Face recognition is a rapidly evolving technology that is now replacing security methods such as passwords. Faces, unlike iris codes or vein patterns, represent a non-invasive biometric, are memorable, and allegedly contain a sufficient amount of entropy to be used for verification. However, some of the fundamental properties of faces with respect to computer security have never been challenged.

For example, it is unclear what is the exact amount of entropy contained in a face. A naive answer assumes that every human has a unique facial identity and given the human population is 7 billion, the entropy contained in a human face would be about 33 bits (log2(7,000,000,000)). Obviously, this is an oversimplification and there are a small number of papers that investigate face entropy and all report a significantly higher value.

The aim of this research proposal is to explore the practical and theoretical limits of face biometrics in cybersecurity. A team comprising experts in cybersecurity and facial identification at both Kent and Haifa will conduct a novel and timely analysis of the limitations and advantages of face generation in the context of online security.