Zhihao Wu,Yushi Cheng,Jiahui Yang,Xiaoyu Ji,Wenyuan Xu

DOI: https://doi.org/10.1109/SP46215.2023.10179429

2023-01-01

Abstract:Face authentication has been widely used in access control, and the latest 3D face authentication systems employ 3D liveness detection techniques to cope with the photo replay attacks, whereby an attacker uses a 2D photo to bypass the authentication. In this paper, we analyze the security of 3D liveness detection systems that utilize structured light depth cameras and discover a new attack surface against 3D face authentication systems. We propose DepthFake attacks that can spoof a 3D face authentication using only one single 2D photo. To achieve this goal, DepthFake first estimates the 3D depth information of a target victim's face from his 2D photo. Then, DepthFake projects the carefully-crafted scatter patterns embedded with the face depth information, in order to empower the 2D photo with 3D authentication properties. We overcome a collection of practical challenges, e.g., depth estimation errors from 2D photos, depth images forgery based on structured light, the alignment of the RGB image and depth images for a face, and implemented DepthFake in laboratory setups. We validated DepthFake on 3 commercial face authentication systems (i.e., Tencent Cloud, Baidu Cloud, and 3DiVi) and one commercial access control device. The results over 50 users demonstrate that DepthFake achieves an overall Depth attack success rate of 79:4% and RGB-D attack success rate of 59:4% in the real world.

Zhihao Wu,Yushi Cheng,Shibo Zhang,Xiaoyu Ji,Wenyuan Xu

DOI: https://doi.org/10.14722/ndss.2024.241036

2024-01-01

Abstract:Face authentication systems are widely employed in access control systems to ensure the security of confidential facilities.Recent works have demonstrated their vulnerabilities to adversarial attacks.However, such attacks typically require adversaries to wear disguises such as glasses or hats during every authentication, which may raise suspicion and reduce their attack impacts.In this paper, we propose the UniID attack, which allows multiple adversaries to perform face spoofing attacks without any additional disguise by enabling an insider to register a universal identity into the face authentication database by wearing an adversarial patch.To achieve it, we first select appropriate adversaries through feature engineering, then generate the desired adversarial patch with a multi-target joint-optimization approach, and finally overcome practical challenges such as improving the transferability of the adversarial patch towards black-box systems and enhancing its robustness in the physical world.We implement UniID in laboratory setups and evaluate its effectiveness with six face recognition models (FaceNet, Mobile-FaceNet, ArcFace-18/50, and MagFace-18/50) and two commercial face authentication systems (ArcSoft and Face++).Simulation and real-world experimental results demonstrate that UniID can achieve a max attack success rate of 100% and 79% in 3-user scenarios under the white-box setting and black-box setting respectively, and it can be extended to more than 8 users.

Lei Li,Zhihao Yao,Shixi Zhou,Yupeng Ma,Jun Wu,Zhaoqiang Xia

DOI: https://doi.org/10.1109/icipmc55686.2022.00021

2022-01-01

Abstract:In recent years, many face spoofing detection methods based on video frame or video sequence have been proposed to counteract the security threats of face recognition system. Although the video sequence based detection methods analyzing liveness signals have satisfactory performance, it is difficult to capture a long video in realistic applications; the video frame based methods have good real-time capabilities, but the detection performance is poor when dealing with high-resolution fake faces. Therefore, in this paper, we propose a novel video frame based face spoofing detection method exploiting facial blood flow differences, which achieves excellent detection performance and generalization capability. Specifically, compared with fake face, the subcutaneous tissue of live face is distributed with complex blood vessels. When the visible light penetrates face skin, its absorption in different regions is different due to the distribution of blood vessels. In order to extract the visible light absorption variations between different regions, the attentional face image is first fed into an 1D CNN to extract features for describing the absorption characteristics of each point; then, a GRU network is invoked to capture the absorption variations of the outputs of 1D CNN; finally, the Softmax function is used to classify whether the face image is a live face or a spoofing attack. Extensive experiments on three databases of 3DMAD, MSU and Replay-Attack demonstrate the effectiveness of our proposed method in distinguishing the printed images or 3D masks from the live ones and show that the detection performance outperforms other state-of-the-art methods.

