Table 1.2: General properties of the selected databases.
Databases Replay-Attack DB [Chingovska12] CASIA-FASD [Zhang12] MSU-MFSD [Wen15] MorphoMAD [Kose13a] # subjects 50 50 35 20 # samples 1200 600 280 392 Authentication protocol still slight movements (expression changes, pose variations)
still little pose variations but eye-closed Illumination adverse
controlled adverse adverse controlled
Sensor
Built-in webcam MacBook 13"
(320*240)
• Low cost webcam (640*480) • Standard webcam (480*640) • Sony NEX-5 (1920*1080) • Built-in camera in MacBook Air 13" (640*480) • Nexus 5 Android phone (720*480) NIR camera (480*640) Impostor camera Canon PowerShot SX150: - 12.1 Mp photos - 720p video at 30 fps Sony NEX-5: - 1080p video at 25 fps • Canon PowerShot 550D SLR: - 18 Mp photos - 1080p videos • iPhone 5S: - 1080p videos 3D scanner Attack type • print photo • photo on iPhone • photo on iPad • video on iPhone • video on iPad • warped photo • cut photo • video on iPad • print photo
• video on iPad silicone mask
Attack distance close-up, full view mid-range, face only close-up, full view mid-range Display manner hand-held & fixed hand-held with
simulated motion fixed
wearing the mask with closed eyes
1.3 Vulnerability of 2D face recognition systems against fake faces
In order to evaluate the vulnerability of unprotected 2D face recognition systems against spoofing attacks, we investigate multiple face verification use-cases under the treat of state of the art spoofing attacks. Intrinsically, face recognition systems are resistant to spoofing attacks to some degree. For instance, if the fake face is too different from the enrolled real access sample due to geometric distortions or low quality recapture the authentication attempt is viewed as belonging to a different identity and is rejected. Our goal is to assess how easy it is to fool a face verification system using state of the art spoofing attacks. First, the face recognition algorithm used in our experiments is described. Then, the evaluation of its resistance against various spoofing attacks is investigated under several use-cases.
1.3. Vulnerability of 2D face recognition systems against fake faces 20 1.3.1 Face recognition algorithm
The architecture of the face recognition algorithm is presented in figure 1.8. First, faces extrac- tion is performed using the Pittpat 5.0.2 SDK. Eyes are located and a face registration procedure geometrically aligns the face so that eyes are horizontal. Extracted faces are cropped and resized to 128*128 pixels. Then, face images are converted into gray-scale before performing illumination corrections using Tan and Triggs preprocessing scheme [Tan10b]. A baseline face recognition algo- rithm based on Gabor features and Principal component analysis is used to represent face images into a suitable space for matching. The matching is performed using a nearest neighbours classifier and the cosine Mahalanobis distance. In our experiments, the system is used in verification mode meaning that a one-to-one matching procedure compares the input sample with the claimed iden- tity template registered in the system during the enrolment phase. The implementation is based on the Matlab toolbox5 provided by Vitomir Struc [Štruc10].
Figure 1.8: Face recognition pipeline.
1.3.2 Evaluation of the resistance of 2D face recognition towards spoofing at- tacks
Our goal is to assess the permeability of unprotected systems against fake faces. Attacks from the ReplayAttack, CASIA and Morpho databases are considered to investigate most of existing attack scenarios. First, experiments on close-up replay attacks are conducted using the ReplayAttack database. Second, mid-range attacks from the CASIA database are considered. Finally, mask attacks from the MorphoMAD are evaluated. Because different acquisition conditions are used to capture the face from one database to the other, the face recognition algorithm is tuned on the training set (gallery) for each database. Only one image per identity is used to build the gallery in our experiments and also a single query image per identity is considered during the deployment phase (verification phase). For each identity claim, three different cases occur:
• the real client corresponding to the claimed identity checks in (real access). • an impostor checks in (zero-effort attack).
• an impostor checks in with a fake face corresponding to the claimed identity (spoofing attack).
Hence, we analyse the matching score for each of these scenarios. Only one real access attempt and one spoofing attack attempt are tested for one identity claim whereas N-1 zero-effort attacks are tested where N denotes the number of clients enrolled in the face recognition system database.
5
1.3. Vulnerability of 2D face recognition systems against fake faces 21
(a) ReplayAttack-DB (b) CASIA-FASD (c) MORPHO-MAD
Figure 1.9: Distribution of face recognition scores. The vertical line corresponds to the matcher threshold.
The decision threshold to accept or reject an authentication attempt is set so that there is the same error rate between false rejections and false acceptances with respect to real access and zero-effort attacks.
Use-case1: close-up attacks from ReplayAttack-DB The ReplayAttack database contains video recordings of real accesses and close-up replay attacks which cover the whole view hiding the spoofing medium borders. Only one frame is extracted from the video to perform the face verification. This database contains a specific set for building the gallery of identity templates during the enrolment phase. The distribution of the matching scores for real access, impostor attempts (also referred as zero-effort attacks) and spoofing attacks are reported in figure 1.9a. The face recognition system obtains almost perfect recognition performance as the EER = 0.01%. However, the spoofing attack success rate is very high with 98% for print attacks, 94% for mobile attacks and 96% for iPad attacks.
Use-case2: mid-range attacks from CASIA-FASD The CASIA database contains video recordings of real accesses and mid-range replay attacks which hide the face of the impostor. Only one frame is extracted from the video to perform face verification. As this database does not contain an enrolment set, another frame is extracted to build the gallery. The distribution of the matching scores for real access, impostor attempts (also referred as zero-effort attacks) and spoofing attacks are reported in figure 1.9b. Similarly to the ReplayAttack case-study, the face recognition system obtains perfect recognition performance as the EER = 0.01% and the spoofing attack success rate is very high with 98% for print attacks, 98% for print eye-cut attacks and 100% for video iPad attacks.
Use-case3: Mask attacks from Morpho-MAD This database contains pictures of authen- tication attempts of real access and realistic mask attacks using a near infra-red camera. The distribution of the matching scores for real access, impostor attempts (also referred as zero-effort attacks) and mask attacks are reported in figure 1.9c. The system recognizes perfectly each indi- vidual but fails to detect efficiently mask attacks as 26% of them bypass the system.
1.4. State-of-the art in face anti-spoofing 22