Academia.eduAcademia.edu

Outline

Title
Abstract
Introduction
User Study Results
Experimental Evaluation
Limitations and Future Work
Related Work
Conclusions
References
All Topics
Computer Science

Faces in the Distorting Mirror

Profile image of Sotiris IoannidisSotiris Ioannidis

2014, Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security

https://doi.org/10.1145/2660267.2660317
visibility

description

12 pages

link

1 file

Abstract

In an effort to hinder attackers from compromising user accounts, Facebook launched a form of two-factor authentication called social authentication (SA), where users are required to identify photos of their friends to complete a log-in attempt. Recent research, however, demonstrated that attackers can bypass the mechanism by employing face recognition software. Here we demonstrate an alternative attack that employs image comparison techniques to identify the SA photos within an offline collection of the users' photos. In this paper, we revisit the concept of SA and design a system with a novel photo selection and transformation process, which generates challenges that are robust against these attacks. The intuition behind our photo selection is to use photos that fail software-based face recognition, while remaining recognizable to humans who are familiar with the depicted people. The photo transformation process creates challenges in the form of photo collages, where faces are transformed so as to render image matching techniques ineffective. We experimentally confirm the robustness of our approach against three template matching algorithms that solve 0.4% of the challenges, while requiring four orders of magnitude more processing effort.. Furthermore, when the transformations are applied, face detection software fails to detect even a single face. Our user studies confirm that users are able to identify their friends in over 99% of the photos

Related papers

Face/Off: Preventing Privacy Leakage From Photos in Social Networks
P. Ilia

The capabilities of modern devices, coupled with the almost ubiquitous availability of Internet connectivity, have resulted in photos being shared online at an unprecedented scale. This is further amplified by the popularity of social networks and the immediacy they offer in content sharing. Existing access control mechanisms are too coarse-grained to handle cases of conflicting interests between the users associated with a photo; stories of embarrassing or inappropriate photos being widely accessible have become quite common. In this paper, we propose to rethink access control when applied to photos, in a way that allows us to effectively prevent unwanted individuals from recognizing users in a photo. The core concept behind our approach is to change the granularity of access control from the level of the photo to that of a user's personally identifiable information (PII). In this work, we consider the face as the PII. When another user attempts to access a photo, the system determines which faces the user does not have the permission to view, and presents the photo with the restricted faces blurred out. Our system takes advantage of the existing face recognition functionality of social networks, and can interoperate with the current photo-level access control mechanisms. We implement a proof-of-concept application for Facebook, and demonstrate that the performance overhead of our approach is minimal. We also conduct a user study to evaluate the privacy offered by our approach, and find that it effectively prevents users from identifying their contacts in 87.35% of the restricted photos. Finally, our study reveals the misconceptions about the privacy offered by existing mechanisms, and demonstrates that users are positive towards the adoption of an intuitive, straightforward access control mechanism that allows them to manage the visibility of their face in published photos.

View PDFchevron_right
NEMEC, L., DRUŽOVEC, M., WELZER-DRUŽOVEC, T., & HÖLBL, M. (2012). Technical background and privacy concerns on Facebook's facial recognition feature. Paper presented at the 23rd EAEEIE Annual Conference, Cagliari, Sardinia, Italy.
Lili Nemec Zlatolas

Facebook has launched a facial recognition feature and incorporated it by default for all users. This feature is also known as Photo Tag Suggest. It enables the automatic scanning of faces on newly uploaded photos and matches these faces with new photos with Facebook users on existing photos. To the best of our knowledge, Facebook has never published any information about the technologies that this feature uses and, therefore, we have investigated the possible technologies used for a feature seen as this. Facebook's facial recognition feature associates tags with the accounts of other Facebook users. This is most likely done by comparing different faces within their database and by also taking their social contexts into account. This paper also reviews privacy concerns relating to Facebook's facial recognition features based on a research conducted amongst students using Facebook and also presents guidelines and suggestions for increasing privacy awareness.

