In recent years face recognition has become a widely used biometric approach. Apple has popularized its use with FaceID in the iPhone X, taking it from a far-fetched technology to an ordinary one. Face recognition has become more direct, user-friendly and convenient than other biometric recognition methods. The technology is vulnerable though. Face recognition technology can be spoofed by non-real faces such as portrait photographs. To secure face recognition technology liveness detection needs to be ingrained into its system. Liveness technology will make facial recognition technology use become more widespread and secure.
What is Liveness Detection
Detection of liveness is the ability of a biometric system—usually as a part of an identity verification solution—to distinguish the difference between the spoof and a real person. This feature is a must-have in the identification sector because it plays a crucial role in authenticating a person.
There is a variety of ways to detect liveness of a person. Detection occurs on different properties of the human body such as blood flow, precipitation, pulse, blood pressure, thermal, hippus (pupil movement), saccade (eye movement). Detection can also occur utilizing bodily responses to external stimuli such as blinking of the eyes, turning the head, smiling or speaking a phrase at a specific time.
Why Liveness Detection Matters
Biometric authentication systems can be susceptible to spoofing attacks; nevertheless, different sophisticated anti-spoofing technologies can be developed and implemented that may significantly raise the level of difficulty of such attacks. Liveness technology is a key aspect of a robust identity solution which will enhance the security, reliability, and effectiveness of the biometric system and provide more accurate identity verification.
Attacks on biometric systems fall broadly into two categories: presentation attacks (direct attacks) and indirect attacks.
The term presentation attack refers to making a presentation to the sensor with the goal of manipulating the system into an incorrect decision. The term spoofing is a related less formal term, and liveness technology can be considered as one of the countermeasures to detect a presentation attack. Commonly envisioned goals of a presentation attack are to impersonate a targeted identity or to evade recognition. Direct attacks aim to generate synthetic biometric samples (for instance, speech, fingerprints or face images) in order to fraudulently access a system vulnerability point in a biometric security system. They will attack at the sensor level.
It is worth noting that in this type of attack no specific knowledge about the system operation is needed (matching algorithm used, feature extraction, feature vector format, etc). Furthermore, the attack is carried out in the analog domain, outside the digital limits of the system, so the digital protection mechanisms (digital signature, watermarking…) cannot be used.
Indirect attacks to detection of liveness include attacks that might be carried out using a Trojan Horse that bypasses the feature extractor, and the matcher respectively. Fraudsters may manipulate the system database (a template is changed, added or deleted) in order to gain access to the application. Other examples are thought to exploit possible weak points in the communication channels of the system, extracting, adding or changing information from them. Unlike direct attacks, during indirect attacks the intruder needs to have some information about the inner working of the recognition system and, in most cases, physical access to some of the application components (feature extractor, matcher, database…) is required.
Liveness as a part of Identity Verification
Some identity verification solutions offer liveness tests as a part of verification procedures. This process is easy for all users to perform and will not deter them from completing the authentication process.
Other identity verifiers have different ways of using this liveness technology. For example, some prefer having users write a random statement on paper and then holding that up to liveness detector. This can be intimidating to certain subjects who may not feel comfortable using this method. This method can especially be a pain point when literacy rates play a role in customer onboarding. Even simple access to pen and paper can irritate clients and deter them. Thus, it is important to consider all aspects of a product.
Many identity solutions will incorporate biometric systems into their products but being knowledgeable about what solution is best for your clients and corporation should be a priority. It is best to select a product that has multiple identity checks and includes detection of liveness. Liveness detection should be a standard part of any biometric component. There are many creative ways liveness technology can be used within identity verification solutions, but it is critical to find the most universal and seamless solution. It is the key to customer satisfaction and providing an overall user-friendly application.