Can Cosmetic and Plastic Surgery Spoof the Security of Biometrics?

spoofing biometrics by altering your physical appearance

How easy is it to alter your appearance in order to spoof a biometric identification system?

The following is a guest post from Dr. Simon Weight in Perth, Australia.

Biometrics have long been hailed as fool-proof. While they do provide a high degree of security, they can be bypassed just like any security mechanism.

The most prominent way that biometrics can be bypassed is through the use of cosmetic and plastic surgery. This can allow certain types of susceptible systems to return false positives when surgery tailors certain physical traits of a person to match those that an algorithm searches for.

A Practical Example of Biometrics Being Bypassed

The best way to answer “Can it be done?” is to look at a time when biometrics have been bypassed.

In December of 2009, a Chinese woman in Japan name Lin Rong was able to bypass biometrics put in place by Japanese controls to essentially give her an entirely new identity. She accomplished this by having an illegal surgery that swapped skin grafts of her fingers.

The Japanese authorities reported that this type of bypass is a practice likely to be widespread among illegal immigrants in Japan.

Faking Facial Recognition

While it’s one thing to confuse a system based on biometrics, it’s an entirely different thing to attempt to fake one’s identity as another person. This may be possible with implants or other simple surgeries that alter the way that fingerprints work.

The true test concerning biometrics being faked is if facial recognition can be bypassed.

The surprising answer is that it can be in some instances. A comprehensive facial recognition program that searches for multiple vectors can be used to safe guard against this problem as well, but that will be addressed later.

To understand the challenges presented by cosmetic and plastic surgery as it applies to facial recognition, it’s important to understand that there are two types of cosmetic surgery: local and global surgery.

The former alters one local feature, such as the nose, while the latter alters the entire facial structure. This can make predicting change due to plastic surgery nearly impossible due to the fact that information on such surgery is likely unavailable.

An Imperfect Solution

Individual algorithms that attempt to address the issues that plastic surgery can present with regards to facial recognition are nowhere near perfect on their own. The algorithm with the lowest accuracy rating for predicting cosmetic surgery changes is the Principle Component Analysis (PCA) algorithm with a success rate of 29.1%, and the highest is the Neutral Network Architecture-Based 2-D Log Polar Gabor Transform (GNN) with a success rate of 54.2%.

The best strategy to use is to employ several algorithms into a facial recognition biometrics system. This allows multiple vectors to be checked, which in turn makes it significantly harder to falsify biometrics readings. It’s essential to ensure you’ve chosen the correct plastic surgeon, and that they’re up to the job.

The lowest computed value of any given employed algorithm can then be used to assess if an individual has undergone plastic surgery. This allows for the maker of a biometrics system to employ a risk analysis for subjects that matches the level of security required by the system.

At worst, this will require that a valid employee have their facial recognition credentials qualified again while keeping possible intruders out of areas they aren’t supposed to have access to.

While this method is imperfect, as it relies upon at least one feature resulting in a positive or close match, it’s a better solution than none at all. Future techniques may make it easier for one face to be compared to another with more accurate results.

This post comes from the writing team at Dr. Simon Weight’s clinic in Perth. Dr. Simon is an expert in cosmetic surgeries, although he does advise obtaining a new passport if you’ve had considerable facial work done.