Understanding OSN-based Facial Disclosure against Face Authentication Systems
Conference Proceeding Article
Face authentication is one of promising biometrics-based user authentication mechanisms that have been widely available in this era of mobile computing. With built-in camera capability on smart phones, tablets, and laptops, face authentication provides an attractive alternative of legacy passwords for its memory-less authentication process. Although it has inherent vulnerability against spoofing attacks, it is generally considered sufficiently secure as an authentication factor for common access protection. However, this belief becomes questionable since image sharing has been popular in online social networks (OSNs). A huge number of personal images are shared every day and accessible to potential adversaries. This OSN-based facial disclosure (OSNFD) creates a significant threat against face authentication. In this paper, we make the first attempt to quantitatively measure the threat of OSNFD. We examine real-world face-authentication systems designed for both smartphones, tablets, and laptops. Interestingly, our results find that the percentage of vulnerable images that can used for spoofing attacks is moderate, but the percentage of vulnerable users that are subject to spoofing attacks is high. The difference between systems designed for smartphones/tablets and laptops is also significant. In our user study, the average percentage of vulnerable users is 64% for laptop-based systems, and 93% for smartphone/tablet-based systems. This evidence suggests that face authentication may not be suitable to use as an authentication factor, as its confidentiality has been significantly compromised due to OSNFD. In order to understand more detailed characteristics of OSNFD, we further develop a risk estimation tool based on logistic regression to extract key attributes affecting the success rate of spoofing attacks. The OSN users can use this tool to calculate risk scores for their shared images so as to increase their awareness of OSNFD.
OSN-based facial disclosure, face authentication, online social networks
ASIA CCS '14: Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, June 4-6, 2014, Kyoto
City or Country
LI, Yan; XU, Ke; YAN, Qiang; LI, Yingjiu; and DENG, Robert H..
Understanding OSN-based Facial Disclosure against Face Authentication Systems. (2014). ASIA CCS '14: Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, June 4-6, 2014, Kyoto. 413-424. Research Collection School Of Information Systems.
Available at: http://ink.library.smu.edu.sg/sis_research/2604