View PDFchevron_right
Redesigning photo-ID to improve unfamiliar face matching performance
David White

Journal of Experimental Psychology: Applied, 2014

Viewers find it difficult to match photos of unfamiliar faces for identity. Despite this, the use of photographic ID is widespread. In this study we ask whether it is possible to improve face matching performance by replacing single photographs on ID documents with multiple photos or an average image of the bearer. In 3 experiments we compare photo-to-photo matching with photo-to-average matching (where the average is formed from multiple photos of the same person) and photo-to-array matching (where the array comprises separate photos of the same person). We consistently find an accuracy advantage for average images and photo arrays over single photos, and show that this improvement is driven by performance in match trials. In the final experiment, we find a benefit of 4-image arrays relative to average images for unfamiliar faces, but not for familiar faces. We propose that conventional photo-ID format can be improved, and discuss this finding in the context of face recognition more generally.

View PDFchevron_right
My Security My Right: Control of photograph sharing in Online Social Media: overview
Editor IJAERD

— Photo sharing is an attractive feature which popularizes Online Social Networks (OSNs). Unfortunately, it may leak users' privacy if they are allowed to post, comment, and tag a photo freely. In this paper, we attempt to address this issue and study the scenario when a user shares a photo containing individuals other than himself/herself (termed co-photo for short). To prevent possible privacy leakage of a photo, we design a mechanism to enable each individual in a photo be aware of the posting activity and participate in the decision making on the photo posting. For this purpose, we need an efficient facial recognition (FR) system that can recognize everyone in the photo. However, more demanding privacy setting may limit the number of the photos publicly available to train the FR system[1]. To deal with this dilemma, our mechanism attempts to utilize users' private photos to design a personalized FR system specifically trained to differentiate possible photo co-owners without leaking their privacy. We also develop a distributed consensus based method to reduce the computational complexity and protect the private training set. We show that our system is superior to other possible approaches in terms of privacy using encryption algorithm and opensource. Our mechanism is implemented as a proof of concept Android application on Face book's platform.

View PDFchevron_right
Cryptagram: Photo Privacy for Online Social Media
Chris Bregler

While Online Social Networks (OSNs) enable users to share photos easily, they also expose users to several privacy threats from both the OSNs and external entities. The current privacy controls on OSNs are far from adequate, resulting in inappropriate flows of information when users fail to understand their privacy settings or OSNs fail to implement policies correctly. OSNs may further complicate privacy expectations when they reserve the right to analyze uploaded photos using automated face identification techniques.

View PDFchevron_right
Evaluating Secure Methodology for Photo Sharing in Online Social Networks
Athar Alwabel

Applied Sciences

Social media has now become a part of people’s lives. That is, today people interact on social media in a way that never happened before, and its important feature is to share photos and events with friends and family. However, there are risks associated with posting pictures on social media by unauthorized users. One of these risks is the privacy violation, where the published pictures can reveal more details and personal information. Since this issue has not yet investigated, this paper thus evaluates a methodology to address this issue, which is a precedent of its kind. In particular, our methodology relies on effective systems for detecting faces and recognizing faces in published images using facial recognition techniques. To evaluate the proposed idea, we developed an application using convolutional neural network (CNN) and the results showed that the proposed methodology can protect privacy and reduce its violation on online social networks.

View PDFchevron_right
Reconstructing a Fragmented Face from an Attacked Secure Identication Protocol
andy luong