孙霖,潘纲

DOI: https://doi.org/10.3969/j.issn.1007-0249.2010.02.008

2010-01-01

Abstract:Video-replay spoofing is a serious threat for face authentication/verification system.A real-time approach to detect video-replay attack using a generic webcamera is presented.Our approach extracts video-spoofing clues in the background around a face region,which is different from the previous in-vivo detection methods that use clues inside a face region.Firstly,a set of background feature points are extracted in scale space.Secondly,the Gabor descriptors of feature points for the background are calculated.To compare two background images,we employ a phase compensated similarity of the descriptors to qualitatively measure attacks.Experimental results show that it can detect video-replay attacks efficiently.

Shan Jia,Xin Li,Chuanbo Hu,Guodong Guo,Zhengquan Xu

DOI: https://doi.org/10.1109/tcsvt.2020.3044986

IF: 5.859

2021-10-01

IEEE Transactions on Circuits and Systems for Video Technology

Abstract:We have witnessed rapid advances in both face presentation attack models and presentation attack detection (PAD) in recent years. When compared with widely studied 2D face presentation attacks, 3D face spoofing attacks are more challenging because face recognition systems are more easily confused by the 3D characteristics of materials similar to real faces. In this work, we tackle the problem of detecting these realistic 3D face presentation attacks and propose a novel anti-spoofing method from the perspective of fine-grained classification. Our method, based on factorized bilinear coding of multiple color channels (namely MC_FBC), targets at learning subtle fine-grained differences between real and fake images. By extracting discriminative and fusing complementary information from RGB and YCbCr spaces, we have developed a principled solution to 3D face spoofing detection. A large-scale wax figure face database (WFFD) with both images and videos has also been collected as super realistic attacks to facilitate the study of 3D face presentation attack detection. Extensive experimental results show that our proposed method achieves the state-of-the-art performance on both our own WFFD and other face spoofing databases under various intra-database and inter-database testing scenarios.

engineering, electrical & electronic

Xiaobai Li,Jukka Komulainen,Guoying Zhao,Pong-Chi Yuen,Matti Pietikäinen,Matti Pietikainen

DOI: https://doi.org/10.1109/icpr.2016.7900300

2016-12-01

Abstract:Face biometric systems are vulnerable to spoofing attacks. Such attacks can be performed in many ways, including presenting a falsified image, video or 3D mask of a valid user. A widely used approach for differentiating genuine faces from fake ones has been to capture their inherent differences in (2D or 3D) texture using local descriptors. One limitation of these methods is that they may fail if an unseen attack type, e.g. a highly realistic 3D mask which resembles real skin texture, is used in spoofing. Here we propose a robust anti-spoofing method by detecting pulse from face videos. Based on the fact that a pulse signal exists in a real living face but not in any mask or print material, the method could be a generalized solution for face liveness detection. The proposed method is evaluated first on a 3D mask spoofing database 3DMAD to demonstrate its effectiveness in detecting 3D mask attacks. More importantly, our cross-database experiment with high quality REAL-F masks shows that the pulse based method is able to detect even the previously unseen mask type whereas texture based methods fail to generalize beyond the development data. Finally, we propose a robust cascade system combining two complementary attack-specific spoof detectors, i.e. utilize pulse detection against print attacks and color texture analysis against video attacks.

Weiye Xu,Jianwei Liu,Shimin Zhang,Yuanqing Zheng,Feng Lin,Fu Xiao,Jinsong Han

DOI: https://doi.org/10.1109/infocom42981.2021.9488737

IF: 6.075

2024-01-01

IEEE Transactions on Mobile Computing

Abstract:Current facial authentication (FA) systems are mostly based on the images of human faces, thus suffering from privacy leakage and spoofing attacks. Mainstream systems utilize facial geometry features for spoofing mitigation. which are still easy to deceive with the feature manipulation, e.g., 3D-printed human faces. In this paper, we propose a novel privacy-preserving anti-spoofing FA system, named RFace, which extracts both the 3D geometry and inner biomaterial features of faces using a COTS RFID tag array. These features are difficult to obtain and forge, hence are resistant to spoofing attacks. RFace only requires users to pose their faces in front of a tag array for a few seconds, without leaking their visual facial information. We build a theoretical model to rigorously prove the feasibility of feature acquisition and the correlation between the facial features and RF signals. For practicality, we design an effective algorithm to mitigate the impact of unstable distance and angle deflection from the face to the array. Extensive experiments with 30 participants and three types of spoofing attacks show that RFace achieves an average authentication success rate of over 95.7% and an EER of 4.4%. More importantly, no spoofing attack succeeds in deceiving RFace in the experiments.

