Types of presentation attacks in facial biometrics

The face, that seemingly familiar and intimate part of the body, has always been a reflection of our identity, a kind of interface between ourselves and the world around us. Nevertheless, the perception and treatment of the face have not remained constant throughout history.

David Le Breton, an anthropologist specialising in body studies, points out that the conception of the face has neither been uniform nor free of nuances. Its evolution is intimately linked to the human capacity to represent itself, which has been transformed as new tools and techniques have emerged to capture its essence.

The face as an ephemeral element

In pre-modern societies, the relationship to the face tended to be one of fugacity. People could not tangibly access their images. The face was perceived through the gaze of others, without the possibility of personal reflection. The invention of the mirror marked a turning point, offering a new form of introspection. Subsequently, photography provided a visual record and was able to transform the perception of the face into an object of personal and social analysis. With this new capacity for representation, the face acquired a symbolic charge that became intertwined with concepts of beauty, status and belonging.

Factions as physical connection and identity

During modernity, the features of the face became an object of scientific study. Anthropometry, developed in the 19th century, introduced methods to classify and measure facial features, seeking to establish connections between physical features and identity features. In this sense, photography was considered a visual art and a research tool that allowed individuals to be categorised into hierarchical classification systems based on their appearances.

Today, facial biometrics has completely changed the relationship between face and identity. It is no longer just about measuring features or generating a visual representation. Facial recognition is based on biometric data and algorithms that transcend the physical image into the digital realm. These systems can accurately identify users, where the face is no longer a visual or cultural representation, but a mathematical one.

Nevertheless, these systems are not free from manipulation. A new concern then arises that goes beyond the relationship with the face: what happens when our face, a symbol of our individuality and authenticity, can be manipulated or even falsified by an algorithm? How does facial biometrics address the issue of fraud, specifically presentation attacks?

Let’s answer these questions…

What are facial presentation attacks?

Presentation attacks, also known as spoofing attacks, are deliberate attempts to deceive a biometric system by using a false representation of the authorised user’s face. These means can take the form of photographs, videos, or even three-dimensional representations designed to replicate the facial features of the targeted person.

To better understand this phenomenon, we could compare it to John Woo’s film Face/Off, where the protagonist undergoes facial surgery to adopt the identity of a criminal. Although his body is the same, his face becomes a fa?ade, a deception that allows him to manipulate the perception of those around him. In a similar sense, in the field of biometrics, facial presentation attacks represent a kind of transformation where the face loses its direct connection to the individual’s identity and becomes a manipulable entity.

The face is no longer just a unique representation of the individual. It is more like a mask that can be replicated and used fraudulently through technology. High-resolution photographs, silicone masks and video recordings become artefacts that falsify the identity of the subject in biometric systems.

Faced with this problem, biometrics faces a vulnerability that can be mitigated with the use of advanced detection algorithms, but first let’s take a closer look at the different types of presentation attacks.

Types of presentation attacks considering the face as a manipulation instrument

Facial presentation attacks have become a significant challenge for biometric systems. These attacks, as already mentioned, are based on the ability to impersonate or hide identity through various techniques that fool facial recognition mechanisms. There are two broad categories of attacks: impostor attacks and concealment attacks.

• Impostor attacks: In these attacks, the attacker seeks to be recognised as someone other than the person he or she really is. This type of attack can be divided into two subtypes: one in which the attacker seeks to impersonate a specific individual registered in the system and another in which the attacker simply seeks to be identified as any other person, no matter who. In both cases, the goal is to breach the biometric system to gain access to restricted areas or services reserved for the impersonated person.
• Obfuscation attacks: These attacks aim to avoid being identified by the system. In this scenario, the attacker alters or disguises his face so as not to match any registered person, thus evading any form of identification. This type of attack usually occurs in situations where facial recognition is used in high-security access control systems.

It is important to understand that presentation attacks operate in the analog domain, meaning they take place outside the operating system, even though their aim is to breach the system’s algorithms. On the other hand, injection attacks, which are becoming more common, occur within the system. They involve intercepting and manipulating genuine biometric data using spoofing techniques. This is further heightened by the threat that deepfakes present.

Presentation Attack Instruments (PAI)

Presentation attack instruments are the elements or mechanisms used to trick a biometric system during the verification or identification process of an individual. Their purpose is to make the system accept an impostor as a legitimate user or to prevent the correct identification of the person in front of the system.

These instruments are mainly divided into two broad categories, which allow the concept to be approached both from the use of artificial elements and human characteristics:

Artificial instruments

These instruments are artificially created to mimic or replicate the biometric characteristics of the legitimate user. There are two sub-types:

• Full instrument: this is a full recreation of the biometric characteristics of the target person. Examples of this type include:Videos of a face that attempt to mimic natural interaction. When this type of instrument is used, it is often referred to as a visualisation attack.Silicone masks, which have an enhanced elasticity capable of achieving a credible image of the legitimate person.2D printed masks, usually with holes that mimic the features of a user.3D face masks, which replicate a person’s face three-dimensionally.2D facial prints (photos), a primitive method used to fool simple facial recognition systems. It usually has a very low threat level.
• Partial tool: This type of tool does not recreate the full face or biometric feature, but only a part of it. Examples include:Facial videos where the face is partially covered, e.g. with sunglasses or with partially visible areas.Altered photographs showing only portions of the face.

Human instruments

In this case, the instrument used in the attack is a human being, whose identity or biometric characteristics can be manipulated or used in various ways to deceive the system. These instruments can be classified into the following subcategories:

• Lifeless: The use of lifeless body parts, such as parts of a corpse’s face, to replicate real facial features and fool the system.
• Altered: Instruments based on the modification of natural facial features, such as the use of cosmetic surgery or facial mutations so that the system cannot detect drastic changes.
• Non-compliant: This refers to the use of atypical or unnatural facial expressions, so that the system cannot correctly recognise the legitimate user or the impostor.
• Coerced: This is where a person is used against their will, e.g. someone unconscious or under threat, to carry out the attack.
• Compliant: This refers to the simple use of an impostor’s face, without the need for complex alterations, in an attempt to pass as the legitimate user without much effort.

Next up:?What mechanisms does facial biometrics use to deal with this type of fraud?

Ready for more? Follow the rest of this article on Mobbeel's blog>.