Face Recognition: Reliable Security or Just Cool Technology?

You are living in the future. While everybody else is using passwords, pins, and badges, all you need is a glance – your face authentication system recognizes you and access is granted. Despite this sounding like a scene from The Jetsons cartoon, it might already be a reality for you. If you unlock your smartphone by looking at it, you’re experiencing the convenience of biometric face authentication. The only question is whether this convenience sacrifices security.

While face authentication can theoretically offer unparalleled security, most systems can still be easily spoofed. Presentation attacks, which include displaying a biometric sample such as a photo or video to gain someone else's access or privileges, are simple to perform against most face authentication systems. There are three types of facial spoof attacks:

  • Print attacks: the attacker uses someone’s photo. The picture can be printed or displayed through a smartphone or tablet.
  • Video attacks: a short video is presented to the scanner. This spoof attempts to fool the authenticator by providing extra data in the form of live facial movement.
  • 3D masks: this is the most sophisticated form of attack. In this scenario, the attacker tries to provide movement data as well as attempting to fool depth sensors.

Despite suffering simple-to-execute but effective attacks, biometric companies are not waving the white flag in the facial authentication versus spoofing war - they are fighting back. There are anti-spoofing technologies that aim to protect against these attacks; however, they have their own drawbacks. The most popular technique is the response test, where the scanner randomly asks the individual to perform a specific action, such as smiling, turning their face sideways or blinking. Besides being easily spoofed, this technique also adds time and feels unnatural, diminishing the user experience and often resulting in displease with the authentication system.

The leading biometric authentication systems are starting to use neural networks with machine learning to detect presentation attacks. This provides the most advanced abilities to detect whether the subject is a real live person or an attempted spoof. ImageWare Systems is at the forefront of anti-spoofing technology and is in the final stages of releasing an industry-leading solution with unmatched levels of security.

Without infallible anti-spoofing technology, biometric authentication as a password replacement is all but useless since presentation attacks are relatively simple. Combining top-notch facial recognition with easy-to-use, frictionless anti-spoofing is the only way to guarantee both user adoption and security. The face recognition industry is confronted with a binary choice: either have it all or have nothing. ImageWare seems to be the only player on the field right now.