Gone are the days when people had to remember long and complex passwords or PIN codes to access their accounts. Nowadays, people can use their face as their main form of identification and authentication for accessing systems, much faster and easier than ever before.
But with such biometric authentication systems, come people trying to trick them with what is known as facial ‘spoofing’, the most common type of which is the mask attack. These attacks mandate the need for some form of prevention mechanism to prevent unauthorized and malicious access to private systems.
The Tech – Facial Recognition
To understand the mask spoofing techniques used to trick these systems, it is first important to understand how facial recognition works in the first place.
Facial recognition technology relies on advanced artificial intelligence and machine learning to be able to work. First, the system detects a face present in front of a camera, separating it from the background. It does this by detecting basic features that make up the face like the eyes, nose, mouth, and so on.
Then, the system extracts these facial landmarks from the face and uses them to create a facial map, which is a digital representation of the face, by assigning numerical values to each point and characteristic. In this way, it creates a facial template that it can use to compare against other faces.
Then, the system compares the face against other similarly stored faces, to see if any two of them match with each other. If they do, access is granted, otherwise it is denied.
Spoofing – Mask Attacks
Now, let’s come to what a face mask attack exactly is. These kinds of attacks form a subcategory of a kind of spoofing known as a presentation attack. They utilize different kinds of face masks to trick a system into believing you are someone authorized and allow you access to a system.
Many different kinds of masks may be used for this purpose, varying in the level of detail and complexity that they provide. The more simple ones involve basic paper or cardboard printouts/cutouts of a face.
As you get more advanced, highly realistic crafted masks made of silicon and other similar materials provide a very realistic-looking representation of a face. The most advanced forms of these are known as 3D mask attacks, which are highly sophisticated and often effective in fooling regular facial recognition systems.
Oftentimes these attacks are simply presentations of the face of an approved person in front of a system with the hope of fooling it. But often, more sophisticated attackers study the system in advance and create the mask especially to target specific vulnerabilities of the system. They take advantage of the fact that most of these systems were originally designed without taking into account the possibility of having to distinguish masks from real faces.
Prevention – Liveness Detection
Now that we have talked about this major threat to facial recognition systems, what is the solution to mask impersonation attacks? How can they be prevented?
Liveness detection is the most effective tool that currently exists to counter most forms of presentation or impersonation attacks. This tech can detect the difference between a living person present in front of the camera/scanning system, and a fake or synthetic face being used to trick the system. It is the current standard used by the majority of identity solution providers to combat this form of attack.
Liveness detection works on one of two mechanisms:
- Active Liveness Detection works by prompting the user to perform an additional, physical movement/action during the facial verification process, like turning their head in a certain direction or smiling at the camera. It then uses artificial intelligence to identify whether the movement is indicative of natural human movement.
- Passive Liveness Detection on the other hand words passively during a regular facial recognition movement, and tries to figure out from the natural micro-movements that occur in the face like blinking, as well as detecting natural human features like skin texture, to see if the movement is indicative of a live human being.
Advanced liveness detection mechanisms use 3D camera technology to add an additional layer of depth measurement to the liveness detection for what is known as 3D liveness detection. This helps to differentiate from and prevent the use of 2D pictures and images to trick the system.
In this way, liveness detection attempts to use these techniques to make sure that the input that is being provided to the camera is by the live person themselves, and not some attempt to spoof or trick the system to get unauthorized access.
Conclusion
A face recognition mask attack can create problems for biometric authentication systems, creating the need for an effective solution in the form of liveness detection. This solution can effectively secure biometric systems by detecting whether there is a live human being present in front of a camera.