2011

Secure facial identification systems compare an input face to a protected list of subjects. If this list were to be made public, there would be a severe privacy/confidentiality breach. A common approach to protect these lists of faces is to store a representation (descriptor or vector) of the face that is not directly mappable to its original form. In this thesis, we consider a recently developed secure identification system, Secure Computation of Face Identification (SCiFI) [1], that utilizes an index-based facial vector to discretely compress the representation of a face image. A facial descriptor of this system does not allow for a complete reverse mapping. However, we show that if a malicious user is able to obtain a facial descriptor, it is possible that he/she can reconstruct an identifiable human face. We develop a novel approach to initially assemble the information given by the SCiFI protocol to create a fragmented face. This image has large missing regions due to SCiFI's facial representation. Thus, we estimate the missing regions of the face using an iterative Principal Component Analysis (PCA) technique. This is done by first building a face subspace based on a public set of human faces. Then, given the assembled image from the SCiFI protocol, we iteratively project this image in and out of the subspace to obtain a complete human face. Traditionally, PCA reconstruction techniques have been used to estimate very small or specific occluded regions of a face image; these techniques have also been used in facial recognition such as through a k-nearest neighbor approach. However, in our new method, we use it to synthesize 60% to 80% of a human face for facial identification. We explore novel methods of comparing images from different subspaces using metric learning and other forms of facial descriptors. We test our reconstruction with face identification tasks given to a human and a computer. Our results show that our reconstructions are consistently more informative than what is extracted from the SCiFI facial descriptor alone. In addition, these tasks show that our reconstructions are identifiable by humans and computers. The success of our approach implies that a malicious attacker could expose the faces on a registered database.

View PDFchevron_right
Reconstructing a fragmented face from a cryptographic identification protocol
andy luong

2013 IEEE Workshop on Applications of Computer Vision (WACV), 2013

Secure Computation of Face Identification (SCiFI) [20] is a recently developed secure face recognition system that ensures the list of faces it can identify (e.g., a terrorist watch list) remains private. In this work, we study the consequences of malformed input attacks on the system-from both a security and computer vision standpoint. In particular, we present 1) a cryptographic attack that allows a dishonest user to undetectably obtain a coded representation of faces on the list, and 2) a visualization approach that exploits this breach, turning the lossy recovered codes into human-identifiable face sketches. We evaluate our approach on two challenging datasets, with face identification tasks given to a computer and human subjects. Whereas prior work considered security in the setting of honest inputs and protocol execution, the success of our approach underscores the risk posed by malicious adversaries to todays automatic face recognition systems.

View PDFchevron_right
Face Recognition on Consumer Devices: Reflections on Replay Attacks
Arnold Wiliem

IEEE Transactions on Information Forensics and Security, 2015

Widespread deployment of biometric systems supporting consumer transactions is starting to occur. Smart consumer devices, such as tablets and phones, have the potential to act as biometric readers authenticating user transactions. However, the use of these devices in uncontrolled environments is highly susceptible to replay attacks where these biometric data are captured and replayed at a later time. Current approaches to counter replay attacks in this context are inadequate. In order to show this, we demonstrate a simple replay attack that is 100% effective against a recent state-of-the-art face recognition system; this system was specifically designed to robustly distinguish between live people and spoofing attempts such as photographs. This paper proposes an approach to counter replay attacks for face recognition on smart consumer devices using a noninvasive challenge and response technique. The image on the screen creates the challenge, and the dynamic reflection from the person's face as they look at the screen forms the response. The sequence of screen images and their associated reflections digitally watermarks the video. By extracting the features from the reflection region, it is possible to determine if the reflection matches the sequence of images that were displayed on the screen. Experiments indicate that the face reflection sequences can be classified under ideal conditions with a high degree of confidence. These encouraging results may pave the way for further studies in the use of video analysis for defeating biometric replay attacks on consumer devices.

View PDFchevron_right
Secure Face Recognition for Mobile Applications
Brian Lovell

2014

Biometric systems are generally restricted to specialist deployments and require expensive equipment. However, the world has recently experienced the widespread rollout of cheap biometric devices in the form of smart phones and tablets. One of the main drivers for mainstream adoption of biometric technologies is the need to address continuing problems with authenticating to online systems. These mobile devices may now be suitable to provide biometric-based authentication to a wide user population. This chapter discusses the different ways that face recognition can be used on smart mobile devices. The authors highlight the online authentication problem and show how three-factor authentication can address many pressing issues. They also discuss the ways that such a system could be attacked, and focus on replay attacks which have yet to be seriously addressed in the literature. The authors conclude with a brief examination of the current research into addressing replay attacks.

