Detecting Mask Attacks Through Facial Recognition 2024

Picture yourself going to a drugstore to buy medicine urgently. The pharmacist after seeing the prescription asks you to provide your government-issued identity. Suspicious and reluctant you ask him why he needs to see your ID to give you the medicine needed and prescribed by your physician. He says it’s the protocol for this type of medicine. Anyways you show him your driver’s license and he refuses to give you the medicine simply by saying that your photograph doesn’t match you or you could be someone he suspects as a drug dealer. Now flared up at this you walk out the store and call your physician and explain to him the situation and he says that the medicine contains a substance that is considered potentially risky but in your case, it’s permitted. However, you must prove your identity to legally buy it.

Cases like this are common in everyday life where people face problems due to identity mismatch. But the fault is neither yours nor of the drugstore who raised suspicion due to the rise in mask and presentation attacks in facial recognition.

Mask attacks are becoming increasingly common that compromise the identities of innocent people causing them troubles like this.

Let’s see how mask attacks can be potentially a threat to your facial identity.

What is a Mask Attack in Facial Verification?

A mask attack is a fraudulent attempt to bypass traditional and digital facial recognition systems by using highly realistic face masks of different types for identity verification. This activity can fool facial recognition software and give unauthorized access to an attacker. The masks used for mask attacks may belong to an original facial identity or another real person who may have stored his facial recognition data for authentication of his bank account.

How Serious is Mask Attack?

Mask Attacks are also known as presentation attacks which can be used to bypass facial biometric verification systems. It may seem a nonserious and childish thing but some masks can easily spoof digital facial recognition systems. However, with the advent of AI and aggressive working on strengthening algorithms used in biometric facial recognition, the danger of mask attacks is now much less.

How Does a Mask Attack Work?

As the name suggests, a highly realistic mask of a real person’s face is used in front of the facial scanner or a camera. Using certain types of lighting and adding extra elements of AI spoofing and injection attacks combined with iterative presentation attempts one may be able to bypass a facial biometric security system.

Types of Mask Attack 

Physical Mask Attack

A physical mask attack uses a 3D replica of a human face that can be used to trick a facial identification solution.

Print Mask Attack

Printed masks such as paper masks or card masks or simply a high-resolution colored photograph of a human face can also be used to spoof face ID checks.

Digital Mask Attack

Involves AI Deepfakes, Morphing, and other digital techniques that can create a highly realistic digital face image of a person to be used digitally for gaining access to accounts.

3D Mask Attack

3D masks are highly realistic and are created on 3D printers using materials that resemble human skin.

Composite Mask Attacks

Composite mask attacks use a combination of both digital and physical mask creation techniques making it a difficult-to-detect mask attack type.

How Facial Recognition System Detects Mask Attacks?

The answer to this question is Liveness Detection. Yes! Liveness verification is a unique process designed to identify anomalies related to unrealistic identification attempts. This includes:

• Detection of Deepfake Attacks
• Detection of Mask Attacks of all types
• Detection of Morphing attempts

Liveness verification or liveness detection lies at the core of facial recognition software where it has two aspects:

Active Liveness

Active Livenes refers to a liveness check that confirms that the face presented to a facial recognition device is of a alive, real human being. It uses human facial gestures like blinking, smiling, tilting the head, and turning sideways. However, Active Livenes can only check that the human face presented to the system is of a alive and real person. It cannot confirm whether the identity presented belongs to the actual owner of the person who is claiming this identity or not. This calls for the second part of liveness known as Passive Liveness.

Passive Liveness 

Passiveness is much more comprehensive and technically sound than the Active Liveness check. Passive Liveness uses advanced algorithms to check the actual liveness where it verifies the face image against different types of presentation attacks. This is because mask attacks can be detected easily with passive liveness checks using industry-standard algorithms.

How to Upscale Facial Recognition Solution Against Presentation Attacks?

The National Institute of Standards and Technologies (NIST), a benchmark and standard-setting organization has embarked on a journey to refine the working of identity solutions to pave a pathway for the fight against mask or presentation attacks. For this purpose, it has tested different identity solutions under its project named FRVT (Facial Recognition Vendor Test) which is now divided into two wings such as FRTE (Face Recognition Technology Evaluation) and FATE (Face Analysis Technology Evaluation). FATE is aimed to test the robustness of newly proposed algorithms empowered mostly by the use of AI. These algorithms are updated each time a new one is proposed by an identity solution.

Final Word

Currently, NIST believes that after its testing none of the identity solutions can prevent all mask attacks. However, combining their algorithms i.e. joint efforts of these solutions showed promising results in preventing mask attacks under the FATE testing. Facial Recognition Solution Providers must consider upgrading their performance under the latest standards of NIST to enhance their performance in digitally preventing presentation attacks.