Facial recognition: Attack types and anti-spoofing techniques

Author | Trung Anh Dang compile | Flin source | towardsdatascience

Thanks to rapid advances in computer science and electronics, facial recognition is now the world’s second-largest biometric authentication method after fingerprints in terms of market share.

Every day, more and more manufacturers are incorporating facial recognition into their products, such as Apple with facial recognition and banks with eKYC solutions for their onboarding processes.

Face recognition research main purpose is to improve the performance of verification and recognition task, on the contrary, in the past the research of face recognition system security vulnerabilities is less, until recent years, people begin to pay close attention to the different types of face recognition, including the detection of a biological characteristics is from a living person or a photo.

Two types of attacks used on facial recognition

As shown in the figure above, there are seven modules and points that can be targeted, divided into two types: demonstration attacks and indirect attacks.

Demonstrate against

The demonstration attack is carried out at the sensor level (1) without accessing the interior of the system.

The demo attack is related to a pure biometric vulnerability. In these attacks, an intruder fraudulently accesses a biometric system using some kind of artifact, such as a photograph, mask, synthetic fingerprint or printed iris image, or attempting to mimic the behavior of a real user (such as gait, signature).

Since “biometric is not a secret”, attackers are aware of the reality that a large amount of biometric data is exposed, showing a person’s face, eyes, voice and behavior, so they use these information resources to try to fool face recognition systems using the following example.

• The attacker uses photos of users to be impersonated.

• They use videos of users they want to emulate.

• Hackers can build and use 3D models of the faces being attacked, for example, hyper-realistic masks

We use anti-spoofing techniques to prevent these attacks.

Indirect attack

Indirect attacks can be performed on databases, matching communication channels, and so on (2-7). In this type of attack, the attacker needs access to the inside of the system.

Indirect attacks can be prevented by techniques related to “classic” network security, rather than biometrics, so we will not discuss them in this article.

Offensive way

Without demonstrative attack detection, most of the latest facial biometric recognition systems are vulnerable to simple attacks.

Often, facial recognition systems can be tricked by showing the camera a photo, video or 3D mask of the person being targeted. Or use makeup or plastic surgery. However, the use of photos and videos is the most common type of attack due to the high exposure and low cost of high-resolution digital cameras.

• Photo attacks: Photo attacks involve displaying a photo of the victim’s identity on a facial recognition system sensor.

• Video attack: An attacker can play a legitimate user’s video on any device that copies the video and then present it to the sensor/camera.

• 3D Mask attack: In this type of attack, the attacker builds a 3D reconstruction of the face and presents it to a sensor/camera.

• Other attacks: makeup, surgery

Anti-spoofing technique

Because most facial recognition systems are vulnerable to spoofing. Therefore, in order to design a secure face recognition system in real scenes, anti-spoofing technology should be the primary task from the initial planning of the system.

Because facial recognition systems try to distinguish between real users, there is no need to determine whether the biometric sample provided to the sensor is real or fake. They can be done in four different ways.

The sensor

We use sensors to detect real-time features in the signal.

Dedicated hardware

Detect signs of life with specialized hardware, such as 3D cameras, but it is not always deployable.

Challenge response method

Use the challenge response approach, where a demonstration attack can be detected by asking the user to interact with the system in a specific way.

• smile

• Facial expressions of sadness or happiness

• Head movements

algorithm

Using the following identification algorithms is inherently capable of resisting attacks.

Specular feature projection: Firstly, the projection of real data and false data is learned by describing the specular feature space corresponding to real images. Secondly, the SVM model is trained based on real projection, and then 3D mask projection and printed photo projection are used as anti-spoofing models for detection simulation.

Deep feature fusion: By studying the importance of color feature information of face image to face detection, deep convolutional neural network ResNet and SENet are used to construct a deep feature fusion network structure, which can effectively train relevant anti-spoofing data of face.

Image quality assessment: The method is based on a combination of image quality measures. The solution compares the raw image with the processed image.

Deep learning: This approach is based on a multi-input architecture that combines a pre-trained convolutional neural network model with a local binary pattern descriptor.

Biometric authentication method towardsdatascience.com/biometric-a…

How to implement it?

We can use anti-spoofing technology to build a demonstration attack detection system (PAD) and integrate it with facial recognition systems.

Using this method, the anti-spoofing system first makes a decision, and facial recognition only processes the sample if it is determined to be from a living person.

The original link: towardsdatascience.com/facial-reco…

Welcome to panchuangai blog: panchuang.net/

Sklearn123.com/

Welcome to docs.panchuang.net/