Face/Off: Security challenges in the age of facial recognition

14
[ This article was originally published here ]

Facial recognition is rightfully held up as an accurate and secure method of safeguarding devices and ensuring more accurate identity proofing. It is, in essence, the new science of identity. But while facial recognition technology complements the need for ‘traditional’ security measures, such as username/password combinations and security checkpoints, it faces its own unique set of security challenges. The face switch scenario imagined in the John Travolta and Nicolas Cage classic movie Face/Off might seem a little far-fetched but concerns about attackers ‘stealing’ people’s faces have actually been realized in the past. We delve into some of the security challenges facing the technology below – as well as how it’s evolving to counter these threats.

Trading places

With earlier iterations of facial recognition, criminals were able to trick the cameras using photographs, video clips and even 3D masks. The aforementioned Face/Off envisioned a near-perfect face switch scenario that even allowed Travolta, pretending to be Cage’s character, to convince his loved ones of his authenticity. At the genesis of facial recognition, this scenario would have easily spoofed the early technology’s basic algorithms.

These days, the technology powering facial recognition has come on leaps and bounds. Using biometrics, facial recognition data identifies and verifies a person using a set of recognizable and verifiable data unique and specific to that person. Unlike traditional forms of ID – like passports or driving licenses – it’s very difficult to replicate a set of subtle and unique biometric identifiers like spacing of the eyes, the bridge of the nose, contour of the lips etc.

Then there’s liveness detection, which will look for indicators of a non-live image such as inconsistent features between foreground and background. They may ask the user to blink or move. They are needed to defeat criminals who try to cheat facial recognition systems by using photographs or masks.

The sleeping threat

One of the recurring concerns that followed on the heels of the adoption of Face ID by most major smartphone manufacturers was the ability to unlock someone’s phone by pointing it at their sleeping face. Others feared that people could essentially also be coerced into unlocking their phones by being forced into an authentication while the device was being held to their face.

This, clearly, could be a significant security flaw. However, most phone makers have anticipated this issue – in the case of the iPhone, it will only unlock if the users’ eyes are open which helps address the concern about being hacked while sleeping. As the technology enjoys incremental advances, it is constantly developing new ways to resist biometric fraud. Liveness detection again can check on blinking and face motion.

Another way to prevent a forced authentication is by using facial recognition as an element of the identification process. In low-risk scenarios, for example, facial recognition alone might be suitable. But where the risk is high, the system might demand multi-factor authentication such as password and fingerprint. For example, you might want to lock certain apps on your phone for an extra degree of security.

Security for any season

Fundamentally, it’s this versatility and convenience that makes facial recognition so key for a variety of use cases. The face is the most flexible biometric authentication tool as it can be put to use in a variety of settings and without sensors. As the technology continues to gallop ahead, it’s this combination of supreme security and flexibility that’s helping to drive widespread adoption of facial recognition tech – and ultimately helping to prevent the sort of criminal activity posited by films like Face/Off.

If you would like more information about our facial recognition technology you can visit our webpage to discover more.