously learning systems, ongoing monitoring with periodic formal evaluation is recommended.
