Thursday, October 10, 2024
HomeAntispoofingFake Face Fest — A Quick Overview of Biometric Antispoofing in China

Fake Face Fest — A Quick Overview of Biometric Antispoofing in China

Published on

The technology of “biometric identification”, while being a relatively recent know-how, has been widely represented in sci-fi movies and literature for decades. We’ve all seen villains and heroes using complicated devices to gain access to personal vaults, military installations, private bunkers etc. 

Frequently we see these systems being hacked as well. The spoofing tools are using gelatin fingerprints, fake eye retinas, and so on. How close is this representation to reality? Let’s take a closer look, based on one of the world’s most electronically advanced countries — China. 

First, let’s talk about spoofing in general. Liveness spoofing is a malicious activity aimed at gaining access to confidential info and/or personal valuables by using forged or counterfeit biometric data: photos, fingerprints, retina-based identification etc.

- Advertisement - EHA

First attempts

Chinese liveness detection and anti-spoofing systems existed since the introduction of such methods back in the early 2000s. The earliest Chinese facial recognition and liveness detection systems were mostly based on the Western technology, such as the US Army’s Defense Advanced Research Projects Agency (DARPA) Ferret project. 

It was as an early example of such technology that contained a major drawback: it worked only under ideal conditions (front-side visa/passport photos) and with an approximate rate of 73% effectiveness.

With the first experiments conducted by the Chinese banks and financial institutions, the first challenges appeared: systems were unreliable, often failing to recognize the image of a person using them. Plus, they were easily fooled by lighting and artificially altered images. 

Gradual improvement of the technology involved several steps aiming at the security boost before anti-spoofing systems could be effectively put into use. 

Among a huge number of methods and technologies used in China we can highlight two of them based on facial recognition and widely implemented by such financial and technological giants as Bank of China, AliBaba, Tencent and others.

These methods include real-time polarized face anti-spoofing (PAAS) and Presentation Attacks Detection (PAD). Let’s first compare the two major systems in use.

          Picture: Example of the machine image analysis, using the PAD method

They shall not PAAS 


The first one of those (PAAS) uses a light polarization method, which implies the machine learning-based analysis of light reflection, using real faces, mock faces (dolls and sculptured faces) and computerized images. 

This is a greatly simplified outlook. However, it describes the main operative method of the system. As researchers from the Tianjin Academy for Intelligent Recognition Technologies outline in their comprehensive study of the topic: 

Because polarization reveals the information of shape, material, roughness and other attributes of an object, it becomes extremely difficult to imitate or change it by a third party for malicious intents.

PAD


The Presentation Attack Protection (PAD) is yet another method of anti-spoofing, developed, patented and maintained by a group of researchers from the Chinese branch of Institute of Electrical and Electronics Engineers (IEEE). 

This method is employed on a different level of biometric data recognition, compared to the PAAS method, described earlier. 

First and foremost it aims at creating a comprehensive network that would eliminate the difference in camera recognition effectiveness, which naturally stems from differences in quality and sensitivity of camera lenses, matrixes and other parts.

What PAD does is a complex analysis of the second, “underlying” layer of the face presented. Compared to the first layer, analyzed by the PAAS technology, PAD “disassembles” the image it’s “seeing” to quickly search for some small defects or any other altering clues that the second layer of the picture/video might contain.

Usage


The aforementioned Chinese technologies, as well as any complementary methods have found wide use in different areas, from e-banking to school exams. 

For instance, anti-spoofing and liveness detection technologies are widely used in university examinations, to confirm the identity of the student passing an exam. 

This measure prevents another person from taking an exam instead of an actual entrant, which is an illegal paid service, widely used throughout China.

So, we can conclude that throughout the early 2000s and up to this, China has been developing and implementing numerous methods aimed at raising its liveness detection in anti-spoofing technologies. We will cover the history of this process in the next article. Stay tuned! 

More information about liveness and anti-spoofing technologies you can be read on the liveness wiki – Here.

Latest articles

Mozilla Warns Of Firefox Zero-Day Actively Exploited In Cyber Attacks

A critical use-after-free vulnerability affecting Firefox and Firefox Extended Support Release (ESR) is being...

SpyCloud Embeds Identity Analytics in Cybercrime Investigations Solution to Accelerate Insider and Supply Chain Risk Analysis & Threat Actor Attribution

IDLink, SpyCloud’s new automated digital identity correlation capability, is now core to its industry-leading...

Abusix and Red Sift Form New Partnership, Leveraging Automation to Mitigate Cyber Attacks

The agreement has marked over 600,000 fraudulent domains for takedown in just two months...

Hackers Exploiting Zero-day Flaw in Qualcomm Chips to Attack Android Users

Hackers exploit a zero-day vulnerability found in Qualcomm chipsets, potentially affecting millions worldwide.The flaw,...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

PostgreSQL Vulnerability Allows Hackers To Execute Arbitrary SQL Functions

A critical vulnerability identified as CVE-2024-7348 has been discovered in PostgreSQL, enabling attackers to...

Security Risk Advisors Announces Launch of VECTR Enterprise Edition

Security Risk Advisors (SRA) announces the launch of VECTR Enterprise Edition, a premium version...

4 Leading Methods of Increasing Business Efficiency 

The more efficient your core business operations, the more motivated and productive your employees...