Detecting face morphing: A simple guide to countering complex identity fraud

By | 11:12 PM Leave a Comment

Our reliance on face matching for identity verification is being challenged by the emergence of artificial intelligence (AI) and facial morphing technology. This technique involves digitally creating an image which is an average of two people’s faces, and which can deceive not only human examiners, but also facial recognition systems. The misuse of this technology can enable two individuals to use one ID, presenting a significant risk for businesses and governments.

facial morphing technology

In 2018, a group of activists merged a photo of Federica Mogherini, the High Representative of the European Union for Foreign Affairs and Security Policy, and a group member. Using this blended photo, they managed to obtain an authentic German passport. If they were real criminals and accomplices, they could share this passport to travel illegally. This is one of the purposes for which fraudsters can use facial morphing technology. Some of the worst-case scenarios include human trafficking.

The threat is real: there have been over 1,000 reported cases of face morphing attacks. In fact, due to the complexity of facial morphing detection, a number of documents with morphs might still be in circulation. With the increased availability of visual editors and printing devices, attempting to use face morphing for cheating identity verification systems has never been as easy as today. Even if all possible security measures are instantly implemented, IDs with morphed images inside will still be valid for the next 10 years.

To better understand how to approach this threat, we need to get a better idea of how morphs are created and make it into IDs.

How exactly are fraudsters trying to cheat you?

Facial morphing is a visual editing method of combining two (sometimes more) facial images to create a blended portrait. It’s often used for seamless realistic transformations between two faces in movies and computer games. Unfortunately, facial morphing technology is also being used for malicious purposes, such as creating fraudulent identity documents or impersonating someone online.

While morphing lets you fully transform one face into another, you can also stop the transformation midway and get a “morph”—an image of a non-existent person that looks like both input portraits. If criminals manage to get a morphed photo in a passport, it creates issues for any services that rely on facial recognition technology to verify the identity. The main target for such attacks is, of course, border controls. If the morph is convincing enough, it allows a wanted criminal to leave the country or illegally enter it using documents issued under another person’s name.

How do morphs get in passports at all?

There are two ways morphing attacks can occur.

The first scenario is machinations with fraudulently obtained but genuine IDs. This scheme involves a criminal and an accomplice without a criminal record. Their morphed photo is submitted along with the genuine personal data of the partner. In case of success, the criminal gets a de-facto genuine passport which is almost impossible to identify as fraudulent by criminalistic means alone. This is the worst-case scenario.

The second scenario is alteration of an existing genuine document (lost, stolen, or provided by an accomplice). This method is simpler but requires more skill from counterfeiters. When the morphed image is ready, they use a special printer to apply it over the existing photo in the document. This can involve overlaying the face entirely or altering individual features, such as the ears or eyes. The changes are printed in a thin layer, making them difficult to detect without special technical means.

Why the facial morphing threat shouldn’t be taken lightly

The main challenge with morphs is that they can be extremely hard to detect for both human inspectors and computer algorithms.

Of course, morphs may differ in quality and production methods used. Low-quality auto-generated images may include visible artifacts, such as ghosting silhouettes. However, a real attack by a criminal would likely involve their best efforts at selecting lookalike individuals and creating a high-quality morph with careful post-processing. In fact, there are currently no reliable solutions for detecting whether it’s a morph or a real person in a photo.

Although computer algorithms can assist in detecting morphs, they aren’t foolproof. According to ongoing tests conducted by NIST, the best-performing algorithm currently identifies 15% of low-quality morphed images as non-morphs, while among high-quality synthesized images, 88% will pass the check as genuine. Therefore, identifying morphs is a complex and ongoing challenge.

How to prevent facial morphing attacks

Detecting face morphing is challenging as no single method is entirely reliable. Therefore, to increase the success rate of detection, a multi-faceted approach is necessary. This approach should involve a combination of deliberate security measures, technical solutions, and awareness-raising tactics.

Live enrollment. One of the most effective ways to prevent getting a morphed image into an identity document is through live enrollment: capturing photos and other biometric data in the application office in person. This method ensures that the individual applying for a document is the same person depicted in the photo. However, remote services have become increasingly popular, especially since the pandemic. So, it’s important to have a powerful solution to handle the digital identity verification process. It should be able to read existing documents, evaluate image quality, perform liveness checks, and match a portrait to another reference photo.

Forensic devices. Another way to prevent morphing attacks is to equip checkpoints with forensic devices that can detect signs of manipulation in already issued documents. While confirming whether it’s a morph or not in a photo is still an evolving challenge, the huge benefit of using forensic devices is that they assist in detecting morphing by indirect signs.

For example: ID documents typically have a smooth surface. If there are any morphing elements printed on top, a spot and microrelief will be visible in that area. To be able to detect these signs of morphing attempts, the proper device should have high-quality oblique and sliding light sources that allow examination at a sharp angle.

Training. Last but not least, education on facial fraud attacks is crucial. Although facial morphing is a tricky thing for heads-on detection, for experts armed with forensic devices, this task is feasible. The main thing is to know what to look for and where. This knowledge is also valuable for professionals in fields such as law enforcement and border control, who may encounter morphed images in their line of work.

Additionally, education on facial morphing detection can help in the development of more effective technology and methods for preventing morphing attacks. With a better understanding of the techniques used by criminals and the challenges involved in detecting morphed images, researchers and developers can work to improve existing systems and create new solutions to combat this growing threat.


from Help Net Security https://ift.tt/uFADy8p

0 comments:

Post a Comment