In this blog post, we’d like to introduce what spoofing attacks are and why it is necessary to prevent them. Every day we need to be verified and authenticated to get access to our accounts (and we have thousands of them), such as social media accounts as well as bank accounts, pass security or employee attendance control and unlock our smartphones.
Current validation methods and their drawbacks
Nowadays passwords and ID cards are the most common way for authentication. All of us have many accounts and remembering all these passwords are complicated or are you among people who choose a simple password for all his/her accounts accepting the security risks? Besides, passwords can be hacked. Using ID cards has its own drawback. They can be easily lost or stolen.
Recently biometric information is utilized to verify users' identities. Biometric information is physiological traits or behavioral characteristics of a person, including the face, fingerprints, iris, and the way of walking respectively. This information is unique for each person; therefore, they can be exploited for verification task and Unlike passwords and ID s they can’t be lost or hacked.
One of the most popular biometric information for verification task is face pictures due to the fact that almost everyone all around the globe has a smartphone with a camera and there is no need for special sensors or physical contact like a fingerprint scanner.
Although exploiting face for authentication has a lot of advantages, are users really secure?
There are some methods to deceive face recognition and authentication systems that use biometric sensors. These methods include direct and indirect attacks.
Direct attacks are performed outside the face recognition system and include presenting counterfeit biometric information of a valid user in front of a biometric sensor and in our case camera, these attacks are called spoofing attack or presentation attack.
Indirect attacks are the ones that are performed inside the recognition system and include overriding data storage of valid users, feature extractor, or final decision.
The indirect attacks need some knowledge about hacking and can be prevented by encryption and stronger firewalls.
On the other hand, spoofing attacks are simpler and can be performed by anyone without any knowledge about computer systems.
In the next post, we will discuss different types of attacks and the way that can be prevented.