I am a bit amazed about how excited sellers have become about facial recognition access control. Access control is fairly demanding about both being accurate and high throughput which I suspect many of these offerings will not be.
The one company who passed (LIPS) costs $5,000 (which will be hard to justify for most users) and still took 3 seconds to grant access, a large time for an application where walk-through / immediate recognition is key for employees entering:
Also, Charles came up with this while he was at Secutech, so he was only able to test with a limited number of options there. We certainly plan to do such tests on other systems in the future.
For deep learning / analytics, when companies say they are using Intel, they typically mean Movidius / Myriad, not conventional Intel CPUs. Related: Intel Neural Compute Stick 2 / Movidius AI Test
Biometrics can be considered as very long ... static passwords that never change and can be left everywhere. Yes proof of life techniques and such will make spoofing harder but doesn't change the basic fact that there is no encryption or even obfuscation in biometrics.
Photos of people are extremely easy to obtain - whether it is taking it off a person's social media profiles or from your phone's camera, getting a picture of most anyone's face is quite simple.
Videos of people’s faces are readily available in many cases as well. Would the heuristic methods you outline below likely be fooled by a playing a video?
Mouth/Lip Movement: For liveness confirmation, users moving their mouth to breathe or speak 'proves' they are not a printed image.
Eye Movement: In the same way, human eyes are not stationary, and even subtle movements of eyes indicate subjects are live people and not images.
Blink Detection: Photo images do not blink, so visual confirmation faces/eyes are blinking is a common liveness test.
Exactly! It seems like the machine learning methods can be easily bypassed by a video. Taking a video instead of a selfie? No problem. If some say that photos are more widely available than I would recommend to go on instagram; every second user has a story to share looking straight into the camera...
If the algorithm randomly dictates the movements that must be made - move eyes to left, move eyes to right - then it's highly unlikely that a prerecorded video would work.
What a shocker that is, only one passed and it's just a matter of time before it too fails. Right up there with oops, someone peeled my fingerprint from my phone and used it to spoof my phone fingerprint lock. Another demonstration of the failings of credentials based identification.
someone peeled my fingerprint from my phone and used it to spoof my phone fingerprint lock
Using online photos with a facial recognition system is generally easy to pull off since fingerprints are not readily available online. I am not discounting fingerprinting spoofing as a concern, just that getting a 'print' of someone's face is trivial.
Any system of any type can be spoofed if enough resources are devoted to the task.
As a biometric provider, our responsibility is to make spoofing as hard as possible, and liveness detection (with continuing R&D) is a key part of this.
As a biometric provider, our responsibility is to make spoofing as hard as possible
For sure, I am not discounting that but a facial recognition system that lets you use a photo to get in is like putting a stick-it of your password on top of your computer:
Hey, bottom line is any single factor authentication, regardless of the modality, is a poor practice. Multi-factor authentication (Something I know, Something I have, Something I am) is the best way to ensure you are protecting your ass-ets.
But the downside of multi-factor is inconvenience / reduced throughput. To be clear, I am not arguing against it, just pointing out that many buyers are concerned about those issues especially in non high-securty facilities.
As for single factor being 'poor practice', genuine question - how hard is it to spoof/trick iris? Strikes me that iris is less susceptible to such issues, yes/no?
Multi-factor defines that two or more credentials be used where one is proven ineffective. Given all are credentials one has to ask, can not all be defeated? And if the answer is No then the obvious next question is, why not use just the one that cannot be defeated? This is a rabbit hole of infinite depth so long as credentials are part of the process of identification. The better way is to identify people the way people identify people.
You're 100% correct when you say "Multi-factor defines that two or more credentials be used where one is proven ineffective." The point behind multi-factor authentication is that the credential hold must now successfully pass more than just one test to be granted access. So in the case we're discussing, you would need to have both the prox card and present the face that are associated with the account in question.
Right, and that's the point. If there's enough incentive to do so then both can be defeated independently or together, its just a degree of complexity you are discussing. Now on the other hand, a device that learns a set of your human traits to the point of recognition has two things going for it. One, it recognizes possession by human. Two, the human must exhibit the set of your human traits selected and recognized by the device. Try walking exactly like someone you know understanding that in addition to the obvious challenge you have to also spoof age, height and gender. And that's only one of the random set multiple traits.
I agree with you to a point. The idea with multi factor is to increase the difficulty in exploiting the various methods one after the other increases the level of protection. Again, traditional factors are something I have (RFID/Swipe cards), something I know (PIN/Password) and something I am (Face, finger, iris, gait).
Again, three different vectors that would each need to be exploited to gain access.
In my opinion I don't think that a person's gender, age or height qualify as independent vectors. I have had many discussions with colleagues as to whether multiple biometrics (face, finger and iris) would together constitute true multi factor authentication because they are all technically the same vector (something I am).
Learning traits only gets you so far because if you can spoof a face, fingerprint and/or iris (and you can) it doesn't do you any good if you don't also know a person's PIN/password.
With present technology, iris can also be an inconvenience. Face is easiest to capture (although not easy in all circumstances); fingerprint is somewhat easy (especially with a contactless fingerprint reader); iris is getting better, but is harder than the other two. Not sure about the possibilities of iris spoofing.
Like the old saying goes - good, fast or cheap-you can have any two but not all three. There is no question that a single factor is expedient. In terms of the non-high security facility which is currently using prox cards for example, you can add a face recognition layer that will not slow down your current throughput. That said, if you are a 'non-high security facility' why would you go to the trouble and expense to add in a second factor?
On the iris question, I'd have to defer to my iris brethren to address that one. Common sense says that you can easily find source material for a face spoof easier than an iris spoof though.
Multi-factor authentication requires two or more dissimilar factor tests. Using a PIN with a password, an access card with a token, or face with finger are not multi-factor tests.
Using two factor with face is very helpful when the first factor is a 1:Many test (e.g., access card) so the follow-on biometric test collapses to a 1:1 verification. This will deliver the highest biometric accuracy with the lowest false alarms. Iris technology is so strong it probably doesn't need this. Fingerprint vendors will claim the same biometric matching power, but data suggests otherwise.
That's interesting. Verification using multiple same factors is called: _________ ?
If a badge is equipped with a fingerprint reader, ie: Testing Zwipe Fingerprint Card is that still a single factor? Or is that still 2FA, to activate 1 Factor?
A badge with integral biometric can be designed to test the factors in parallel or series. In parallel each factor can be run in 1:Many identification mode, and then the result of each factor test has to be fused somehow for adjudication. Practically speaking it's unlikely to get more than one valid result from a 1:Many card read, and it's unlikely to not get more than one result from any biometric other than iris and maybe finger with a small database. So a serial approach makes a lot of sense and avoids the need for sophisticated factor fusion.
When combining two biometrics, like face and finger, or anything with a statistical result, having a means of improving the aggregate accuracy and suppressing false alarms requires some careful thought. Boolean logic is not the answer as it can do one only at the expense of the other.
Statically stored credentials are subject to harvesting, read Huge security flaw exposes biometric data of more than a million users - The Verge for example. Active behavioral biometrics of human traits of the owner of a smartphone is not statically stored and not subject to harvesting. Defeating an identification device that employs 5 or more such biometrics for identification is unlikely. To the point of MFA, the biometrics represent who you are, the smartphone is something you have and the login to that smartphone is something you know. For access control, the user flashes their QR, the controller delivers a fido like a challenge over ble to identifier app and retrieves a positive, negative, or no response depending on who has the smartphone. In more secure situations, the challenge message is delivered over the cell net and retrieved over ble to make life interesting for the MITM hacker.