A month after the presentation of the iPhone 8, day up day down, the debate focuses on the presumable disappearance of the Homebutton, which integrates Touch ID, to make way for a facial recognition system called Face ID, leaving the aforementioned button as virtual thanks to 3D Touch. According to Mark Gurman, the man who never fails with his leaks about Apple’s next steps, in the company there is a speech prepared to convince users that this new system is “safer, faster and more accurate” than Touch ID.
Can this case really occur? We have the fingerprint detection absolutely internalized. Motorola implemented it in the Atrix of 2011, Apple in the iPhone 5s of 2013 and something after it finished hatching when Google enabled the API for it in Android 6.0. In these rumor months we have also seen doubts about a system based on facial recognition for the next iPhone that will come at the cost of sacrificing Touch ID. Will it work if we are in the dark? Will it work if we change our hairstyle, put on glasses or let our beards grow? Taking it to a higher plane: is it going to be worth going to facial recognition?
Are you 100% sure? More secure than fingerprinting?
To resolve these doubts we have spoken with Esteban Vázquez, Head of Biometrics in the Multimodal Information area of Gradiant, an acronym of Galician Research and Development Center in Advanced Telecommunications and winner of the IJCB 2017 international competition in anti-spoofing held in Denver.
For Esteban, biometrics starts from the premise that no biometric system is infallible and there is also no one that is better than any other in any scenario. That is, all systems have an error rate and none have it at 0%. In addition, it cannot be said that facial recognition is better “always” than the fingerprint, or that the password, or that the voice, or … “All have advantages and disadvantages.” The facial can compete with the fingerprint and be superior, but it depends on its implementation.”
On the other hand, it is important to take into account that a balance must be found between security and usability. A biometric system that is too strict will give too many rejections to authentic users, while another too permissive to avoid friction with the user will fall into insecurity. “Although the finger was before, facial recognition has evolved a lot in recent years.”
Kinect, with you everything started
The germ of Face ID is in November 2013, when just a couple of months after the announcement of Touch ID Apple bought PrimeSense for 360 million dollars. Prime sense is the Israeli company that developed Microsoft Kinect technology. After the operation, Apple closed the company and kept its technology. Four years later, we are going to see its fruits.
Precisely in Kinect is the key. The previous facial recognition systems were easily vulnerable, going so far as to falsify them with a photo, because they only had a front camera, which is equivalent in biometry to a 2D visible spectrum camera. Very insecure not to have specific measures against identity theft.
Face ID, according to the filtered renders of the iPhone 8, will have something more. The four black circles that can be seen in the frontal are very possibly front camera, proximity sensor, infrared camera and sensor that emits the light pattern to reflect it in infrared and be able to analyze the depth. From the iPhone 4 to the 7 “only” has been counted on the first two.
With this configuration it is possible to capture structured light and therefore obtain an infrared depth image. It would be discarded so “do not work when you’re in the dark”. Esteban does not have much sense to think that Apple will replace the fingerprint for something that does not work in low light conditions. “Maybe they go and announce something like that, but it would not be logical, and also seeing that filtered front …”
What the current market offers?
The facial recognition of the LG G6, explained in an image of the company itself.
The LG G6 recently incorporated facial recognition through a software update. Bringing this function to a terminal that has been on the market for months should give us an idea of where the shots are going: it does not have hardware designed for it, it only makes use of the front camera. That is to say, as we said before, a camera of visible spectrum in 2D, something that can be easily deceived with a photograph. It is in fact what also happened to the Galaxy S8.
That vulnerability of the Galaxy S8 does not disappear in the LG G6. Face Print, which is what is called your solution, only brings back the automation of the system when unlocking it: when we lift the phone and face it, the accelerometer and the gyro detect it and activate the front camera in second flat. If it detects our face like that of its owner, unlock the phone.
Another issue is the iris scanner, present in terminals such as the Lumia 950, the Galaxy Note 7 or the aforementioned Galaxy S8. It is not “facial recognition”, but another biometric system that focuses solely on the iris. And from our experience we can say that it works very well even if it weakens something with people who wear glasses.
Although there are iris readers on smartphones for ten years thanks to models from Toshiba, Motorola, Acer or LG, none were successful or just replicas. When someone like Samsung incorporates it into their two star phones is a sign of something. This system is not based on the color of the iris, but on its patterns. And although it is intuitive and fast, it is necessary to take the pulse of the optimal distance until it becomes fully automatic for the user.
