Multi-factor authentication traditionally counts "knowledge" (e.g.,
passwords), "possession" (e.g., physical tokens), and "inherence"
(e.g., biometrics) as the three options available to choose from, but
Linux's pluggable authentication modules (PAM) support rarely delves
into the inherence realm. Most often, biometric authentication comes in the
form of fingerprint scanners, which can be found as a built-in feature
on plenty of laptops. The majority of new portables already ship with
built-in user-facing webcams, however, which opens the door to another
possibility: facial recognition. And there is a PAM module
capable of doing face-recognition authentication — although it
is far from robust.
The module is called, fittingly, pam_face_authentication, and
the project is hosted at
Google Code. It was initially developed over the course of 2008-2009
through the Google Summer of Code (GSoC) program, subsequently slowed
down (as all too many GSoC projects do), but has seen a small uptick
in activity in 2012.
The module uses the OpenCV
computer vision library to detect human faces in
the webcam image, identify features, and match them against its
database of samples. The samples are stored on a per-user basis, and
the recognizer needs to be trained for each user account by
accumulating a collection of snapshots. There is a Qt-based training
tool included in the downloads. The tool itself is simple enough to use, but the
real trick is amassing a large and robust enough collection of samples
to begin with.
The reason a sizable sample collection is vital is that all facial
recognition algorithms are sensitive to a number of environmental (for
lack of a better word) factors, including the size of the face in the
image captured, the tilt and orientation of the subject's head, and
the illumination. Given one particular laptop, the size of the image
is fairly predictable, but illumination is certainly not.
The pam_face_authentication algorithm works by detecting both
the subject's face and eyes in the camera image, then measuring the
distance between the eyes and their location in the oval of the face.
The measurements is used to scale the captured image in order to
compare it to the sample data. The actual comparison is based on a Haar
classifier, which extracts image features in a manner similar to
wavelet transformations. This technique is sensitive to lighting
changes because backlight and sidelight can skew the detection of the
face oval. OpenCV can overcome some illumination problems by
normalizing the captured image and by working in grayscale, but it is
not foolproof. Stray shadows can be mis-identified as one eye or the
other, and the method dictates that the subject not be wearing glasses
— which could be a practical inconvenience for many users. The
2009 GSoC project improved upon the original implementation, but it is
an area where there is plenty of room left to grow.
Ultimately, the only strategy available for improving the success rate
of the recognition process is to take a large number of sample
images, preferably in a range of lighting conditions. In blog
discussions about the module, several users mentioned taking a dozen
or more sample images to train the tool for their own face. The
OpenCV documentation notes that Haar classifiers are often trained on
"a few hundreds of sample views of a particular object."
That may sound daunting to all but the staunchly self-absorbed, but
practice makes perfect.
Still, the pam_face_authentication module is usable today.
The team has published Kubuntu packages in a personal package archive
(PPA) in the past, although they are no longer up to date.
from source is straightforward, though, with the chief hurdle being
the lengthy list of OpenCV-related dependencies. Once built, the PAM
module itself needs a configuration file at
/usr/share/pam-configs/face_authentication; the project's
Name: face_authentication profile
[success=end default=ignore] pam_face_authentication.so enableX
These settings will replace the password prompt in the system's
graphical greeter (e.g., GDM or KDM) with the module's webcam
viewport. The module must first be activated, though, with
pam-auth-update --package face_authentication
command persists across reboots, but it
should take effect immediately, and one can simply log out to test it.
When the user selects his or her username, the module
immediately begins sampling the webcam image looking for a human
face. When it detects and verifies the face as corresponding to the
selected user account, it proceeds with the login. If one has not
adequately trained the face-recognition database, though, the module
will relay a series of helpful instructions ("Keep proper distance
with the camera.", "Align your face.", etc.). Luckily, if these stage
directions get tiring, the module will eventually fail over and revert
to password-entry for login.
Image is everything
When it works, facial recognition login is slick and simple (plus
nicely futuristic-feeling). In practice, though, this module leaves a
bit to be desired. First and foremost, the training process deserves
more attention. The interface allows the user to snap picture after
picture, but there is not much feedback about the information
extracted. The preview image shows the face oval and the eyes as
detected by the algorithm, but nothing else. A visualization of the
composite model built from the image collection would be constructive.
There is also a high-to-low sensitivity slider under the advanced
settings, but it, too, is light on detail. One can click on the "Test"
button to see whether or not the current live image in the webcam
passes recognition, but there is only a yes/no response. A numeric
score, or a visual representation of the match, would improve the
experience and potentially shorten the time required to amass a
suitable image sample collection.
Together with the drawbacks of the facial recognition algorithm,
all of these limitations keep pam_face_authentication from
being a viable password replacement for any genuinely
security-conscious user. As it is, the 2D facial-recognition
algorithm requires considerable training to eliminate false negatives,
while remaining susceptible to simple attacks (e.g., holding up a
photograph of the targeted user). There are other facial recognition
algorithms to be considered, including some that construct a 3D model
of the user's face. Android has its own face authentication
mechanism, introduced in the "Ice Cream Sandwich" release, which
attempts to thwart the photograph attack by trying to detect blinks in
the live image.
Then again, an entirely separate issue is that this
implementation is a single-factor authentication module. A more
useful tool would be a PAM module that integrates facial recognition
with other factors; perhaps motivated developers will find
pam_face_authentication a decent starting point.
Biometrics are an iffy authentication proposition on their own —
a bandage or a scar can lock a user out of a system inadvertently,
after all — but the Linux community would do well to push
forward on them and physical authentication tokens as well. For all the
security that bad password selection and sloppy password storage
provide, any dedicated research on alternative authentication schemes
is a welcome change.
to post comments)