View PDFchevron_right

References (28)

  1. Amazon Mechanical Turk. https://www.mturk.com/mturk/.
  2. Eurograbber. https://www.checkpoint.com/products/downloads/ whitepapers/Eurograbber_White_Paper.pdf.
  3. Facebook Acquires Face.com. http://mashable.com/ 2012/06/18/facebook-acquires-face-com/.
  4. Facebook Introducing Login Approvals. https://www.facebook.com/note.php?note_id= 10150172618258920.
  5. Google 2-step. http://www.google.com/landing/2step/.
  6. L. Bilge, T. Strufe, D. Balzarotti, and E. Kirda. All your contacts are belong to us: automated identity theft attacks on social networks. In Proceedings of the 18th International Conference on World Wide Web. ACM, 2009.
  7. Y. Boshmaf, I. Muslukhov, K. Beznosov, and M. Ripeanu. The socialbot network: when bots socialize for fame and money. In Proceedings of the Annual Computer Security Applications Conference. ACM, 2011.
  8. E. Bursztein, S. Bethard, C. Fabry, J. C. Mitchell, and D. Jurafsky. How good are humans at solving CAPTCHAs? A large scale evaluation. In Proceedings of the 2010 IEEE Symposium on Security and Privacy. IEEE, 2010.
  9. M. Egele, L. Bilge, E. Kirda, and C. Kruegel. Captcha smuggling: Hijacking web browsing sessions to create captcha farms. In Proceedings of the 2010 ACM Symposium on Applied Computing, SAC '10', pages 1865-1870. ACM, 2010.
  10. M. Egele, G. Stringhini, C. Kruegel, and G. Vigna. COMPA: Detecting Compromised Accounts on Social Networks. In ISOC Network and Distributed System Security Symposium (NDSS), 2013.
  11. S. Gauglitz, T. Höllerer, and M. Turk. Evaluation of interest point detectors and feature descriptors for visual tracking. Int. J. Computer Vision, 94(3):335-360, 2011.
  12. G. Goswami, B. M. Powell, M. Vatsa, R. Singh, and A. Noore. FaceDCAPTCHA: Face detection based color image CAPTCHA. In Future Generation Computer Systems (September 2012).
  13. J. Huang, Y. Xie, F. Yu, Q. Ke, M. Abadi, E. Gillum, and Z. M. Mao. Socialwatch: detection of online service abuse via large-scale social In Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security, ASIA CCS '13', 2013.
  14. D. Irani, M. Balduzzi, D. Balzarotti, E. Kirda, and C. Pu. Reverse social engineering attacks in online social networks. In Proceedings of the 8th international conference on Detection of intrusions and malware, and vulnerability assessment, DIMVA'11, 2011.
  15. E. Jeremy, J. R. Douceur, J. Howell, and J. Sault. Asirra: a CAPTCHA that exploits interest-aligned manual image categorization. In Proceedings of the 14th ACM conference on Computer and communications security (CCS). ACM, 2007.
  16. H. Kim, J. Tang, and R. Anderson. Social authentication: harder than it looks. In Proceedings of the 2012 Financial Cryptography and Data Security conference. Springer.
  17. G. Kontaxis, M. Polychronakis, A. D. Keromytis, and E. P. Markatos. Privacy-preserving social plugins. In Proceedings of the 21st USENIX conference on Security symposium, Security'12. USENIX Association.
  18. Y. Liu, K. P. Gummadi, B. Krishnamurthy, and A. Mislove. Analyzing facebook privacy settings: User expectations vs. reality. In Proceedings of the 2011 ACM SIGCOMM Conference on Internet Measurement Conference, IMC '11'. ACM, 2011.
  19. M. Motoyama, K. Levchenko, C. Kanich, D. McCoy, G. M. Voelker, and S. Savage. Re: Captchas: understanding captcha-solving services in an economic context. In Proceedings of the 19th USENIX conference on Security, USENIX Security'10. USENIX Association, 2010.
  20. I. Polakis, M. Lancini, G. Kontaxis, F. Maggi, S. Ioannidis, A. Keromytis, and S. Zanero. All your face are belong to us: Breaking facebook's social authentication. In Proceedings of the 28th Annual Computer Security Applications Conference, ACSAC '12'. ACM, 2012.
  21. A. Rice. Facebook -A Continued Commitment to Security, Jan 2011. http: //www.facebook.com/blog.php?post=486790652130.
  22. Y. Rui and Z. Liu. Artifacial: Automated reverse turing test using facial features. In In Multimedia, pages 295-298. ACM Press, 2003.
  23. A. Shulman. The underground credentials market. Computer Fraud & Security, 2010(3):5-8, March 2010.
  24. Y. Taigman and L. Wolf. Leveraging billions of faces to overcome performance barriers in unconstrained face recognition. CoRR, abs/1108.1122, 2011.
  25. B. E. Ur and V. Ganapathy. Evaluating attack amplification in online social networks. In Proceedings of the 2009 Web 2.0 Security and Privacy Workshop.
  26. S. Vikram, Y. Fan, and G. Gu. SEMAGE: A New Image-based Two-Factor CAPTCHA. In Proceedings of 2011 Annual Computer Security Applications Conference (ACSAC'11), December 2011.
  27. S. Yardi, N. Feamster, and A. Bruckman. Photo-based authentication using social networks. In Proceedings of the first workshop on Online social networks, WOSN '08'. ACM, 2008.
  28. B. B. Zhu, J. Yan, Q. Li, C. Yang, J. Liu, N. Xu, M. Yi, and K. Cai. Attacks and design of image recognition captchas. In Proceedings of the 17th ACM conference on Computer and communications security, CCS '10'. ACM, 2010.

