Prof. Zhang Kehuan Designs “Face Flashing” Protocol to Increase Precision of Face Recognition and Blocks Log In Attacks

2018-07-19

The System Security Lab led by Prof. Zhang Kehuan, Assistant Professor, Department of Information Engineering, has designed a new challenge-response protocol for liveness detection. Light from a display screen will be projected to a human face and the reflected light will be captured by a camera to analyse the time interval between the challenge and response.

Liveness detection is considered an important defense technique to prevent various 2D dynamic attacks like the reproduction and copying of human facial information. Most importantly, it is a support to the management of security and privacy in a smart city.  The new protocol, which was announced in one of the world’s top cybersecurity conferences “The Network and Distributed System Security Symposium” (NDSS) held in San Diego this February, and has drawn wide attention in the research community and industry.

The rapid advance of artificial intelligence and deep learning is boosting innovation with a wide range of face recognition technologies which include unlocking desktops or mobile devices, mobile payment, and even automatic payment-enabled stores. However, human facial information is easy to capture and reproduce, which makes face authentication systems vulnerable to attacks. For instances, adversaries can simply obtain and exploit any number of professional and sophisticated printed photographs, dynamic video streams from social networks, and even a realistic mask to trick and attack the facial recognition logins and cause economic loss. To counter such attacks, liveness detection methods have been developed during the past decade. Users are required to respond in accordance with certain displayed instructions, such as blinking or head movements, and all these responses will then be captured and verified to ensure that they come from a real human being instead of being synthesised. However, these methods do not provide a strong security guarantee because adversaries may be able to bypass them by using modern computers. More specifically, the verification process is lengthy and complicated.

Prof. Zhang explained, “The key factor for liveness detection methods is that the time required for a human to respond to a movement challenge is long and varies among individuals. Adversaries can synthesise the response faster than the legitimate user by using powerful processors and algorithms. Therefore, previous protocols could not establish liveness detection solely on the basis of response time.”

To overcome these limitations, Prof. Zhang’s team has proposed a new liveness detection protocol called “Face Flashing” that significantly raises the bar for launching successful attacks on face authentication systems and there is no need for additional hardware installations. Under this protocol, the display screen emits light randomly in one of the eight colours (the challenge), including the three primary colours, red, green and blue, and subsequently uses a camera to capture the light reflected from the face (the response). By analysing the reflected light, the system can quickly differentiate real human faces from fake ones. This is because human faces have uneven geometry, textures and characteristics. Since the screen flashes randomly generated colours and verifies the reflected light, there is almost no chance for adversaries to forge a response during authentication and this provides a strong security guarantee for face recognition.

Prof. Zhang Kehuan (right) and his PhD student TANG Di (left) have developed “Face Flashing” protocol. They are now discussing with a local company to put the protocol into practical use.

Prof. Zhang explains that the new protocol uses light reflection for identification and is able to distinguish a real face from photo or video footage, which hugely increases the bar for an attack. The verification accuracy is up to 98% and most consumer camera and screen can support the use of the protocol.