What is a Spoofing Attack? Prevention with Liveness Detection

Spoofing involves deceptive practice in which cybercriminals pretend to be trusted entities or devices to manipulate users into taking actions that benefit them. That’s why whenever an online scammer conceals their true identity by impersonating something else, it counts as a spoofing attack. Read more.

What is a spoofing attack and how to prevent it

If you think biometric face recognition systems are not vulnerable to spoofing attacks, you’re mistaken. Over the past few years, biometric face spoofing attacks have increased significantly all across the globe.

However, thankfully, we have liveness detection, which plays an extremely important role in identity verification by confirming the live presence of the individual, making it far more challenging for spoofers to impersonate someone else. What’s more, is that this technology enhances security while also improving the overall user experience in the authentication process.

In this post, we’re going in-depth regarding liveness detection techniques to help you prevent spoofing attacks and presentation attacks (PA).

Verify customers identity within 15 seconds. Schedule a free identity verification demo here.

What is a Spoofing Attack?

Two people with masks holding signs that say,
For those who don’t know, a spoofing attack is when a cybercriminal tries to gain illegitimate access to someone else’s rights through a photo, video, or other material for an authorized person’s face. If the attempt succeeds, the scam artist gains the rights of another person.

Spoofing attacks often exploit trust by pretending to be a familiar person or organization known to the victim. In certain scenarios, like phishing with website spoofing, these fraudulent messages may even be customized to the victim’s identity, aiming to deceive them into thinking the communication is genuine. When users are unaware of the scam, they become vulnerable to falling victim to a spoofing attack.

There are numerous ways hackers can execute face spoofing attacks. Let’s have a look at some common methods below.

Classifications of a Spoofing Attack

People attempting face spoofing with 2d and 3d printed masks
Most of the face spoofing attacks come under the category of presentation attacks. Such attacks involve using 2D and 3D — statistic or dynamic — objects to deceive facial recognition software:

  • 2D Presentation Attacks: Static 2D attacks are conducted using facial masks, photographs, or flat paper, while dynamic versions use multiple pictures in a sequence or screen video replays.
  • 3D Presentation Attacks: In 3D static presentation attacks, cybercriminals use 3D prints and sculptures, whereas, in dynamic versions, they use advanced robots to fool face recognition solutions.

Of course, these are not the only methods spoofers use. Presentation attacks are evolving with technology. However, due to technological limitations, 2D attacks are comparatively widespread.

It’s true that face recognition systems can easily be exposed to spoofing attacks; it doesn’t mean you can’t do anything to prevent them. Some biometric liveness checks can help you fight against hacking attempts.

And now, let’s get to know about some techniques to prevent face recognition spoofing.

How to Prevent a Spoofing Attack with Liveness Detection?

Liveness detection example showing two faces: photo on the phone marked as fake and a person holding the phone marked as real
There are various methods to counter face spoof attacks. They all come under the general term of “liveness detection.”

Liveness detection aims to identify if a face is alive or created by cybercrooks. In short, the technology detects the difference between a real face and a replica.

There are two major approaches when it comes to liveness detection, known as active and passive liveness detection. The active approach needs users to evidence their “liveness” by communicating with a face recognition system. On the contrary, passive liveness detection is hidden from the end-user and doesn’t need any action on its side.

The difference between active and passive liveness checks is user involvement. Active checks require users to perform specific actions to prove their live presence, while passive checks do not rely on user participation and aim to detect liveness through automated analysis.

We go into more detail below:

Active Liveness Detection

As mentioned above, active face liveness detection is an interactive approach to detect fraud; users have to stand in front of a camera and perform certain actions to demonstrate their rights or privileges with the system.

For example, these actions could be a smile, nod, blink, etc. In some cases, these actions could be randomized to add an extra layer of security to the system. Users won’t be able to gain access until they don’t complete all the required actions.

The choice between active and passive liveness checks depends on the specific use case and the balance between security and user experience. Active checks are often preferred when a higher level of security is required, while passive checks may be more suitable for applications where user convenience is a priority.

Passive Liveness Detection

In some cases, passive liveness detection proves a convenient protection option. Passive liveness checks are designed to be less intrusive and more user-friendly since users do not need to perform any actions. They aim to detect liveness while minimizing user interaction.

With this type of detection, there is no way for users to find out that they are being tested. The detection devices manage everything on their own. In general, passive liveness checks use advanced algorithms and sensors to analyze various biometric data, such as facial movements, thermal signatures, or even pulse detection, without any explicit user involvement.

Illustration of a face detection system
Now it’s clear that face detection systems based on 2D and 3D images are vulnerable to spoofing attacks. However, it’s also true that such attacks can be prevented using liveness detection techniques based on texture, motion, shape, color, or reflectance.

Ensure your customers are real. Schedule a free demo here.

Check out some popular liveness detection techniques below:

Eye Blink Detection

Eyeblink detection has the highest accuracy. Natural eye blinking is a straightforward way to find out whether or not a face is live. The average human being blinks 15 to 30 times every minute, and eyes stay shut for approximately 250 milliseconds during a blink.

The modern, state-of-the-art cameras are capable of recording videos with far smaller intervals between frames. Consequently, eye blink detection implementation can help you identify and prevent possible presentation attacks. Deep learning can be added to this technique to enhance its effectiveness.

Deep Learning

It is another effective solution that can help you with anti-spoofing. A convolutional neural network or CNN can be trained to determine the difference between real and spoofed photos. Already a lot of businesses have brought this technology into use to protect their systems.

Challenge-Response Technique

A challenge-response system validates the identity of a user based on a series of challenges, such as head movements, smiles, and facial expressions of happiness and sadness.

3D Cameras

3D Cameras are considered one of the most reliable techniques to prevent spoofing techniques. These cameras can determine the difference between a face and a flat shape. Therefore, they provide high accuracy against presentation attacks.

Active Flash

Active Flash reduces the risk of presentation attacks by enabling us to identify spoofing using the reflections of light on a face. It involves using a changing light environment offered by the extra light that comes from a device’s screen. The white light gives sufficient facial reflection.

What Else Can You Expect Next for Anti-Spoofing Technology?

iDenfy superhero
There is much more you can expect from liveness detection technologies in the coming years. With the combined use of artificial intelligence and deep learning, face anti-spoofing technology can be made more robust and effective.

iDenfy provides a wide range of advanced identity verification solutions such as face recognition, liveness detection, identity document check, and more. Our proposed liveness detection is patented and certified with iBeta Level 1 and Level 2 in the Presentation Attack Detection (PAD) test guided by ISO 30107.

If you’re looking for a reliable partner for any of these services, contact us.

This blog post was updated on the 4th of October, 2023, to reflect the latest insights.

Save costs by onboarding more verified users

Join hundreds of businesses that successfully integrated iDenfy in their processes and saved money on failed verifications.