Security in Face-recognition systems

In the last decade, there has been an increasing interest in human automatic secure identification, mainly based on biometric information (Jain et al., 2008). Biometrics, unlike non –biometric systems, uses physical or behavioural characteristics in order to identify an individual. An example which most of us are familiar is the face recognition system existing on some airports at the passport control points. One of the reasons of the growing interest in biometrics rather than non-biometrics is the relatively easy to steel information such a password or credit card information (Meadowcroft, 2008)

Several types of biometrics have been investigated over the years: fingerprint (Hasan and Abdul-Kareem, 2013; Marasco and Ross, 2015; Peralta et al., 2014), hand geometry (Al Eidan, 2013; Kah Ong Michael et al., 2012), palmprint (Tamrakar and Khanna, 2016),voice (Yadav and Mukhedkar, 2013; Choi et al., 2015), face (Zhao et al., 2003; Feng et al., 2016; Dora et al., 2017), and handwrittensignature (Sanmorino and Yazid, 2012). Among the listed; face recognition stands out by far due to costs and being the most polyvalent; being widely used in passport controls, video surveillance and social media as most of us are familiar. Regarding to domestic uses, a wide range of suppliers entered the market offering surveillance cameras which initially were available with low resolution but quickly improved to high resolution and included new features; like motion detection, cloud technology and the new IQ cameras which come equipped with face recognition technology. As example of these products, as seen in nest.com website nest IQ cameras are commercially available in both indoor and outdoor format allowing the householder to teach the camera to tell the difference between faces that it sees, so over the time it can start to recognize authorized members. In the event that the camera spots an unfamiliar face, the user gets an alert to the phone, being able to view the camera footage; however; the user doesn’t get any alert if the system understand as familiar face and individual spot on camera. The face recognition is possible thanks to complex algorithms used by the system; storing the information in a library which is shared by all the cameras existing in the property. At least one of the camera needs to go over a “learning period” where the user needs to constantly monitor and review the face library and camera outputs in order to train the algorithms and help them become more accurate. Ideally, over the time, the householder would only get an alert if an individual caught on camera is effectively an intruder.

Unfortunately, the technology has the handicap of security and forensics as is common that face recognition systems are a target among hackers. Fooling a camera equipped with face recognition system could be as easy as carry a picture of an authorized user and presenting it to the camera, process that we called “spoofing”. “Spoofing” is a technique which seeks to fool a face recognition system by using a picture of a resident, so the hacker would pass the face recognition test (Hadid, 2014) and the system would carry out the action normally since it recognized the intruder as authorized user (in this case, it won’t send an alert to the householder) compromising the home security and the integrity of the occupiers and their belongings. In order to combat these attacks, countermeasures in spoofing have been developed over the past decade(Souza, Oliveira, Pamplona, & Papa, 2018),. However, the research is still on, and currently the technology is far from being fully reliable against these attacks.

Forensics in face recognition systems: How the attacks are carried out?

The most basic attack is by using a flat printed photo. Since nowadays almost everybody uses social media; for an impostor it could be as easy as download a picture from an authorized user and use it to fool the camera. Most of the cameras equipped with face recognition have also anti-spoofing system that could normally pick up these attacks, since they are very simple. Another techniques that are used could involve using and eye-cut photo, where the eye regions is cut so the impostor can wear the picture as a mask. This exhibit blink behaviour, so it’s harder for the system to pick it up. Other common techniques are using a warped photo; which consists in bending a photo to simulate facial motion, making it harder for the system to notice the attack.

More sophisticated attacks are carried out by the hacker wearing a mask, pretending to be identified for the system as an authorized user. Mask attacks are normally group in two types: paper mask and 3D printed masks. The most recent 3D printers can create masks that are so realistic that truly resembles a copy of an individual. These attacks are the most complex attacks to be detected by the system. (Souza et al., 2018) discuss that mask manufacturing is much more difficult and expensive than other types of attacks, requiring 3D scanning and printing special devices, while a flat printed photo can be easily done by anybody with practically neither cost nor effort. Even though, despite the costs issues the author points in regards to 3D masks; a research on the internet quickly shows that 3D mask manufacturers are offering 3D realistic masks at relatively affordable prices. This points that even in the scenario where the system could pick up a basic attack (paper attack) is not guaranteed that burglary couldn’t take place of the system can’t deal with 3D realistic masks. Other types of attacks consist in using video playback. Blink patterns, facial expressions, users movements are captured in a video and shown to the camera. The modern video editing software available nowadays allows to easily create and manipulate video footage, which could be used to hack the system.

#security #2factorauthentication #passwords