CUHK may have just revolutionized face authentication

CUHK Department of Information and Engineering assistant professor Kehuan Zhang (right) has developed a new technique for live testing during facial identification authentication

New technology developed at the Chinese University of Hong Kong has the potential to dramatically improve the security and precision of facial recognition systems.

The CUHK’s Department of Information and Engineering’s System Security Lab has designed a new challenge-response protocol for liveness detection during facial recognition authentication based on flashing lights.

The “face flashing” protocol involves light from a display screen projected onto a human face, with the reflected light then captured by a camera to analyse the time interval between the challenge and response.

System Security Lab leader and CUHK  Department of Information Engineering assistant professor Kehuan Zhang said rapid improvements in artificial intelligence and deep learning technology are giving rise to the development and adoption of a wide range of applications for facial recognition as a method of biometric authentication.

These include authenticating users while unlocking desktops and smartphones, authorizing mobile payments and even automatic payment stores.

But facial information is easy to capture and produce, so face authentication systems are vulnerable to attack, with hackers able to make use of printed photographs, dynamic video streams from social networks and even realistic 3D printed masks to trick facial recognition logins.

To mitigate this vulnerability, various methods for detecting liveness have been developed, such as requiring users to blink or make certain head movements, with the responses captured and verified to ensure they come from a real human.

But even these methods are potentially bypassable using modern computers, and the verification process is often lengthy and complicated.

“The key factor for liveness detection methods is that the time required for a human to respond to a movement challenge is long and varies among individuals,” he said.

“Adversaries can synthesise the response faster than the legitimate user by using powerful processors and algorithms. Therefore, previous protocols could not establish liveness detection solely on the basis of response time.”

The face flashing protocol has been developed to overcome this limitation. Using the protocol, a display screen emits light randomly using one of eight colors, and uses a camera to capture the reflected light.

The system is able to quickly differentiate real human faces from fake ones by searching for the uneven geometry, textures and characteristics of real skin. Because the flashes are randomly generated there is almost no chance for attackers to forge a response during the authentication window.

Zhang said the protocol takes just three seconds to gather enough responses for authentication and distinguish a 2D fake image from a real human face, with an accuracy of between 97.3% and 98.8% depending on the environment.

Another challenge involved in developing the technique was how to capture the reflected light.

“Instead of a single capture of the shape, we have been trying repeatedly in our experiments to determine the optimal number of colors to be used to ensure a strong security guarantee and accord with the simple employment of the working mechanism of standard screens and mobile cameras, while tackling the potential problem with color difference,” Zhang said.

“Face flashing can be adopted in various types of mobile phones, computers, and other authentication devices at low cost, and without difficult or additional hardware installations. And we are delighted to explore the way to commercialize this technology in the near future.”


Suggested Articles

HKSTP has commenced construction of its on-site residential building InnoCell, and teamed up with the Construction Industry Council on AI and robotics

Over three in four Hong Kong CIOs are finding it difficult to source qualified IT professionals as a result of the city's ongoing IT skills shortage

HCL reportedly left employee passwords, customer project reports and other sensitive data exposed online with no authentication