Related papers

Faces in the distorting mirror: Revisiting photo-based social authentication
Stefano Zanero, P. Ilia, Marco Lancini

In an effort to hinder attackers from compromising user accounts, Facebook launched a form of two-factor authentication called social authentication (SA), where users are required to identify photos of their friends to complete a log-in attempt. Recent research, however, demonstrated that attackers can bypass the mechanism by employing face recognition software. Here we demonstrate an alternative attack that employs image comparison techniques to identify the SA photos within an offline collection of the users' photos.

View PDFchevron_right
All your face are belong to us: Breaking Facebook's social authentication
Stefano Zanero

ACM International Conference Proceeding Series, 2012

Two-factor authentication is widely used by high-value services to prevent adversaries from compromising accounts using stolen credentials. Facebook has recently released a two-factor authentication mechanism, referred to as Social Authentication, which requires users to identify some of their friends in randomly selected photos. A recent study has provided a formal analysis of social authentication weaknesses against attackers inside the victim's social circles. In this paper, we extend the threat model and study the attack surface of social authentication in practice, and show how any attacker can obtain the information needed to solve the challenges presented by Facebook. We implement a proof-of-concept system that utilizes widely available face recognition software and cloud services, and evaluate it using real public data collected from Facebook. Under the assumptions of Facebook's threat model, our results show that an attacker can obtain access to (sensitive) information for at least 42% of a user's friends that Facebook uses to generate social authentication challenges. By relying solely on publicly accessible information, a casual attacker can solve 22% of the social authentication tests in an automated fashion, and gain a significant advantage for an additional 56% of the tests, as opposed to just guessing. Additionally, we simulate the scenario of a determined attacker placing himself inside the victim's social circle by employing dummy accounts. In this case, the accuracy of our attack greatly increases and reaches 100% when 120 faces per friend are accessible by the attacker, even though it is very accurate with as little as 10 faces.

View PDFchevron_right
Social Authentication: Harder Than It Looks
Hyoungshick Kim

Financial Cryptography and Data Security, 2012

A number of web service firms have started to authenticate users via their social knowledge, such as whether they can identify friends from photos. We investigate attacks on such schemes. First, attackers often know a lot about their targets; most people seek to keep sensitive information private from others in their social circle. Against close enemies, social authentication is much less effective. We formally quantify the potential risk of these threats. Second, when photos are used, there is a growing vulnerability to face-recognition algorithms, which are improving all the time. Network analysis can identify hard challenge questions, or tell a social network operator which users could safely use social authentication; but it could make a big difference if photos weren't shared with friends of friends by default. This poses a dilemma for operators: will they tighten their privacy default settings, or will the improvement in security cost too much revenue?

