Yeah like everyone else in IT I am also a Game of Thrones nerd and that’s okay. I think the sheer amusement of Faceless men and Face ID is an entertaining anecdote. For those of you living in a cave, I’m talking about this guy!
So moving on, I wanted to take some time and help break down Face ID for those of you that are confused. I’ll admit that there is substantial misinformation around Face ID out there right now. You have politicians being ridiculous, news outlets making stuff up, and just a lot of misinformed people at this juncture.
How does it work?
Face ID uses Apple’s TrueDepth camera system to map the geometry of a person’s face. It does more than that actually. It confirms your attention by detecting where you are staring and then uses neural networks to eliminate spoofing while ensuring that it’s an accurate match. Face ID is a flexible technology that will adapt to appearance changes and works tirelessly to safeguard your privacy and security of this data. There are some concerns around the way the biometric data is managed, but we will get into that later.
Face ID requirements are similar to Touch ID. You need to enable the passcode for unlocking your device. I think it’s important to understand how the passcode works. When you create a passcode, it enables Data Protection. The passcode provides stronger system-wide encryption as some data classes cannot access data without the passcode. The OS will take the passcode and device unique identifier to create a hash. When the device is locked, the ID subsystem is given a key that will be used to unwrap those protected classes on a successful authentication. This provides enhancements to the security posture as it requires the Face ID/Touch ID and Data Protection sub-systems to work together.
You will need to enter your passcode instead of Face ID in certain situations just like you would with Touch ID:
- Device has just powered on or rebooted
- Device hasn’t been unlocked for 48+ hours
- Face ID hasn’t unlocked the device within 4 hours and the passcode hasn’t been used to unlock the device within the last 156 hours
- MDM has sent a remote lock command
- 5 unsuccessful attempts to match a face
- After initiating the power off/emergency SoS that the police love so much in iOS 11
Face ID will require you to authenticate with your Face or passcode every time you wake up the device. This is something that some users won’t love, but that is how Touch ID worked also with the whole “require passcode immediately” design.
Apple touts that Face ID is 20 times more secure than Touch ID (1 in a million vs 1 in 50k). There’s also the fact that it will only let you try to Face ID authenticate 5 times. There are a few circumstances that impact the reliability we have seen/heard of:
- Identical Twins
- Some eye wear
Face ID Security
As I mentioned earlier, the TrueDepth camera is the centerpiece of this. Let’s explain what it is exactly as I’m sick of the buzz word personally. The TrueDepth camera system, which you can see the components of below provide the gateway into Face ID. You have a 7 MP camera with several key components.
Infrared Emitter: projects over 30k dots in a known pattern onto your face (yes I know its scary).
Dedicated Infrared Camera: photographs those dots for analysis and uses the IR light reflected off of your face.
Proximity Sensor: detects that you are close enough to the camera to activate.
Ambient Light Sensor: helps with setting output light levels, which helps the system identify how much light is needed for face recognition.
Flood Illuminator: produces infrared light to illuminate your face
The process for the unlock works like this:
- A user taps on the screen or raises the phone
- The Face ID system confirms that you are looking at the device with your eyes open or what they call “attention and intent” (It’s interesting to note that if VoiceOver is activated that it bypasses this step) or you can actually disable that yourself
- Once step 2 completes, the TrueDepth camera projects and reads the 30k infrared dots to create a depth map of your face along with a 2D infrared image. This data creates a sequence of 2D images and depth maps, which the OS digitally signs and stores in the Secure Enclave. The TrueDepth camera randomizes the sequence of the 2D images and depth maps as a spoofing protection mechanism in the guise of a device-specific random pattern.
- The A11 processor’s neural engine located within the Secure Enclave transforms that data into a mathematical representation and compares it to the user’s enrolled Face ID. That enrolled information is captured in a variety of facial poses during the enrollment process. All facial matching is performed in the Secure Enclave leveraging the neural networks designed for that exact purpose. A secondary neural network is present specifically to prevent spoofing with images.
It’s interesting to note that when they created the neural network, they used over a billion images to teach it how to properly authenticate a person’s face. One concern that I have there is that it was taught by a study using various participant’s and their informed consent. It does make me wonder if they will continue to do this now that it is in production as a way to improve the neural network at the expense of our privacy. They highlighted that the study was global and constantly adapting to cover a variety of variables like hats, glasses, and varying conditions.
Apple claims that the Face ID data is encrypted and only available to the secure enclave, which is very similar to how they secure their encryption keys. The data is located on the device, is not sent to Apple, and cannot be extracted from device backups. They tout that face images during normal operations are not saved, but are trashed once the mathematical representations are created. The saved data extends to:
- Mathematical representations of your face during the Face ID enrollment
- Mathematical representations of your face during unlock attempts as a way to teach the Face ID system how to be more accurate and efficient. Face ID will store the new representation and once it is deemed as the best copy the old data is discarded.
Face ID does offer additional safeguards. They have a threshold during authentication that might only be a “soft fail” which means if your image is “close” enough it will prompt you for your passcode. Once you authenticate successfully, it will update the mathematical representation it has in the system for you (not sure if that is good or bad, but only time will tell there!). It will discard that new Face ID data after a number of unlocks if you stop matching against it. This is how they stay up-to-date on your appearance while still providing a solid user experience.
Face ID Diagnostics
There is “always” a catch with everything. Face ID is no different! If you do run into issues and contact AppleCare, they may require you to enable Face ID diagnostics data. This would require you to provide a digitally-signed authorization to Apple prior to enabling Face ID diagnostics. A few key things to be aware of:
- This process will delete your current Face ID data and re-enroll you in Face ID.
- Your device will begin capturing and saving images for the next 7 days, but one benefit you do have is that you can review and approve the data that is gathered.
- The data is then encrypted and uploaded to Apple for review.
- Any images you reject are deleted immediately.
- If you forgot to close out the Face ID diagnostics, it will automatically end after 90 days and all diagnostic images are deleted.
- Face ID diagnostics can be closed at any time.
3rd Party App Development with Face ID
3rd Party Apps can use the Apple APIs for Face ID. Here are the highlights:
- Apps will automatically support Face ID if they support Touch ID.
- The application will only know if the face matches and cannot access any data.
- Keychain items can also be protected with Face ID, which the Secure Enclave can release after successful authentication.
- Apple APIs can verify a passcode has been set before requiring Face ID or passcode for a keychain unlock.
- Authentication API can be used to fallback to Touch ID or passcode if Face ID fails OR they can block any fallbacks below Face ID.
- 3rd Party Apps can generate/use ECC keys inside the Secure Enclave which are protected with Face ID. All operations would be performed inside the Secure Enclave by design.
- Face ID will also be available for approving App Store purchases.
- The App Store will be using Face ID-protected Secure Enclave ECC keys to authorize purchases by signing the store request
Face ID and Apple Pay
Just like Touch ID, you can also use Face ID to make secure purchases. The difference is, you will authenticate your face prior to placing your device near the payment reader. You may need to re-auth if you want to use a different payment method via Apple Pay. When making payments on your phone within apps or the web, you have 30 seconds to complete the transaction before needing to re-authenticate.
Face ID is certainly a compelling technology and there is no question about that. I think it will be a major point of contention amongst the government and law enforcement. It’s not without its major challenges being a technology that is less secure then TouchID and limited controls to address it. We are seeing some great advancements using it along with it being a major disruptor in mobility. You already have Android investigating the way Apple built this technology into their devices. I think the key for all enterprises is to test and try to hack Face ID in their applications to ensure that we are not infringing on the privacy of our users. That is how you turn fans into foes