CSLATEST
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
facial authentication<br />
FACE OFF!<br />
WHEN IT COMES TO DEVICE-BASED AND SERVER-BASED FACIAL<br />
AUTHENTICATION, WHICH, IF EITHER, IS THE MORE SECURE?<br />
Device-based facial authentication<br />
and server-based facial authentication<br />
are two methods that are<br />
commonly used for authenticating users<br />
on mobile devices. While both methods<br />
serve the same purpose of verifying<br />
a user's identity, they differ in their<br />
approach and functionality.<br />
"Device-based facial authentication is a<br />
method that relies on the device's builtin<br />
hardware and software to capture<br />
and analyse the user's facial features,"<br />
says Majid Munir, senior cybersecurity<br />
consultant of Celestix Networks, the<br />
digital identity and secure access<br />
company. "When a user sets up facial<br />
authentication on their device, the<br />
device creates a unique facial template<br />
of the user, which is stored locally on<br />
the device. This template is then used<br />
for subsequent authentication attempts.<br />
With device-based facial authentication,<br />
the entire authentication process takes<br />
place on the device itself, without<br />
needing external servers or networks."<br />
One of the main advantages of devicebased<br />
facial authentication is its exclusivity<br />
to the device, he adds. "Since the<br />
facial template is stored locally on the<br />
device, external parties cannot access<br />
or tamper with it. This enhances the<br />
security of the authentication process,<br />
as there is no reliance on external<br />
servers or networks that may be<br />
vulnerable to cyberattacks."<br />
However, device-based facial authentication<br />
also has its limitations. "First,<br />
since the authentication process is<br />
exclusive to the device, users may face<br />
difficulties, if they need to authenticate<br />
using a different device. For example,<br />
if a user loses their device or upgrades<br />
to a new one, they will need to go<br />
through the registration process again<br />
to set up facial authentication on the<br />
new device. This can be inconvenient<br />
and time-consuming for users.<br />
"Another limitation of device-based<br />
facial authentication is that servers<br />
would not know the user's true identity.<br />
Since the authentication process occurs<br />
solely on the device, the server does not<br />
receive any information about the user's<br />
facial features or identity. This can pose<br />
challenges in scenarios where serverside<br />
authentication is required, such<br />
as accessing certain online services or<br />
platforms."<br />
On the other hand, adds Munir, serverbased<br />
facial authentication addresses<br />
these limitations by relying on external<br />
servers to store and process facial<br />
data. With this method, the facial data<br />
captured by the device is transformed<br />
into a Private Key, encrypted and<br />
securely stored on the server-side.<br />
The server then uses this Private Key<br />
to authenticate the user in subsequent<br />
authentication attempts.<br />
"One of the standout features of<br />
server-based facial authentication, such<br />
as the V-Key Smart authenticator, is its<br />
enhanced security and user experience.<br />
With V-Key facial authentication, the<br />
facial data is securely encrypted and<br />
stored in the V-Key cloud. This ensures<br />
the user's facial biometric information is<br />
protected from unauthorised access or<br />
tampering. Furthermore, users do not<br />
need to go through the registration<br />
Majid Munir, Celestix Networks: both<br />
device-based and server-based facial<br />
authentication have pros and cons.<br />
process again, if they change their<br />
devices or lose their device. The<br />
encrypted facial data is already stored<br />
in the V-Key cloud, allowing users to<br />
authenticate with their face again to<br />
regain access simply."<br />
Ultimately, both device-based and<br />
server-based facial authentication have<br />
pros and cons. "Device-based facial<br />
authentication provides a secure and<br />
exclusive authentication process, while<br />
server-based facial authentication offers<br />
enhanced security and a seamless user<br />
experience. The choice between the<br />
two methods finally depends on the<br />
specific needs and requirements of<br />
the users, and the applications they<br />
are accessing."<br />
www.computingsecurity.co.uk @CSMagAndAwards May/June 2024 computing security<br />
21