Face recognition at risk of abuse

Face recognition has entered every aspect of life, the author as a biometric recognition researcher, face recognition and other aspects of the news that is of particular concern, many people face recognition has been put into use. Such as:

1. The district will soon install a face recognition access control system at the door of each unit building, with a QR code attached below, requiring owners to register their own codes and upload information such as faces, identity cards and real estate certificates.
2. Teachers enter the campus through the intelligent campus face recognition gate system
3. The examiner uses the “face recognition” technique to verify the candidate’s identity
4. Payment and certification
5. Shopping mall traffic statistics, community management, pensions, tax certification, preservation of items, scenic access and tickets to performance venues
6. Used in the teaching process to monitor and manage students’ classroom behavior. Analyze students’ behavior in class and give real-time feedback on unusual behavior
7. “Smart school gate”: classroom door and dormitory access plus face recognition system.

Risk of abuse

With the popularity of face recognition, you may not know who is collecting faces, what information you have collected, what they have saved, and how they are used. It’s all black boxes in the back.

1. From the data point of view, 30,000 face library, 150,000 records, embedded in the industry’s deep learning algorithm as the core, face recognition accuracy of 99.97 percent, recognition speed of 200ms.
2. Technically, collecting face information is simple, as long as there is a camera can be continuously collected.
3. From the data collection link, face recognition is unconscious and non-contact, can play a role in a long distance, and can accumulate data on a long scale without being detected by the user, has a strong intrusive.

But the data collected offline is far from enough, with companies crawling about 10 million faces from the web and adding it to machine learning databases. Based on these large amounts of data, the accuracy of face recognition increased from 68% to 99%.

In order to improve accuracy, data become the key, Beijing Youth Daily has reported that there are merchants in the online mall touting “face data”, covering 2,000 portraits, each with 50 to 100 photos, a total of 170,000, the hero of the photos not only stars, but also different occupations, different ages of ordinary people. In addition, each photo is paired with a data file that includes contours such as eyes, ears, nose, mouth, eyebrows, and more. Merchants say some of the face data is crawled from search engines and partly from a database of a software company outside the country.

In September, Mr. Li said he had helped to find partners such as Meitu and Ant-Man in the early days, enough to get a lot of face data to help analyze how industries cut in. was later denied by all parties.

Biometrics can’t be revoked, you only have one face, ten fingers

Biometrics are more easily disclosed than passwords and cannot be revoked once they have been compromised. Passwords can be exchanged for new passwords, not fingers. Because the biological data of individuals are stable and indeutable, once leaked, the corresponding risks and harms are irreversible and cannot be effectively compensated. The potential security risks posed by the disclosure of face data are far more serious than the disclosure of mobile phone numbers and account information. There is no way to change biological information such as faces, sounds, irises, etc.

The leak event

The author has collated the relevant leakage time, see: biometric identification data breach

In 2019, a data breach at SenseNets focused on the weakness of the storage side. In February 2019, Victor Gevers, a prominent Dutch security researcher, discovered that SenseNets, a Chinese security vision company, was not secured, causing its databases to “run naked” on the public network and allow anyone to access the data. The database has more than 2.5 million users’ information, in addition to user names, as well as very detailed and sensitive information such as ID number, ID issue date, gender, home address, date of birth, photo, work unit and visit history for the past 24 hours.

Leaked ID numbers, which have been photographed, mean that face recognition-related applications are at great risk. The Photo Active tool allows you to modify a face photo to a face verification video that performs “blink, open your mouth, nod” and more. Matching the identity information of the photo, after “photo re-activity”, can be real name registration of most of the software on the market, coupled with the verification code cracking method, illegal elements in the processing of online loans, precision fraud and so on almost no obstacles.

We need to ensure the safety of biometrics

The use of face recognition technology, we should still introduce a strict legal system, standardized use of technology, is responsible for science and technology, is responsible for the future.

See blog posts on biometric privacy, security, and more:

Blur Extractor: Fuzzy Extractor and Secure Sketch:Do not save biometric data, do not save face images, extract features, and extract a converted template

Face recognition? How to ensure safety, reasonable: related face recognition concerns

Break through the face recognition system by grabbing the bag: security questions: bank face recognition is cracked, facing security problems