Professor’s XiaoFeng Wang’s recent research is making online news from general news outlets to technology trend websites. Leading a team at the Indiana University’s Security & Privacy in Informatics, Computing, and engineering group, Professor Wang’s team has developed a hat that can confuse and trick facial recognition software.
Facial recognition software is a quickly evolving software which is rapidly entering our lives with a myriad of security and privacy implications and concerns. From increasing use by police at public events to document verification, to applications marketed to individuals for identifying strangers, use of facial recognition by state entities presents a privacy challenge.
Researchers at Indiana University’s center of Security and Privacy in Informatics, Computing, and Engineering (SPICE) have developed a tool that can protect individual’s privacy as they move around in public spaces. This is not for controlled interactions like a driver’s license photo. Using infra-red light, they invented a hat that bathes a user’s face with light that while invisible to the human eye, but is visible to cameras. Using the light to change the image the computer processes, the hat can either render the user’s face unrecognizable or can even spoof the computer into believing the user is someone else.
Through launching this kind of attack, an attacker not only can dodge surveillance cameras. More importantly, he can impersonate his target victim and pass the face authentication system, if only the victim’s photo is acquired by the attacker. Again, the attack is totally unobservable by nearby people, because not only the light is invisible, but also the device we made to launch the attack is small enough. According to our study on a large dataset, attackers have a very high success rate with a over 70% success rate for finding such an adversarial example that can be implemented by infrared. To the best of our knowledge, our work is the first one to shed light on the severity of threat resulted from infrared adversarial examples against face recognition.
The combination of invisibility of the defense and success in defeating recognition software not only make this research solution unique, but also make it a viable and practical solution. There are a few features the team wants to make to the device including automatic calibration that would dynamically adjust per attacker and an infrared projector to extend the degree of effectiveness in spoofing. Even without these improvements, the team succeeded in their goal of proving facial recognition to be far from secure and users far from helpless in their need for personal privacy in public spaces.
Based on our findings and attacks, we conclude that face recognition techniques today are still far from secure and reliable when being applied to critical scenarios like authentication and surveillance.
SPICE is IU’s center on digital privacy, system security, usable security, and cybersecurity. Located on the campus of Indiana University Bloomington, it hosts a variety of research teams as well as IU’s Internet of Things research house. Dedicated to research, education, and outreach, SPICE’s interdisciplinary work has impact in practical, governmental, and educational spaces worldwide.
A full copy of the research paper is published here.