Facial recognition: a quantum-leap for biometric airport security?

Researchers at the Norwegian University of Science and Technology have developed on-the-fly face recognition algorithms that accurately identify passengers’ faces as they pass through the airport. The project, which addressed some of the core vulnerabilities within biometric identification, could pave the way for a new era of border security measures.


At the start of this year, a team of researchers at the Norwegian University of Science and Technology’s Biometric Laboratory (NBL) in Gjøvik announced their latest development: a more accurate, trustworthy algorithm that detects and tracks passengers based on their facial features throughout their entire journey within the airport.

The use of biometry for fast, modern and accurate identification isn’t new, with everything from fingerprints, palm veins, face features and DNA to iris and retina recognition being either tested or already in use across multiple industries and commercially available devices.

The market for biometric systems is growing fast, and is expected to reach $24.4bn by 2020, according to research firm MarketsandMarkets which also identified travel and immigration as the leading application markets for biometry. Today, approximately 120 countries are deploying electronic passports (ePassports) with biometric features, while the European Union (EU) has been using passports with a digitalised facial image and fingerprint data since 2006.

On the one hand, its popularity is due to increasing security issues worldwide; but it can also be used as a means to handle rising passenger numbers. The International Air Transport Association’s (IATA) passenger projections calculated 7 billion people flying by 2034, twice as many as the 3.5 billion in 2015.

The complete automation of air border control by using face-scanning software could be one way to meet these challenges.

Solving the puzzle behind face spoofing

NBL’s research was part of the larger EU project called FIDELITY, a four-year long project under the European Commission’s Seventh Framework, which aims to find solutions for a “fast, secure and efficient real-time authentication” of people at border crossings, as well as carry out an in-depth analysis of the ePassport and its vulnerabilities.

The main vulnerability the team had to surmount was face spoofing – or presentation attacks.

"Biometric data can be easily obtained directly from a person…and then used to create spoofs or fakes."

According to the International Organization for Standardization (ISO), biometric data can be easily obtained directly from a person – either online or through existing databases – and then used to create spoofs or fakes to mount an attack. 

“The spoof attacks are very easy to perform on the face recognition systems, as the attacker can easily gain access to the legitimate user’s face images either through non-invasive capture or through social networks like Facebook or LinkedIn,” postdoctoral fellow at NBL, Raghavendra Ramachandra says.

“To combat this issue, we tested our algorithms on different kinds of face artefacts like the printed face, the display face, using iPad and smartphones, and 3D face masks.”

Once these issues are ironed out, border security can be “profoundly improved,” he says, adding: “borders can be monitored securely to identify unauthorized subjects crossing the border by maintaining a watch-list.”

Facial recognition is already here

Facial recognition software is already well developed, and technology company Safran Morpho is preparing to test it at several airports worldwide.

The first official deployment of biometric face-scan technology will take place next year at Singapore’s Changi Airport, one of the world’s busiest airports, which saw 54 million passengers pass through its gates in 2014.

"The US Customs and Border Protection secretly launched a facial recognition experiment."

The contract between Safran Morpho and the airport agrees on integrating a biometric control system involving a self-bag drop, integrated border clearance and self-boarding gates into the airport’s Terminal 4. The terminal will offer a capacity of 16 million passengers.

In a more controversial move, the US Customs and Border Protection (CBP) secretly launched a facial recognition experiment in March 2015 at Washington’s Dulles International Airport. Documents leaked to Motherboard revealed the pilot program rolled out by the CBP, and confirmed that the project was part of series of three experiments called “Targeted Biometric Operations”.

While the pilot tested facial recognition on all passengers, two subsequent projects still in the pipeline were reported to target foreign travellers and confirm their departure from the US.

Data protection is paramount

At the time of the leak, Jake Laperruque, a fellow at the Center for Democracy and Technology, described the software as “a dark road to be going down with a lot of potential for abuse”.

Similarly, even though the UK has been issuing ePassports since 2006, a proposal by the government to roll out “second generation” ePassports containing fingerprint data was cancelled in 2010.

However, not everybody is as cautious. Today, 120 countries are now deploying electronic passports and over 50 countries are implementing electronic ID (eID) cards. According to research company Acuity Market Intelligence, 3.5 billion citizens will be using eIDs by 2018.

The issues surrounding data protection were given specific consideration during NBL’s research.

"The biometric image is not directly stored and processed for the recognition to take place."

Ramachandra says that the use of biometrics is both trustworthy, meaning it's hard to spoof, and privacy-preserving, as the biometric image is not directly stored and processed for the recognition to take place.

“[As soon as] the biometric image is captured, it is transformed to the other form such that it cannot be reconstructed back to the image,” he says.

“Then, the person will be verified based on the face image that is stored in their passport in the electronic chip. In this way, the privacy of the biometric capture is protected and furthermore there is also no need to store the biometric image anywhere during the information process.”

Professor Christoph Busch at the NTNU Information Security Lab adds: “Biometric information from Europeans [within the Schengen area] is stored in [the] passport and extracted from the passport. In the future, non-European biometric data will be stored in the Entry-Exit-System (SmartBorder).”

“It will support the manual border control and will enable [border forces] to manage the borders while travel numbers are increasing,” he says.

The need for a solution

While passenger growth is certainly welcome, capacity constraints and manual border checks are putting a strain on airports’ profits, as well as the local economy and environment.

Looking at a number of highly congested airports in China, Japan and the UK, global consulting firm McKinsey found that airport gridlocks cause passenger growth to flatten, as travellers find alternative routes to their destination. Crowding also forced airlines to drop some of their short-haul routes to and from packed airports, while ticket prices rose due to “premium” rates for seats on direct flights. Finally, a preference for bigger aircraft and increased fuel consumption leads to increased emissions being released into the atmosphere.

The need for border control automation is clear. However, despite the latest advancements in facial recognition biometrics, the technology is yet to be proven as a sure-fire way to scan the millions of passengers travelling around the world every day. Concerns regarding data storage and personal privacy are also likely to continue questioning the validity of such measures.