Bowen Zhang,Benedetta Tondi,Mauro Barni

DOI: https://doi.org/10.48550/arXiv.1910.00327

2019-10-01

Abstract:In this paper, we study the vulnerability of anti-spoofing methods based on deep learning against adversarial perturbations. We first show that attacking a CNN-based anti-spoofing face authentication system turns out to be a difficult task. When a spoofed face image is attacked in the physical world, in fact, the attack has not only to remove the rebroadcast artefacts present in the image, but it has also to take into account that the attacked image will be recaptured again and then compensate for the distortions that will be re-introduced after the attack by the subsequent rebroadcast process. Subsequently, we propose a method to craft robust physical domain adversarial images against anti-spoofing CNN-based face authentication. The attack built in this way can successfully pass all the steps in the authentication chain (that is, face detection, face recognition and spoofing detection), by achieving simultaneously the following goals: i) make the spoofing detection fail; ii) let the facial region be detected as a face and iii) recognized as belonging to the victim of the attack. The effectiveness of the proposed attack is validated experimentally within a realistic setting, by considering the REPLAY-MOBILE database, and by feeding the adversarial images to a real face authentication system capturing the input images through a mobile phone camera.

Cryptography and Security

Bofan Lin,Xiaobai Li,Zitong Yu,Guoying Zhao

DOI: https://doi.org/10.1145/3345336.3345345

2019-01-01

Abstract:Face anti-spoofing plays a vital role in security systems including face payment systems and face recognition systems. Previous studies showed that live faces and presentation attacks have significant differences in both remote photoplethysmography (rPPG) and texture information, we propose a generalized method exploiting both rPPG and texture features for face anti-spoofing task. First, multi-scale long-term statistical spectral (MS-LTSS) features with variant granularities are designed for representation of rPPG information. Second, a contextual patch-based convolutional neural network (CP-CNN) is used for extracting global-local and multi-level deep texture features simultaneously. Finally, weight summation strategy is employed for decision level fusion, which helps to generalize the method for not only print attack and replay attack but also mask attack. Comprehensive experiments were conducted on five databases, namely 3DMAD, HKBU-Mars VI, MSU-MFSD, CASIA-FASD, and OULU-NPU, to show the superior results of the proposed method compared with state-of-the-art methods.

Xiaohua Xie,Yan Gao,Wei-Shi Zheng,Jianhuang Lai,Junyong Zhu

DOI: https://doi.org/10.1007/978-3-319-69923-3_12

2017-01-01

Abstract:Face recognition is an increasingly popular technology for user authentication. However, face recognition is susceptible to spoofing attacks. Therefore, a reliable way to detect malicious attacks is crucial to the robustness of the face recognition system. This paper describes a new approach to utilizing light field camera for defending spoofing face attacks, like (warped) printed 2D facial photos and high-definition tablet images. The light field camera is a sensor that can record the directions as well as the colors of incident rays. Needing only one snapshot, multiple refocused images can be generated. In the proposed method, three kinds of features extracted from a pair of refocused images are extracted to discriminate fake faces and real faces. To verify the performance, we build a light field photograph databases and conduct experiments. Experimental results reveal that the employed features can achieve remarkable anti-spoofing accuracy under different types of spoofing attacks.

Junyan Peng,Patrick P. K. Chan

DOI: https://doi.org/10.1109/icwapr.2014.6961311

2014-01-01

Abstract:The spoofing attack, in which the attacker disguises himself or herself as an authenticated user by showing the user's photographs or video clips before the camera, is a common adversarial attack in face recognition. To ensure the security of the system, face liveness detection is carried out to distinguish the images captured from a live face from those from a forged face. In this paper, we propose a face liveness detection method based on the High Frequency Descriptor to combat the spoofing attack. The additional illumination is added, which can raise the energy of high frequency components of a real face by exposing more details of the hair and skin, and lower it by causing a glisten on the planar surface. The difference of the energy of high frequency components between images with and without the illumination is calculated. Experimental results show that our method outperforms the original method and has robustness when the resolution of the attack media is high.

Kam Kong,Xiali Hei,Ting Zeng,Caijin Ling,Chao Zhang,Binheng Song,Hui Cao,Michael Peays

DOI: https://doi.org/10.1109/itoec.2017.8122453

2017-01-01

Abstract:With an increase in acceptance of face recognition systems, the desire for accurate biometric authentication - face recognition, has increased. Nowadays, the fundamental limitations of existing systems are, the vulnerabilities of false verification via a picture or simple video of a person. In this paper, it is inspired by how humans can perform reliable spoofing detection only based on the available scene and context information. We propose our framework in a combination of interaction model and Moire pattern analysis to make sure that a user is a real person. It is different from some systems that use hardware-based liveness detection. We focus on the software-based approaches, in particular, the necessary algorithms that allow for a liveness detection in real-time. Our experiments results show excellent performance to the state of the art.

