Full Program »
The Many-faced God: Attacking Face Verification System with Embedding and Image Recovery
Face verification system (FVS), which can automatically verify a person's identity, has been increasingly deployed in the real-world settings. Key to its success is the inclusion of face embedding, a technique that can detect similar photos of the same person by deep neural networks.
We found the score displayed together with the verification result can be utilized by an adversary to ``fabricate'' a face to pass FVS. Specifically, embeddings can be reversed at high accuracy with the scores. The adversary can further learn the appearance of the victim using a new machine-learning technique developed by us, which we call embedding-reverse GAN. The attack is quite effective in embedding and image recovery. With 2 queries to a FVS, the adversary can bypass the FVS at 40\% success rate. When the query number raises to 20, FVS can be bypassed almost every time. The reconstructed face image is also similar to victim's.