A look at PAM face-recognition authentication

Multi-factor authentication traditionally counts "knowledge" (e.g., passwords), "possession" (e.g., physical tokens), and "inherence" (e.g., biometrics) as the three options available to choose from, but Linux's pluggable authentication modules (PAM) support rarely delves into the inherence realm. Most often, biometric authentication comes in the form of fingerprint scanners, which can be found as a built-in feature on plenty of laptops. The majority of new portables already ship with built-in user-facing webcams, however, which opens the door to another possibility: facial recognition. And there is a PAM module capable of doing face-recognition authentication — although it is far from robust.

About face

The module is called, fittingly, pam_face_authentication, and the project is hosted at Google Code. It was initially developed over the course of 2008-2009 through the Google Summer of Code (GSoC) program, subsequently slowed down (as all too many GSoC projects do), but has seen a small uptick in activity in 2012.

The module uses the OpenCV computer vision library to detect human faces in the webcam image, identify features, and match them against its database of samples. The samples are stored on a per-user basis, and the recognizer needs to be trained for each user account by accumulating a collection of snapshots. There is a Qt-based training tool included in the downloads. The tool itself is simple enough to use, but the real trick is amassing a large and robust enough collection of samples to begin with.

The reason a sizable sample collection is vital is that all facial recognition algorithms are sensitive to a number of environmental (for lack of a better word) factors, including the size of the face in the image captured, the tilt and orientation of the subject's head, and the illumination. Given one particular laptop, the size of the image is fairly predictable, but illumination is certainly not.

The pam_face_authentication algorithm works by detecting both the subject's face and eyes in the camera image, then measuring the distance between the eyes and their location in the oval of the face. The measurements is used to scale the captured image in order to compare it to the sample data. The actual comparison is based on a Haar classifier, which extracts image features in a manner similar to wavelet transformations. This technique is sensitive to lighting changes because backlight and sidelight can skew the detection of the face oval. OpenCV can overcome some illumination problems by normalizing the captured image and by working in grayscale, but it is not foolproof. Stray shadows can be mis-identified as one eye or the other, and the method dictates that the subject not be wearing glasses — which could be a practical inconvenience for many users. The 2009 GSoC project improved upon the original implementation, but it is an area where there is plenty of room left to grow.

Ultimately, the only strategy available for improving the success rate of the recognition process is to take a large number of sample images, preferably in a range of lighting conditions. In blog discussions about the module, several users mentioned taking a dozen or more sample images to train the tool for their own face. The OpenCV documentation notes that Haar classifiers are often trained on "a few hundreds of sample views of a particular object." That may sound daunting to all but the staunchly self-absorbed, but practice makes perfect.

Deployment

Still, the pam_face_authentication module is usable today. The team has published Kubuntu packages in a personal package archive (PPA) in the past, although they are no longer up to date. Installation from source is straightforward, though, with the chief hurdle being the lengthy list of OpenCV-related dependencies. Once built, the PAM module itself needs a configuration file at /usr/share/pam-configs/face_authentication; the project's documentation suggests:

    Name: face_authentication profile
    Default: yes
    Priority: 900
    Auth-Type: Primary
    Auth:
    [success=end default=ignore] pam_face_authentication.so enableX

These settings will replace the password prompt in the system's graphical greeter (e.g., GDM or KDM) with the module's webcam viewport. The module must first be activated, though, with

    pam-auth-update --package face_authentication 

The pam-auth-update command persists across reboots, but it should take effect immediately, and one can simply log out to test it. When the user selects his or her username, the module immediately begins sampling the webcam image looking for a human face. When it detects and verifies the face as corresponding to the selected user account, it proceeds with the login. If one has not adequately trained the face-recognition database, though, the module will relay a series of helpful instructions ("Keep proper distance with the camera.", "Align your face.", etc.). Luckily, if these stage directions get tiring, the module will eventually fail over and revert to password-entry for login.

Image is everything

When it works, facial recognition login is slick and simple (plus nicely futuristic-feeling). In practice, though, this module leaves a bit to be desired. First and foremost, the training process deserves more attention. The interface allows the user to snap picture after picture, but there is not much feedback about the information extracted. The preview image shows the face oval and the eyes as detected by the algorithm, but nothing else. A visualization of the composite model built from the image collection would be constructive. There is also a high-to-low sensitivity slider under the advanced settings, but it, too, is light on detail. One can click on the "Test" button to see whether or not the current live image in the webcam passes recognition, but there is only a yes/no response. A numeric score, or a visual representation of the match, would improve the experience and potentially shorten the time required to amass a suitable image sample collection.

Together with the drawbacks of the facial recognition algorithm, all of these limitations keep pam_face_authentication from being a viable password replacement for any genuinely security-conscious user. As it is, the 2D facial-recognition algorithm requires considerable training to eliminate false negatives, while remaining susceptible to simple attacks (e.g., holding up a photograph of the targeted user). There are other facial recognition algorithms to be considered, including some that construct a 3D model of the user's face. Android has its own face authentication mechanism, introduced in the "Ice Cream Sandwich" release, which attempts to thwart the photograph attack by trying to detect blinks in the live image.

Then again, an entirely separate issue is that this implementation is a single-factor authentication module. A more useful tool would be a PAM module that integrates facial recognition with other factors; perhaps motivated developers will find pam_face_authentication a decent starting point.

Biometrics are an iffy authentication proposition on their own — a bandage or a scar can lock a user out of a system inadvertently, after all — but the Linux community would do well to push forward on them and physical authentication tokens as well. For all the security that bad password selection and sloppy password storage provide, any dedicated research on alternative authentication schemes is a welcome change.

---

(Log in to post comments)