Patrick P. K. Chan,Weiwen Liu,Danni Chen,Daniel S. Yeung,Fei Zhang,Xizhao Wang,Chien-Chang Hsu

DOI: https://doi.org/10.1109/tifs.2017.2758748

IF: 7.231

2018-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Face recognition technique has been widely applied to personal identification systems due to its satisfying performance. However, its security may be a crucial issue, since many studies have shown that face recognition systems may be vulnerable in an adversarial environment, in which an adversary can camouflage as a legitimate user in order to mislead the system. Although face liveness detection methods have been proposed to distinguish real and fake faces, they are either time-consuming, costly, or sensitive to noise and illumination. This paper proposes a face liveness detection method with flash against 2D spoofing attack. Flash not only can enhance the differentiation between legitimate and illegitimate users, but it also reduces the influence of environmental factors. Two images are taken from a subject, one with flash and another without flash. Four texture and 2D structure descriptors with low computational complexity are used to capture information of the two images in our model. Advantages of our method include low installation cost of flash and no user cooperation required. A data set of 50 subjects collected under different scenarios is used in the experiments to evaluate the proposed method. The experimental results indicate that the proposed model performs better than existing liveness detection methods in different environmental scenarios. This paper confirms that the use of flash successfully improves face liveness detection in terms of accuracy, robustness, and running time.

Di Tang,Zhe Zhou,Yinqian Zhang,Kehuan Zhang

DOI: https://doi.org/10.14722/ndss.2018.23176

2018-01-01

Abstract:Face authentication systems are becoming increasingly prevalent, especially with the rapid development of Deep Learning technologies. However, human facial information is easy to be captured and reproduced, which makes face authentication systems vulnerable to various attacks. Liveness detection is an important defense technique to prevent such attacks, but existing solutions did not provide clear and strong security guarantees, especially in terms of time. To overcome these limitations, we propose a new liveness detection protocol called Face Flashing that significantly increases the bar for launching successful attacks on face authentication systems. By randomly flashing well-designed pictures on a screen and analyzing the reflected light, our protocol has leveraged physical characteristics of human faces: reflection processing at the speed of light, unique textual features, and uneven 3D shapes. Cooperating with working mechanism of the screen and digital cameras, our protocol is able to detect subtle traces left by an attacking process. To demonstrate the effectiveness of Face Flashing, we implemented a prototype and performed thorough evaluations with large data set collected from real-world scenarios. The results show that our Timing Verification can effectively detect the time gap between legitimate authentications and malicious cases. Our Face Verification can also differentiate 2D plane from 3D objects accurately. The overall accuracy of our liveness detection system is 98.8\%, and its robustness was evaluated in different scenarios. In the worst case, our system's accuracy decreased to a still-high 97.3\%.

Zezheng Wang,Chenxu Zhao,Yunxiao Qin,Qiusheng Zhou,Zhen Lei

2018-01-01

Abstract:Face anti-spoofing is significant to the security of face recognition systems. Previous works on depth supervised learning have proved the effectiveness for face anti-spoofing. Nevertheless, they only considered the depth as an auxiliary supervision in the single frame. Different from these methods, we develop a new method to estimate depth information from multiple RGB frames and propose a depth-supervised architecture which can efficiently encodes spatiotemporal information for presentation attack detection. It includes two novel modules: optical flow guided feature block (OFFB) and convolution gated recurrent units (ConvGRU) module, which are designed to extract short-term and long-term motion to discriminate living and spoofing faces. Extensive experiments demonstrate that the proposed approach achieves state-of-the-art results on four benchmark datasets, namely OULU-NPU, SiW, CASIA-MFSD, and Replay-Attack.

