CypressMFA

Gesture-Driven Facial Authentication for Anti-Spoofing/AI

Comment

Inspiration

The inspiration for CypressMFA stemmed from the rising need for more secure, multi-factor authentication (MFA) systems in the face of increasing digital security threats such as deepfakes. With businesses and individuals relying heavily on digital identities, securing access to digital services has become crucial. Our goal was to create a solution that not only provides enhanced security but also offers a universal authentication infrastructure that any website can leverage, enabling even small businesses or sites without built-in MFA to implement robust user verification. By packaging this system as a Chrome extension, we aim to make it more accessible and easily deployable across different web platforms.

What It Does

Our triple-factor authentication system activates when a user enters their information on a website and clicks the login button. Before granting access, it performs the following checks:

  1. Liveness Detection: Verifies that the person attempting access is real, preventing spoofing attempts from deepfakes or 2D images.
  2. Facial Recognition: Uses advanced algorithms to confirm the user's identity.
  3. Hand Gesture Recognition: Requires 3 different hand gestures, randomly generated for each authentication attempt, adding an unpredictable layer of security.

The entire process is timed for 30 seconds, ensuring that potential threats don't have adequate time to recreate faces or gestures. The randomness of the required gestures prevents AI systems from training themselves to predict or replicate the authentication pattern.

Furthermore, our solution is implemented as a Chrome extension, enabling users to easily authenticate themselves on almost any website. This makes it adaptable to various use cases, such as social media platforms and banking account logins, without being tied to any single platform.

How We Built It

We built CypressMFA with the following technologies:

  • Backend: Python and FastAPI for creating a high-performance server.
  • Database: MongoDB Atlas for managing user data securely and at scale.
  • Image Processing: OpenCV for real-time liveness detection and gesture recognition.
  • Facial Recognition: The DeepFace library was used to handle facial authentication.
  • Hand Gesture Recognition: Implemented using a pre-trained model from dima806, which was adapted to fit our specific needs.

Challenges We Ran Into

One of the biggest challenges we faced was ensuring accurate and fast liveness detection and facial recognition under various lighting conditions. Additionally, integrating hand gesture recognition posed its own set of challenges, particularly in making it dynamic and responsive within a tight timeframe. Finally, ensuring the system's scalability while maintaining a high level of security was another hurdle we had to overcome.

Accomplishments That We’re Proud Of

Advanced Security Measures: We've developed a robust authentication system that combines live checking, face ID, and gesture tracking. This multi-layered approach provides extensive protection against hacking attempts, surpassing current AI video analysis capabilities. Universal Accessibility: Our Chrome extension offers enhanced login security for any website, effectively providing MFA infrastructure to businesses of all sizes. This is particularly beneficial for smaller companies or those unable to implement their own MFA systems due to cost or technical constraints. User-Friendly Design: Despite the sophisticated security features, we've maintained a focus on usability. Our UI is intuitive and accessible, ensuring that enhanced security doesn't come at the cost of user experience.

What We Learned

Throughout the development of CypressMFA, we gained deeper insights into the complexities of machine learning models, especially in the context of image and gesture recognition. We also improved our skills, backend development, database management, and computer vision, learning to integrate various technologies into a cohesive and functional system.

What's Next for Cypress MFA

Looking forward, we plan to expand CypressMFA by introducing more features and enhancements: Partner with websites for mandatory implementation: While our Chrome extension currently demonstrates our goals and technology, our ultimate goal is to partner with websites to make CypressMFA a mandatory part of their login process. This would ensure that all users, including potential hackers or bots, would need to pass our multi-factor authentication as well. Add more gestures to the model: Training our model on additional gestures will enhance security by increasing randomness. This makes it harder for AI bots to predict or recreate the authentication patterns.

  • Incognito adaptation for the Chrome extension: We plan to enable the Chrome extension to function seamlessly in Incognito mode, ensuring user privacy and flexibility.
  • Using Chrome extension ID as unique identifier for each user: Each Chrome extension has a unique identifier assigned by Google, which we can access using chrome.runtime.id. By using this ID into our system, we can automatically create distinct profiles for each Cypress installation, rather than having the user enter their id manually when signing up.
  • Include gestures with both hands: Incorporating gestures using both hands will further enhance security and create more diverse authentication methods. ```
Share this project:

Updates