Facial authentication with Howdy
Security
As with all biometric applications, it is possible to fool Howdy. Figure 1 shows that a well-made image can pass as a face even if the size does not really fit. In the example, however, several attempts were required, and we had to permanently move the book cover used as a fake slightly in order to successfully record a profile. OpenCV's network is particularly sensitive to nodding.
On the Howdy homepage, developer Lem Severein points out the danger of manipulation and emphasizes the need to use a good IR video camera. But even a good IR camera could be fooled with some additional effort, just as fingerprint sensors can be fooled. The German Chaos Computer Club (CCC) has demonstrated problems with biometric authentication several times.
Severein came up with a useful extension to improve security known as rubber stamps [5]. Whenever Howdy recognizes a face – and only then – you can call predefined additional routines. These routines can then add additional tests, such as whether the user has pressed a certain key. If the additional condition is met, the software evaluates the authentication as correct. The mechanism is still missing in the current stable Howdy v2.6.1, but it is already available in the Git repository.
A separate tutorial shows how to implement appropriate rules (stamp rules). Howdy uses the possibilities of the OpenCV library. You can, for example, use a nod or a shake of the head as confirmation or negation. You are even allowed to define a minimum number of nods to confirm the authentication.
Severein has been working on Howdy 3.0 for more than a year, but a release date has not been set yet. In addition to the rubber stamps, version 3.0 will probably include a graphical user interface (GUI). A preview is available in the form of the developer version (Figure 3). To start the interface, you need the Python elevate
module from the python-elevate package. Then change to the src/
directory and call ./.init.py
.
Conclusion
Howdy shows where the world is headed: Self-learning systems and biometric data for authentication will probably play an important role in the future. So far, however, the special hardware requirements mean that Howdy is more of a proof of concept than an actual authentication solution suitable for industrial use. Having said this, you can use rubber stamps to increase security in practice.
Infos
- Howdy: https://github.com/boltgolt/howdy
- OpenCV: https://opencv.org
- Switching on IR lamps: https://github.com/EmixamPP/linux-enable-ir-emitter/wiki/Semi-automatic-configuration
- Howdy in the AUR: https://wiki.archlinux.org/title/Howdy
- Rubber stamps: https://github.com/boltgolt/howdy/wiki/Rubber-Stamp-Guide
« Previous 1 2 3
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
TUXEDO Computers Unveils Linux Laptop Featuring AMD Ryzen CPU
This latest release is the first laptop to include the new CPU from Ryzen and Linux preinstalled.
-
XZ Gets the All-Clear
The back door xz vulnerability has been officially reverted for Fedora 40 and versions 38 and 39 were never affected.
-
Canonical Collaborates with Qualcomm on New Venture
This new joint effort is geared toward bringing Ubuntu and Ubuntu Core to Qualcomm-powered devices.
-
Kodi 21.0 Open-Source Entertainment Hub Released
After a year of development, the award-winning Kodi cross-platform, media center software is now available with many new additions and improvements.
-
Linux Usage Increases in Two Key Areas
If market share is your thing, you'll be happy to know that Linux is on the rise in two areas that, if they keep climbing, could have serious meaning for Linux's future.
-
Vulnerability Discovered in xz Libraries
An urgent alert for Fedora 40 has been posted and users should pay attention.
-
Canonical Bumps LTS Support to 12 years
If you're worried that your Ubuntu LTS release won't be supported long enough to last, Canonical has a surprise for you in the form of 12 years of security coverage.
-
Fedora 40 Beta Released Soon
With the official release of Fedora 40 coming in April, it's almost time to download the beta and see what's new.
-
New Pentesting Distribution to Compete with Kali Linux
SnoopGod is now available for your testing needs
-
Juno Computers Launches Another Linux Laptop
If you're looking for a powerhouse laptop that runs Ubuntu, the Juno Computers Neptune 17 v6 should be on your radar.