Marcin Kowalski,Krzysztof Mierzejewski

DOI: https://doi.org/10.4302/plp.v13i2.1091

2021-06-30

Photonics Letters of Poland

Abstract:Biometric systems are becoming more and more efficient due to increasing performance of algorithms. These systems are also vulnerable to various attacks. Presentation of falsified identity to a biometric sensor is one the most urgent challenges for the recent biometric recognition systems. Exploration of specific properties of thermal infrared seems to be a comprehensive solution for detecting face presentation attacks. This letter presents outcome of our study on detecting 3D face masks using thermal infrared imaging and deep learning techniques. We demonstrate results of a two-step neural network-featured method for detecting presentation attacks. Full Text: PDF ReferencesS.R. Arashloo, J. Kittler, W. Christmas, "Face Spoofing Detection Based on Multiple Descriptor Fusion Using Multiscale Dynamic Binarized Statistical Image Features", IEEE Trans. Inf. Forensics Secur. 10, 11 (2015). CrossRef A. Anjos, M.M. Chakka, S. Marcel, "Motion-based counter-measures to photo attacks inface recognition", IET Biometrics 3, 3 (2014). CrossRef M. Killioǧlu, M. Taşkiran, N. Kahraman, "Anti-spoofing in face recognition with liveness detection using pupil tracking", Proc. SAMI IEEE, (2017). CrossRef A. Asaduzzaman, A. Mummidi, M.F. Mridha, F.N. Sibai, "Improving facial recognition accuracy by applying liveness monitoring technique", Proc. ICAEE IEEE, (2015). CrossRef M. Kowalski, "A Study on Presentation Attack Detection in Thermal Infrared", Sensors 20, 14 (2020). CrossRef C. Galdi, et al, "PROTECT: Pervasive and useR fOcused biomeTrics bordEr projeCT - a case study", IET Biometrics 9, 6 (2020). CrossRef D.A. Socolinsky, A. Selinger, J. Neuheisel, "Face recognition with visible and thermal infrared imagery", Comput. Vis Image Underst. 91, 1-2 (2003) CrossRef L. Sun, W. Huang, M. Wu, "TIR/VIS Correlation for Liveness Detection in Face Recognition", Proc. CAIP, (2011). CrossRef J. Seo, I. Chung, "Face Liveness Detection Using Thermal Face-CNN with External Knowledge", Symmetry 2019, 11, 3 (2019). CrossRef A. George, Z. Mostaani, D Geissenbuhler, et al., "Biometric Face Presentation Attack Detection With Multi-Channel Convolutional Neural Network", IEEE Trans. Inf. Forensics Secur. 15, (2020). CrossRef S. Ren, K. He, R. Girshick, J. Sun, "Proceedings of IEEE Conference on Computer Vision and Pattern Recognition", Proc. CVPR IEEE 39, (2016). CrossRef K. He, X. Zhang, S. Ren, J. Sun, "Deep Residual Learning for Image Recognition", Proc. CVPR, (2016). CrossRef K. Mierzejewski, M. Mazurek, "A New Framework for Assessing Similarity Measure Impact on Classification Confidence Based on Probabilistic Record Linkage Model", Procedia Manufacturing 44, 245-252 (2020). CrossRef

胡永健,蔡楚鑫,刘琲贝,王宇飞,廖广军

2023-01-01

Abstract:Due to feasibility and friendly user interaction, deep learning-based face recognition and identity authentication becomes one of the most popular artificial intelligence technologies in China. The face recognition and identity authentication system should secure that the captured face for verification is a living face rather than a fake face or called spoofing face. Otherwise, the output of the system is useless for business. Face spoofing detection or called living face detection mechanism is set in the front part of the system, and plays a key role in distinguishing a fake face from the input faces. Most current face anti-spoofing algorithms perform well in intra-dataset. However, the model training in lab is unable to simulate all aspects in the real-world application scenarios. As a result, the data distribution in source domain is not always similar to the data distribution in target domain, which causes the lab-trained algorithms barely perform as well as in lab. Although we can mitigate the performance degradation with the increase of detection feature types and dimensions, it tends to make the detection network very complex in structure and large in model size. In order to improve the generalization ability of model without resorting to large model, we design a face spoofing detection network using the 3D depth point cloud supervision and confidence correction scheme. The proposed approach consists of three major contributions. First, we design a shallow convolutional neural network called DenseBlockNet. It can well extract distinctive depth features between real faces and spoofing ones and has a small model size. Second, we establish the relationship between the 2D depth map produced by DenseBlockNet and the coordinates of sampling points, and thus create a 3D depth point cloud. We adopt the Chamfer loss to minimize the distance between the learned 3D depth point cloud and the ground truth 3D depth point cloud label, and use the Binary Cross Entropy loss to supervise the difference between the learned 2D depth map and the ground truth 2D depth map label. Third, we introduce a prediction confidence map to correct the error of the learned 3D depth point cloud, so that it can avoid overfitting in intra-datasets and obtain good generalization ability in inter-datasets. Extensive experiments are conducted on 5 popular presentation attack databases, namely Reply-attack, CASIA-FASD, MSU-MFSD,Rose-Youtu, and OULU-NPU. Compared with 8 representative methods including 2 SOTA methods, the proposed method can achieve the least or second least half-total-error-rates in either intra-dataset or inter-dataset tests. Besides, it has the smallest model, the least amount of model parameters and the lowest computational complexity.

