Johannes Merkle

Johannes Merkle, Christian Rathgeb, Benjamin Tams et al.

The goal of the project "Facial Metrics for EES" is to develop, implement and publish an open source algorithm for the quality assessment of facial images (OFIQ) for face recognition, in particular for border control scenarios.1 In order to stimulate the harmonization of the requirements and practices applied for QA for facial images, the insights gained and algorithms developed in the project will be contributed to the current (2022) revision of the ISO/IEC 29794-5 standard. Furthermore, the implemented quality metrics and algorithms will consider the recommendations and requirements from other relevant standards, in particular ISO/IEC 19794-5:2011, ISO/IEC 29794-5:2010, ISO/IEC 39794-5:2019 and Version 5.2 of the BSI Technical Guideline TR-03121 Part 3 Volume 1. In order to establish an informed basis for the selection of quality metrics and the development of corresponding quality assessment algorithms, the state of the art of methods and algorithms (defining a metric), implementations and datasets for quality assessment for facial images is surveyed. For all relevant quality aspects, this document summarizes the requirements of the aforementioned standards, known results on their impact on face recognition performance, publicly available datasets, proposed methods and algorithms and open source software implementations.

Christian Rathgeb, Benjamin Tams, Johannes Merkle et al.

The fuzzy vault scheme has been established as cryptographic primitive suitable for privacy-preserving biometric authentication. To improve accuracy and privacy protection, biometric information of multiple characteristics can be fused at feature level prior to locking it in a fuzzy vault. We construct a multi-biometric fuzzy vault based on face and multiple fingerprints. On a multi-biometric database constructed from the FRGCv2 face and the MCYT-100 fingerprint databases, a perfect recognition accuracy is achieved at a false accept security above 30 bits. Further, we provide a formalisation of feature-level fusion in multi-biometric fuzzy vaults, on the basis of which relevant security issues are elaborated. Said security issues, for which we define countermeasures, are commonly ignored and may impair the overall system's security.

Laurin Jonientz, Johannes Merkle, Christian Rathgeb et al.

The assessment of face image quality is crucial to ensure reliable face recognition. In order to provide data subjects and operators with explainable and actionable feedback regarding captured face images, relevant quality components have to be measured. Quality components that are known to negatively impact the utility of face images include JPEG and JPEG 2000 compression artefacts, among others. Compression can result in a loss of important image details which may impair the recognition performance. In this work, deep neural networks are trained to detect the compression artefacts in a face images. For this purpose, artefact-free facial images are compressed with the JPEG and JPEG 2000 compression algorithms. Subsequently, the PSNR and SSIM metrics are employed to obtain training labels based on which neural networks are trained using a single network to detect JPEG and JPEG 2000 artefacts, respectively. The evaluation of the proposed method shows promising results: in terms of detection accuracy, error rates of 2-3% are obtained for utilizing PSNR labels during training. In addition, we show that error rates of different open-source and commercial face recognition systems can be significantly reduced by discarding face images exhibiting severe compression artefacts. To minimize resource consumption, EfficientNetV2 serves as basis for the presented algorithm, which is available as part of the OFIQ software.

Christian Rathgeb, Johannes Merkle, Johanna Scholz et al.

Biometric technologies, especially face recognition, have become an essential part of identity management systems worldwide. In deployments of biometrics, secure storage of biometric information is necessary in order to protect the users' privacy. In this context, biometric cryptosystems are designed to meet key requirements of biometric information protection enabling a privacy-preserving storage and comparison of biometric data. This work investigates the application of a well-known biometric cryptosystem, i.e. the improved fuzzy vault scheme, to facial feature vectors extracted through deep convolutional neural networks. To this end, a feature transformation method is introduced which maps fixed-length real-valued deep feature vectors to integer-valued feature sets. As part of said feature transformation, a detailed analysis of different feature quantisation and binarisation techniques is conducted. At key binding, obtained feature sets are locked in an unlinkable improved fuzzy vault. For key retrieval, the efficiency of different polynomial reconstruction techniques is investigated. The proposed feature transformation method and template protection scheme are agnostic of the biometric characteristic. In experiments, an unlinkable improved deep face fuzzy vault-based template protection scheme is constructed employing features extracted with a state-of-the-art deep convolutional neural network trained with the additive angular margin loss (ArcFace). For the best configuration, a false non-match rate below 1% at a false match rate of 0.01%, is achieved in cross-database experiments on the FERET and FRGCv2 face databases. On average, a security level of up to approximately 28 bits is obtained. This work presents an effective face-based fuzzy vault scheme providing privacy protection of facial reference data as well as digital key derivation from face.

Ulrich Scherhag, Christian Rathgeb, Johannes Merkle et al.

The vulnerability of facial recognition systems to face morphing attacks is well known. Many different approaches for morphing attack detection have been proposed in the scientific literature. However, the morphing attack detection algorithms proposed so far have only been trained and tested on datasets whose distributions of image characteristics are either very limited (e.g. only created with a single morphing tool) or rather unrealistic (e.g. no print-scan transformation). As a consequence, these methods easily overfit on certain image types and the results presented cannot be expected to apply to real-world scenarios. For example, the results of the latest NIST Face Recognition Vendor Test MORPH show that the submitted MAD algorithms lack robustness and performance when considering unseen and challenging datasets. In this work, subsets of the FERET and FRGCv2 face databases are used to create a large realistic database for training and testing of morphing attack detection algorithms, containing a large number of ICAO-compliant bona fide facial images, corresponding unconstrained probe images, and morphed images created with four different tools. Furthermore, multiple post-processings are applied on the reference images, e.g. print-scan and JPEG2000 compression. On this database, previously proposed differential morphing algorithms are evaluated and compared. In addition, the application of deep face representations for differential morphing attack detection algorithms is investigated. It is shown that algorithms based on deep face representations can achieve very high detection performance (less than 3\%~\mbox{D-EER}) and robustness with respect to various post-processings. Finally, the limitations of the developed methods are analyzed.

Johannes Merkle, Benjamin Tams

Dodis et al. proposed an improved version of the fuzzy vault scheme, one of the most popular primitives used in biometric cryptosystems, requiring less storage and leaking less information. Recently, Blanton and Aliasgari have shown that the relation of two improved fuzzy vault records of the same individual may be determined by solving a system of non-linear equations. However, they conjectured that this is feasible for small parameters only. In this paper, we present a new attack against the improved fuzzy vault scheme based on the extended Euclidean algorithm that determines if two records are related and recovers the elements by which the protected features, e.g., the biometric templates, differ. Our theoretical and empirical analysis demonstrates that the attack is very effective and efficient for practical parameters. Furthermore, we show how this attack can be extended to fully recover both feature sets from related vault records much more efficiently than possible by attacking each record individually. We complement this work by deriving lower bounds for record multiplicity attacks and use these to show that our attack is asymptotically optimal in an information theoretic sense. Finally, we propose remedies to harden the scheme against record multiplicity attacks.