View article

Face recognition systems (FRSs) typically store databases of discriminative real-valued template vectors, which are extracted from each enrolled user's facial image (s). Such template databases must be carefully protected for user privacy---indeed, the dangers of template leakages have been widely reported in the literature. In contrast, the similarity scores between queried images and enrolled users is often unprotected and can be readily queried through typical FRS APIs. Such scores provide a potential avenue of adversarial attack on FRSs, but recently proposed score-based attacks remain largely impractical because they essentially rely on trial-and-error strategies that use an enormous number of adaptive queries (> 50K) for face reconstruction. We present the first practical score-based face reconstruction and impersonation attack against three commercial FRS APIs: AWS CompareFaces, FACE++, and …