Liu Liu,Hanlin Yu,Zhongjie Ba,Li Lu,Feng Lin,Kui Ren

DOI: https://doi.org/10.1109/ICC42927.2021.9501053

2021-01-01

Abstract:Facial recognition has become the surge on mobile authentication scenarios and makes up a huge market share for various apps, such as MasterCard, Google Wallet, and AliPay. However, existing solutions suffer from various impersonation attacks, including photo-spoofing attack, video-replay attack, and 3D facial mask attack. State-of-the-art countermeasures either require additional user intervention or introduce specialized high-end sensors. Even introducing these extra efforts, these approaches still hardly defend the latest 3D facial mask attacks, which gradually become accessible due to the prevalence of low-cost 3D printing. In this paper, we propose an anti-spoofing facial recognition system, PassFace, which verifies the smartphone for authentication as the second factor merely using raw facial videos without any user intervention, to defeat impersonation attacks. In particular, when receiving a user’s selfie video, PassFace identifies the user’s face from the video, and meanwhile extracts the highly unique and physically irreproducible camera fingerprint, i.e., Photo Response Non-Uniformity (PRNU), built in the smartphone from key frames of the video. After that, the system compares the Peak to Correlation Energy (PCE) calculated by the estimated PRNU and the reference profile with a threshold for authentication. Experiment results demonstrate PassFace can achieve satisfactory performance in authentication and attack resistance.

Song Chen,Weixin Li,Hongyu Yang,Di Huang,Yunhong Wang

DOI: https://doi.org/10.1109/fg47880.2020.00019

2020-01-01

Abstract:Face anti-spoofing has recently become more important to the wide application of Face Recognition (FR) techniques. Compared to Spoofing Attacks (SAs) of printed photos and replayed videos, 3D masks bring more challenges to FR systems. This paper proposes a novel approach to 3D face mask anti-spoofing, namely Multi-Modal Dynamics Fusion Network (MM-DFN), and different from the overwhelming majority of the methods in the literature that only employ RGB data, it highlights the credit of the geometry information delivered by depth sensors or reconstructed from RGB images. Dynamic texture and shape clues are respectively encoded by a two-branch deep CNN model at different rates so that discriminative details are sufficiently captured, and they are combined at intervals for more comprehensive description. Moreover, a 3D model guided data augmentation method is applied to generate a diversity of samples with various poses, which further enhances the anti-spoofing model. The proposed method is extensively evaluated on three public benchmarks, i.e. 3DMAD, HKBU-MARs V1 and SMAD, and the results achieved are state-of-the-art, demonstrating its effectiveness for this issue.

Man Zhou,Qian Wang,Qi Li,Peipei Jiang,Jingxiao Yang,Chao Shen,Cong Wang,Shouhong Ding

DOI: https://doi.org/10.48550/arXiv.2106.08013

2021-06-15

Abstract:Face authentication usually utilizes deep learning models to verify users with high recognition accuracy. However, face authentication systems are vulnerable to various attacks that cheat the models by manipulating the digital counterparts of human faces. So far, lots of liveness detection schemes have been developed to prevent such attacks. Unfortunately, the attacker can still bypass these schemes by constructing wide-ranging sophisticated attacks. We study the security of existing face authentication services (e.g., Microsoft, Amazon, and Face++) and typical liveness detection approaches. Particularly, we develop a new type of attack, i.e., the low-cost 3D projection attack that projects manipulated face videos on a 3D face model, which can easily evade these face authentication services and liveness detection approaches. To this end, we propose FaceLip, a novel liveness detection scheme for face authentication, which utilizes unforgeable lip motion patterns built upon well-designed acoustic signals to enable a strong security guarantee. The unique lip motion patterns for each user are unforgeable because FaceLip verifies the patterns by capturing and analyzing the acoustic signals that are dynamically generated according to random challenges, which ensures that our signals for liveness detection cannot be manipulated. Specially, we develop robust algorithms for FaceLip to eliminate the impact of noisy signals in the environment and thus can accurately infer the lip motions at larger distances. We prototype FaceLip on off-the-shelf smartphones and conduct extensive experiments under different settings. Our evaluation with 44 participants validates the effectiveness and robustness of FaceLip.

Cryptography and Security