The System Security Lab led by Prof. ZHANG Kehuan has designed a new challenge-response protocol for liveness detection. Light from a display screen will be projected to a human face and the reflected light will be captured by a camera to analyse the time interval between the challenge and response.
Liveness detection is considered an important defense technique to prevent various 2D dynamic attacks like the reproduction and copying of human facial information. Most importantly, it is a support to the management of security and privacy in a smart city. The new protocol, which was announced in one of the world’s top cybersecurity conferences “The Network and Distributed System Security Symposium” (NDSS) held in San Diego this February, and has drawn wide attention in the research community and industry.
The rapid advance of artificial intelligence and deep learning is boosting innovation with a wide range of face recognition technologies which include unlocking desktops or mobile devices, mobile payment, and even automatic payment-enabled stores. However, human facial information is easy to capture and reproduce, which makes face authentication systems vulnerable to attacks. For instances, adversaries can simply obtain and exploit any number of professional and sophisticated printed photographs, dynamic video streams from social networks, and even a realistic mask to trick and attack the facial recognition logins and cause economic loss. To counter such attacks, liveness detection methods have been developed during the past decade. Users are required to respond in accordance with certain displayed instructions, such as blinking or head movements, and all these responses will then be captured and verified to ensure that they come from a real human being instead of being synthesised. However, these methods do not provide a strong security guarantee because adversaries may be able to bypass them by using modern computers. More specifically, the verification process is lengthy and complicated.
Prof. Zhang explained, “The key factor for liveness detection methods is that the time required for a human to respond to a movement challenge is long and varies among individuals. Adversaries can synthesise the response faster than the legitimate user by using powerful processors and algorithms. Therefore, previous protocols could not establish liveness detection solely on the basis of response time.”
To overcome these limitations, Prof. Zhang’s team has proposed a new liveness detection protocol called “Face Flashing” that significantly raises the bar for launching successful attacks on face authentication systems and there is no need for additional hardware installations. Under this protocol, the display screen emits light randomly in one of the eight colours (the challenge), including the three primary colours, red, green and blue, and subsequently uses a camera to capture the light reflected from the face (the response). By analysing the reflected light, the system can quickly differentiate real human faces from fake ones. This is because human faces have uneven geometry, textures and characteristics. Since the screen flashes randomly generated colours and verifies the reflected light, there is almost no chance for adversaries to forge a response during authentication and this provides a strong security guarantee for facerecognition.
The team has spent more than a year collecting a large data set from real world scenarios and has done prototype testing. It has proven to be effective and efficient. Only three seconds are needed to gather enough responses for authentication and distinguish a 2D fake image from a real human face. The accuracy is as high as 98.8% in a variety of settings, and still reaches 97.3% accuracy under the least desirable settings.
Another main challenge of “Face Flashing” is the way to capture reflected light. Prof. Zhang remarked, “Instead of a single capture of the shape, we have been trying repeatedly in our experiments to determine the optimal number of colours to be used to ensure a strong security guarantee and accord with the simple employment of the working mechanism of standard screens and mobile cameras, while tackling the potential problem with colour difference. Face Flashing can be adopted in various types of mobile phones, computers, and other authentication devices at low cost, and without difficult or additional hardware installations. And we are delighted to explore the way to commercialise this technology in the near future.”
* * * * *
(The above article is quoted from the press release of Communications and Public Relations Office, CUHK)