Going back to facial recognition, Android started offering it in 2011. It has never been successful, rather the opposite. The culprit, once again, is the fact that it is used in phones with a front camera but without infrared sensors that allow scanning the depth and lighting.
You may also like to read: Virtual Reality, not just technology, but new challenges for video games
Detect life, detect impostors
Another critical point of a biometric system is the anti-spoofing, that is, the ways it has to “detect life”, of being able to recognize an impostor that is trying to falsify access by means of a latex mold of a fingerprint , or a 3D model of a face. Instead, it detects that that finger or face belongs to a living person. Mobile biometric systems usually have that component based on software, not hardware. “In the end you have to select a work point where you can achieve a certain level of security by detecting attacks by impostors, but at the same time you cannot reject a high percentage of real users because you would be lowering the usability of the system by telling the user that place your finger eight times,
From there we move on to another key question, very common and that will be more after the arrival of infrared facial detectors: what happens if we leave beard, we put on makeup, we change our glasses, we go with sunglasses or we get a tattoo, for example? “As almost everything in biometrics, it depends, depending on how the manufacturer implements it, and above all on what the balance between usability and security is, in principle, current systems are tolerant of changes, and increasingly so. It seeks to be tolerant to the passage of time because you grow old, you shave, you leave a beard, you put on makeup, you change glasses … The more time passes, the more variations interfere”.
In any case, the system can adapt to these changes. For example, if it costs four attempts to verify the user, or is no longer able to detect it but always correctly enters the unlock PIN, it could perfectly suggest updating the profile with that new “facial configuration” of the user. You can also do it periodically and automatically, although this already enters the field of pure lucubration. Currently with the finger sensors and something, similar happens: periodically limits the use of the fingerprint and forces to enter the PIN unlock, as well as turn it off and on again. “There could be something like that with facial recognition.”
In facial recognition, deep learning has also been incorporated to try to be more tolerant of these changes, as Esteban points out … but to a certain extent. “If your face is too stuffy, the system will not let you in. Of course, it’s like you get to passport control at the airport with big sunglasses and a scarf over your mouth, they’ll ask you to take them off. It is intended that these systems are robust, tolerant to all those changes and variations in a system well designed and implemented, ideally, what would happen is that if the system detects that there are changes, update the template through a verification that you can do putting a PIN.”
The key to facial recognition, the field of vision
For Esteban, the biggest unknown of how facial recognition can work is in the positioning, especially if, as it is presumed to happen in the iPhone 8 and perhaps in later smartphones, it completely replaces the fingerprint sensor. “Sometimes you use your mobile phone without focusing it on your face, like when you’re leaning on the table, I do not know how it works, so I find it odd that they substitute fingerprints for facials and do not keep both.” In the case of the iPhone 8, we do not know what will be his field of vision, maybe he is very tolerant to the position because he has it very broad, but we do not know that”.
Esteban concludes with his views on biometrics: “you will always have a percentage of rejection of authentic users and another acceptance of false users, the key is to lower those percentages as much as you can, but a 0% error does not exist.” When infrared sensors begin to arrive in bulk to smartphones and we can make distinctions and assessments about their levels of security. Maybe there are some who have raised the security dial and it costs you to be more frictional, give more errors. In the same way, others who advocate making things easy for the user may be more likely to be cheated in some way. Who knows what the perfect balance is? Over the next few years we will see what each manufacturer offers and who ends up taking the cat to the water. Maybe the iris readers are the most popular.
Samsung explained a few months ago that its facial recognition technology needs “four or five more years” to be sufficiently secure in order to verify mobile payments, perhaps the most critical point of current biometric security in smartphones, in the middle of the Samsung Pay, Android Pay, Apple Pay and company. Maybe from this autumn they will be forced to accelerate the pace.
If nothing changes, Apple will announce the new iPhone in the first half of September, and with them, Face ID. Except capital surprise, we will say goodbye to Touch ID, present in the last four years and eight models of iPhone -5s, 6, 6 Plus, 6s, 6s Plus, SE, 7, 7 Plus-, and the Home button, icon of the iPhone during these ten years. After its first decade of life and successes, it gives way to the new, to Face ID. In a month we will see the implementation and its advantages and disadvantages. And surely, more alternatives from other manufacturers will appear, as happened with finger sensors. Will we get used to them as easily? Let’s prepare the look.Tags: facial recognition