Researchers from Tel Aviv University, Israel, have recently published a research report, “Generating Master Faces for Dictionary Attacks with Network-Assisted Latent Space Evolution“. This new AI technology is used to generate nine human faces that can act as universal keys. Using these known keystones has been proven to successfully compromise the three face recognition systems on FaceNet, SphereFace and Dlib by achieving success rates between 44% and 64%.
As per this research, while biometrics can be used to verify identification, data accuracy is not perfect, and coverage for all citizens tends to be uneven. For example, a single face could cover LFW’s facial recognition database, which covers 20% of people in their library system.
To bypass the security of a system, researchers use StyleGANs in conjunction with dictionary attacks. They generate faces using AI and then brute force different face recognition systems by drawing from their generated pool of 9 face universal keys designed for maximum coverage.
When testing their nine face universal keys against the three facial recognition systems of FaceNet, SphereFace and Dlib, they found that coverage rates reached 43.82%, 44.15% and 63.92%, respectively. One interesting discovery from this experiment was that white faces over 60 had smaller features than younger people, resulting in a higher success rate when using just one photo to identify them instead of two or more photos for someone under 61 years old!
The findings of the research revealed that face-based identity authentication systems are very fragile. It is easy for someone to create a fake image and fool them into thinking they’re looking at you or your friend’s photo when it isn’t! Many technologies have been developed to combat this vulnerability (anti-spoofing), but these methods can be bypassed by combining existing technology such as DeepFake. It will be very interesting to explore the possibility of using master faces in order to help protect the face recognition systems against dictionary attack.