Under tremendous pressure to improve security and privacy of Aadhaar data, the Unique Identification Authority of India (UIDAI) has now added an extra layer of security for Aadhaar holders by introducing face recognition in “Fusion” with fingerprints and Iris. The Face Recognition mechanism will act as another layer of verification alongside fingerprints, OTP and Iris authentication. According to UIDAI, the face authentication will be used for people who are unable to authenticate with the help of their fingerprints or iris scanning. The feature will be made available from July 1, 2018. To make things convenient, UIDAI said that it will be using the photo of the consumers that was captured at the time of Aadhaar enrolment. The Aadhaar face authentication will give an additional choice for people having trouble with their fingerprints and iris authentication.
In November 2017, a group of cybersecurity researcher were able to crack iPhone’s face recognition technology just by using a $150 mask. The cybersecurity firm posted a video on their official blog which showed that they had found a way to hack Face ID by using a composite mask of 3-D-printed plastic, silicone, makeup, and simple paper cutouts, which in combination tricked an iPhone X into unlocking. Now given that Apple invested a bug sum to develop the infrared based specialised hardware to capture a 3D image of a person’s face, its dicey how it would compare to the 3-5MP cameras used at the time of enrolment.
“2 factor is good but the face is a bad factor for authentication. Although adding an extra layer of security for Aadhar card holders seems to be a good initiative, adding face recognition might not do much good as not only it isn’t too difficult to replicate as compared to other biometrics but also the major problem lies in the source of the images used as the authentication mechanism. The photographs captured nearly half a decade back with an extremely low resolution camera stands hardly any chance given that hackers were able to bypass even the 3D face model recognition developed by one of the biggest tech pioneers,” said Ankush Johar, Director at Infosec Ventures.
He said that the second problem is not only the security of face recognition but the accessibility of the technology. Do you look like yourself on your passport? Nobody does. Why? Because the image is old and you have changed since the time it was captured. The biggest benefit of face recognition is that you can change it while your physical attributes change and this sole feature isn’t available with UIDAI’s mechanism. The base authentication token is pretty old and mainly one cannot update it.
“This move by UIDAI, as great as it may be, might have just arrived too little too late. If originally. the faces of the consumers had been captured with at least a high definition camera if not an infrared based 3D face recognition system, deploying it as an authentication of Aadhaar had been much easier, secure and reliable,” he said.
