Facial Recognition Algorithms ImproveBut They're Not Ready for Primetime as an Authenticator
A new study shows the accuracy of facial recognition algorithms has markedly improved over the past three years, though one of the report's authors suggests they're not at the level to be a highly reliable form of authentication.
See Also: Live Webinar | Breaking Down Security Challenges so Your Day Doesn’t Start at 3pm
Results published in the National Institute of Standards and Technology Interagency Report 8009, Performance of Face Identification Algorithms, show a 10 percent to 30 percent improvement from 2010 to 2013 in the accuracy of 50 facial recognition algorithms NIST tested. The best algorithm tested in 2013 failed to find in a database of 1.6 million images a corresponding image of a person 30 percent less frequently than it did in 2010. The failure rate fell to 4.1 percent in 2013 from 5.7 percent in 2010.
"I've defined failure here as not finding the corresponding photograph in the No. 1 slot on a list of candidate identities," says Patrick Grother, the NIST biometrics testing project leader who coauthored the report. "[That's] analogous to a Web search not finding the relevant webpage on the top of the list."
Governments and law enforcement agencies worldwide use the tested algorithms to detect duplicates in databases and fraudulent applications for passports and driver's licenses, and to support token-less access control, surveillance, social media tagging, look-alike discovery and criminal investigations.
Proven More Useful
Grother says he's encouraged by the results, saying the study he conducted with fellow NIST Computer Scientist Mei Ngan means that face recognition will prove to be more useful to users. Take, for instance, an applicant claiming he lost his driver's license when applying to the Department of Motor Vehicles for a new one. Newer facial recognition software used to compare the just-taken portrait of the applicant against those in the database would have a greater chance to detect if the applicant is who he claims to be.
Similarly, police officers using a photograph taken in less-than-ideal light by an ATM machine's camera can now better compare it against those in a database of possible suspects.
"Our results for lower-quality photographs show that some searches will succeed," Grother says. But, he says, the results of the comparison aren't always positive proof. "In all cases," he says, "the candidate identities returned by a search algorithm are leads that will still need to be adjudicated by investigators."
Four research providers tested in 2010 were again evaluated in 2013. That allowed NIST researchers to compare performance improvements. Both years' tests involved a database of 1.6 million faces. In 2010, the images consisted of frontal mug shots that complied closely with NIST standards. In 2013, researchers added a small database of images taken for visa applications that met ISO standards and 140,000 webcam images taken in poorly controlled environments that do not correspond with any industry standards.
As researchers expected, the study shows that rates of missing facial matches increase - slowly - as the database size grows. "Identification accuracy scales very well," Grother says. "This fact is largely responsible for the usefulness of face identification algorithms in the marketplace, such as at DMV settings."
Tested algorithms performed the best on the relatively high-quality ISO standardized images collected for passport, visa and driving license applications. No algorithms worked well with the webcam images. Search failure rates for those images were about three times greater than for the higher quality images, which Grother suggests using webcams to capture a face image for authentication is not ready for primetime.
For authentication, Grother says, the best results occur when the image being compared with those in the database are of good quality. Higher quality photos, unlike those captured by a webcam or ATM, are taken in an environment with proper lighting using high quality equipment with the subject exhibiting a neutral facial expression.
The research report didn't delve into facial recognition as a form of authentication, though the researchers are conducting other tests on facial recognition software for authentication that they'll report in a soon-to-be-released paper.
Grother sees two major challenges organizations must address to use facial recognition software effectively as an authenticator: Have developers create algorithms that produce better recognition of lower quality images and get systems owners to collect better quality photographs.