Saturday, March 2, 2024

Fake Face Fest — A Quick Overview of Biometric Antispoofing in China

The technology of “biometric identification”, while being a relatively recent know-how, has been widely represented in sci-fi movies and literature for decades. We’ve all seen villains and heroes using complicated devices to gain access to personal vaults, military installations, private bunkers etc. 

Frequently we see these systems being hacked as well. The spoofing tools are using gelatin fingerprints, fake eye retinas, and so on. How close is this representation to reality? Let’s take a closer look, based on one of the world’s most electronically advanced countries — China. 

First, let’s talk about spoofing in general. Liveness spoofing is a malicious activity aimed at gaining access to confidential info and/or personal valuables by using forged or counterfeit biometric data: photos, fingerprints, retina-based identification etc.

First attempts

Chinese liveness detection and anti-spoofing systems existed since the introduction of such methods back in the early 2000s. The earliest Chinese facial recognition and liveness detection systems were mostly based on the Western technology, such as the US Army’s Defense Advanced Research Projects Agency (DARPA) Ferret project. 

It was as an early example of such technology that contained a major drawback: it worked only under ideal conditions (front-side visa/passport photos) and with an approximate rate of 73% effectiveness.

With the first experiments conducted by the Chinese banks and financial institutions, the first challenges appeared: systems were unreliable, often failing to recognize the image of a person using them. Plus, they were easily fooled by lighting and artificially altered images. 

Gradual improvement of the technology involved several steps aiming at the security boost before anti-spoofing systems could be effectively put into use. 

Among a huge number of methods and technologies used in China we can highlight two of them based on facial recognition and widely implemented by such financial and technological giants as Bank of China, AliBaba, Tencent and others.

These methods include real-time polarized face anti-spoofing (PAAS) and Presentation Attacks Detection (PAD). Let’s first compare the two major systems in use.

          Picture: Example of the machine image analysis, using the PAD method

They shall not PAAS 

The first one of those (PAAS) uses a light polarization method, which implies the machine learning-based analysis of light reflection, using real faces, mock faces (dolls and sculptured faces) and computerized images. 

This is a greatly simplified outlook. However, it describes the main operative method of the system. As researchers from the Tianjin Academy for Intelligent Recognition Technologies outline in their comprehensive study of the topic

Because polarization reveals the information of shape, material, roughness and other attributes of an object, it becomes extremely difficult to imitate or change it by a third party for malicious intents.


The Presentation Attack Protection (PAD) is yet another method of anti-spoofing, developed, patented and maintained by a group of researchers from the Chinese branch of Institute of Electrical and Electronics Engineers (IEEE). 

This method is employed on a different level of biometric data recognition, compared to the PAAS method, described earlier. 

First and foremost it aims at creating a comprehensive network that would eliminate the difference in camera recognition effectiveness, which naturally stems from differences in quality and sensitivity of camera lenses, matrixes and other parts.

What PAD does is a complex analysis of the second, “underlying” layer of the face presented. Compared to the first layer, analyzed by the PAAS technology, PAD “disassembles” the image it’s “seeing” to quickly search for some small defects or any other altering clues that the second layer of the picture/video might contain.


The aforementioned Chinese technologies, as well as any complementary methods have found wide use in different areas, from e-banking to school exams. 

For instance, anti-spoofing and liveness detection technologies are widely used in university examinations, to confirm the identity of the student passing an exam. 

This measure prevents another person from taking an exam instead of an actual entrant, which is an illegal paid service, widely used throughout China.

So, we can conclude that throughout the early 2000s and up to this, China has been developing and implementing numerous methods aimed at raising its liveness detection in anti-spoofing technologies. We will cover the history of this process in the next article. Stay tuned! 

More information about liveness and anti-spoofing technologies you can be read on the liveness wiki – Here.


Latest articles

AI Worm Developed by Researchers Spreads Automatically Between AI Agents

Researchers have developed what they claim to be one of the first generative AI...

20 Million+ Cutout.Pro User Records Leaked On Hacking Forums

CutOut.Pro, an AI-powered photo and video editing platform, has reportedly suffered a data breach,...

CWE Version 4.14 Released: What’s New!

The Common Weakness Enumeration (CWE) project, a cornerstone in the cybersecurity landscape, has unveiled...

RisePro Stealer Attacks Windows Users Steals Sensitive Data

A new wave of cyber threats has emerged as the RisePro information stealer targets...

Golden Corral Restaurant Chain Hacked: 180,000+ Users’ Data Stolen

The Golden Corral Corporation, a popular American restaurant chain, has suffered a significant data...

CISA Warns Of Hackers Exploiting Multiple Flaws In Ivanti VPN

Threat actors target and abuse VPN flaws because VPNs are often used to secure...

BEAST AI Jailbreak Language Models Within 1 Minute With High Accuracy

Malicious hackers sometimes jailbreak language models (LMs) to exploit bugs in the systems so...

Live Account Takeover Attack Simulation

Live Account Take Over Attack

Live Webinar on How do hackers bypass 2FA ,Detecting ATO attacks, A demo of credential stuffing, brute force and session jacking-based ATO attacks, Identifying attacks with behaviour-based analysis and Building custom protection for applications and APIs.

Related Articles