View PDFchevron_right
Photo-Based Authentication Using Social Networks
Sarita Yardi Schoenebeck

We present Lineup, a system that uses the social network graph in Facebook and auxiliary information (e.g., “tagged” user photos) to build a photo-based Web site authentication framework. Lineup’s underlying mechanism leverages the concept of CAPTCHAs, programs that are designed to distinguish bots from human users. Lineup extends this functionality to help a Web site ascertain a user’s identity or membership in a certain group (e.g., an interest group, invitees to a certain event) in order to infer some level of trust. Lineup works by presenting a user with photographs and asking the user to identify subjects in the photo whom a user with the appropriate identity or group membership should know. We present the design and implementation for Lineup, describe a preliminary prototype implementation, and discuss Lineup’s security properties, including possible guarantees and threats.

View PDFchevron_right
HoneyFaces: Increasing the Security and Privacy of Authentication Using Synthetic Facial Images
mor Ohana

ArXiv, 2016

One of the main challenges faced by Biometric-based authentication systems is the need to offer secure authentication while maintaining the privacy of the biometric data. Previous solutions, such as Secure Sketch and Fuzzy Extractors, rely on assumptions that cannot be guaranteed in practice, and often affect the authentication accuracy. In this paper, we introduce HoneyFaces: the concept of adding a large set of synthetic faces (indistinguishable from real) into the biometric "password file". This password inflation protects the privacy of users and increases the security of the system without affecting the accuracy of the authentication. In particular, privacy for the real users is provided by "hiding" them among a large number of fake users (as the distributions of synthetic and real faces are equal). In addition to maintaining the authentication accuracy, and thus not affecting the security of the authentication process, HoneyFaces offer several security impr...

View PDFchevron_right

Related topics

  • Computer Science

    • Cited by

    Style matching CAPTCHA: match neural transferred styles to thwart intelligent attacks
    Asish Bera

    Multimedia Systems, 2023

    Completely Automated Public Turing Test to Tell Computers and Humans Apart (CAPTCHA) is widely used to prevent malicious automated attacks on various online services. Text-and image-CAPTCHAs have shown broader acceptability due to usability and security factors. However, recent progress in deep learning implies that text-CAPTCHAs can easily be exposed to various fraudulent attacks. Thus, image-CAPTCHAs are getting research attention to enhance usability and security. In this work, the Neural Style Transfer (NST) is adapted for designing an image-CAPTCHA algorithm to enhance security while maintaining human performance. In NST-rendered image-CAPTCHAs, existing methods inquire a user to identify or localize the salient object (e.g., content) which is solvable effortlessly by off-the-shelf intelligent tools. Contrarily, we propose a Style Matching CAPTCHA (SMC) that asks a user to select the style image which is applied in the NST method. A user can solve a random SMC challenge by understanding the semantic correlation between the content and style output as a cue. The performance in solving SMC is evaluated based on the 1368 responses collected from 152 participants through a web-application. The average solving accuracy in three sessions is 95.61%; and the average response time for each challenge per user is 6.52 seconds, respectively. Likewise, a Smartphone Application (SMC-App) is devised using the proposed method. The average solving accuracy through SMC-App is 96.33%, and the average solving time is 5.13 seconds. To evaluate the vulnerability of SMC, deep learning-based attack schemes using Convolutional Neural Networks (CNN), such as ResNet-50 and Inception-v3 are simulated. The average accuracy of attacks considering various studies on SMC using ResNet-50 and Inception-v3 is 37%, which is improved over

    View PDFchevron_right
    580 California St., Suite 400
    San Francisco, CA, 94104
    © 2025 Academia. All rights reserved