Biometric recognition has been introduced to improve the reliability and the security for access control by an automatic assessment of an individual's identity. Improvement is granted by the fact that while traditional identification systems depend on a password to remember or a key to possess, a biometric is always with the individual and it can't be lost or forgotten.
As biometric recognition systems spread over and increase their performance, growing interest should be given to possible direct attack, where potential intruders may gain access to the system by directly interacting with the system input device, like a normal user would. Such attempts are commonly referred as spoofing attacks.
Among all the biometrics, face is the easiest to spoof because for a simple attack no specific technical skills (i.e. some attacks can be performed by ordinary people) and the biometric data is very easy to stole (e.g. taking photos from online profiles).
In general, there are three possible ways to generate a face spoof attack:
- taking a photo of a valid user
- reproducing a video of a valid user
- 3D model of a valid user
These types of attacks can be detected with the help of specific hardware sensors (IR sensors, stereoscopic cameras). However, a face recognition system should be built with very low cost hardware, and it should be also used for consumer applications, therefore, addition of specific hardware or interaction to ensure reliability is not a convenient solution. This implies that a "simple" photo spoofing attack can represent a security problem for a face recognition system. In fact, most of papers in the literature refer to the problem as a task of photo attack detection as it represents a cheap and effective way to perform an attack.
In 2011, we took part at the IJCB 2011 Competition on counter measures to 2D facial spoofing attacks , a competition on detecting print photo attacks. The paper describing the competition can be downloaded from this page.
For the competition we implemented a multi-clue approach, performing both video and static analysis in order to employ complementary information about motion, texture and liveness and consequently to obtain a more robust classification.
Static analysis tackles the visual characteristics of a photo attack. The visual representations that we propose to use are: Color and Edge Directivity Descriptor, Fuzzy Color and Texture Histogram, MPEG-7 Descriptors (like Scalable Color and Edge Histogram), Gabor Texture, Tamura Texture, RGB and HSV Histograms, and JPEG Histogram. For each frame, each of the above mentioned visual representations result in a specific score.
Video analysis aims to detect vitality clues. Clues examined in this work are motion analysis of the scene and the number of eye blinks that are represented by two independent scores.
Starting from our participation at the above competition we realized a prototype that can be used to detect face spoofing attacks based on the static analysis.
This tool has two modalities: batch and live.
The batch modality allows to process previously recorded videos to detect if the authentication attempts are genuine or spoof attacks.
The live modality allows to process the input from a webcam to detect if attempt is a real one or is a spoof attack.
Our tool can by tested by downloading a virtual machine that we prepared (you need the VMware Player to run it)(alternative download link). The virtual machine contains a linux based OS with all the necessary to run the tool. You need to allow the virtual machine to use your external webcam if you want to test the live modality.
Warning: our tool is still a prototype, and it can suffer from illumination changes.