Is liveness detection essential for secure facial recognition?
Due to its simplicity and wide-spread acceptance by the public world-wide, facial recognition is rapidly becoming a leading approach to biometric-enabled security. Since the November 2017 release of the iPhoneX, which was the first mainstream deployment of a mobile device with 3D facial recognition, use of the technology has spread throughout the industry, and it is now estimated that over a billion smartphones will use 3D facial scanning in the next two years.
As the technology has matured, reliability has improved to the point that the Department of Homeland Security’s 2018 Biometric Technology Rally recorded a 99.44% successful acquisition rate for facial recognition.
Like all security systems, though, biometrics are subject to attack by individuals attempting to bypass authentication. Google divides these threats into two categories: spoofing, in which an attacker attempts to fool the system with a non-live representation, such as a photo or video recording, and imposter attacks, in which the attacker attempts to impersonate the legitimate user via some form of disguise. 3D facial scanning, itself, is a defense against imposters, but spoofing requires a more concerted technological approach, which is known as “liveness detection”.
Liveness detection is a technique that aims to detect spoofing attempts by evaluating whether the face being scanned is a live human being or a fake representation. Liveness may be determined actively, by having the user perform an action, such as turning the head or smiling, or passively, by detecting indicators of a non-live image without requiring user interaction. When combined with 3D facial recognition, liveness detection can dramatically reduce the likelihood of an attacker successfully bypassing the authentication.
But liveness detection increases the amount of processing and, potentially, the amount of network data exchange required to process an authentication request. This can complicate deployment and may slow the user experience, potentially leading to adoption challenges for facial recognition as an access method. While many system and venue access scenarios do indeed mandate the most secure configuration possible, we believe that the specifics of the individual usage context should drive this decision.
For example, at an attended registration desk or doorway, where recognition is done as part of a one-on-one exchange with a clerk or security agent, it would not be feasible to spoof the biometric with a printed image or pre-recorded video. In these applications, it is beneficial for liveness to be configured off, thus reducing the complexity of the biometric check without putting security at risk.
VerifyID understands the critical nature of access security and creates solutions that offer configurability to tailor to the specific needs of the environment in which our products operate. This flexibility, coupled with our proprietary identity verification processes, differentiates our Identity-as-a-Service platform from all others in the industry. If this platform sounds like something that may benefit you or your team, contact us.