Facial biometrics – using technology to recognize human faces – is slowly but surely replacing traditional, time-consuming identity verification methods. However, as everything that deals with sensitive data, facial biometrics systems are often targeted by fraudsters. To protect people’s privacy, money and valuable data, face recognition systems need an additional layer of security.

How to prevent face recognition spoofing

face spoof attack is an attempt to deceive a face recognition system using a substitute for another’s person’s face – usually their photo, video recording or a 3D mask. If the spoofing attack succeeds, the fraudster acquires privileges or access rights of another person.

Counter-spoofing methods addressing such attacks go under the general term of liveness detection. The purpose of liveness detection is to detect whether a face is “alive” or just a fraudulent reproduction.

There are two main approaches to liveness detection – active and passive. The active approach requires users to prove their “liveness” by interacting with the system. Passive liveness detection is invisible to the end user because it requires no action on their side.

Active face liveness detection

Active face liveness detection is interactive. The system asks the person in front of the camera to perform a few simple actions. For example, they could be asked to blink, smile, nod, etc. Those actions are randomized for additional security. The person must complete all actions successfully – only then are they “recognized”.

Liveness detection is a part of visage|SDK and can be easily integrated with FaceRecognition to provide an additional security layer.

Passive liveness detection

Active face detection provides strong protection against spoofing but it requires interaction from the user so it might not be a good fit for some use cases. For example, you probably wouldn’t be too happy if you had to perform a set of actions each time you wanted to unlock your smartphone. To ensure a faster and more convenient protection against spoofing, passive liveness detection is used.

Passive liveness detection is non-intrusive. In other words, there is usually no way for the user to know they are being tested. The system does everything on its own – users don’t have to pay any attention at all.

Face flash liveness

At Visage Technologies we’ve recently developed flash liveness as an anti-spoofing method. The project was funded by Visual Sweden.

Face flash liveness is based on reflectance. It’s meant to be used on devices that have a camera positioned close to their screen, such as smartphones, tablets, etc. That way, the screen can “flash” the face, allowing the camera to capture how the light from the screen reflects on the face. The algorithms can then determine whether the flashed face belongs to a live person, or it’s just a reproduction such as a photo or a video.

The application works in a simple way:

  1. visage|SDK detects the face in front of the camera;
  2. The screen momentarily turns white to act as a flash;
  3. Neural network analyzes the images;
  4. The screen turns red or green to indicate a live or a fake face, depending on the results.

 

Of course, in a real application, flash liveness detection algorithms would be integrated into the face recognition system. A detected fake face would then not be sent to the face recognition algorithm but, for example, block the application from further attempts.

Face flash liveness detection demonstration
Face flash liveness detection demonstration

Prevent biometric fraud with face liveness detection

Before our face can truly become the one and only key to our data, we have to make sure our safety is not at stake. That is what makes liveness detection a crucial addition to face recognition, especially when there is sensitive data involved.

Face anti-spoofing methods help ensure that no data gets into the wrong hands. So, if you want to protect your (clients’) data, don’t forget to power up your system with liveness detection or let us develop a reliable solution for you.

 

Original blog post