Futurists and entrepreneurs have long been obsessed with the idea of biometric authentication. Every body is unique – could the unique features of your anatomy be used to prove that you are you? Police departments have used fingerprints to identify suspects for years, and several computer systems now allow fingerprint authentication. But for many researchers, the holy grail for biometric authentication has always been facial recognition.

The human brain authenticates humans through facial recognition all the time: That is what happens when you "recognize" someone. Of course, when a camera takes a picture of a person, it is most likely a picture of a face. Your face is looking at your laptop or phone all the time. What could be more convenient than just training your electronic device to look back at you and determine if the face is familiar?

Windows Hello technology, which is built into Microsoft systems, gives Windows users an option for facial identification. The Linux community can now access facial identification through an open source application known as Howdy [1]. Lem Severein from the Netherlands has been developing Howdy for more than four years, and the software is currently available on GitHub.

As you can probably guess, facial authentication system requires two important components:

• Imaging – a way to capture an image of the person who is trying to authenticate
• Artificial intelligence – a way to compare that image with a reference image of the user

Once the identity is confirmed, the application then needs a way to pass the approval on the operating system.

Howdy uses the OpenCV computer vision library [2] for imaging and facial recognition. Fortunately for the Linux community, the Pluggable Authentication Module (PAM) system built into Linux makes it easy to integrate new authentication technologies (see the box entitled "PAM Authentication"). Howdy uses the OpenCV vision library for image processing and facial recognition; then it passes control on to PAM.

Severein points out that Howdy is not intended as a complete security system by itself. As the website states, it is "…in no way as secure as a password and will never be…. Howdy is a more quick and convenient way of logging in, not a more secure one."

One common use for facial authentication tools is to re-authenticate a user after the user steps away from the computer. Howdy can serve as a first line of defense in casual settings, but be aware that this technology is still experimental – if you are counting on enterprise-level security, better to stick with more conventional approaches.

The Camera

It takes a camera to see a face. Today, IR (near field infrared) cameras, which are not normally installed in laptops as standard equipment, are a popular option for reliable facial recognition. Howdy theoretically works on laptops that only have a standard webcam, but it won't be as secure or as reliable. The GitHub project linux-enable-ir-emitter [3], which is designed for use with Howdy, offers support for infrared cameras that are not directly enabled out-of-the box.

Howdy

Howdy has not yet reached the package sources for many Linux distributions; however, the developer provides instructions for setting up the software on popular Linux systems. In particular, Howdy offers strong support for Ubuntu, offering a separate PPA for Ubuntu systems. For Arch Linux, the required packages are in the AUR, with instructions in the ArchWiki [4].

As a Python program, Howdy has a number of distribution-specific dependencies, such as python-pam. In addition to using OpenCV for face recognition, Howdy leverages the Hierarchical Data Format (HDF5) for data storage and FFmpeg for reading the video stream.

The basic installation is quite simple on most distributions: Install the howdy package via your package manager. The system drags in all the dependencies it needs. With Arch Linux, you might have to add some packages by hand, such as the python-pam package.

Try It Out

Howdy requires some manual configuration work and face recognition training. The basic software configuration and training are handled by the howdy command in the terminal, in combination with a few subcommands (as shown in Table 1). You can also use options to simplify the steps for some actions (see Table 2).

To set up the software, use:

sudo howdy config

This process will start the default editor with a fairly compact configuration file that documents all settings in detail. The few changes necessary for some initial experiments are shown in Listing 1.

01 [core]
02 # Print that face detection is being attempted
03 # default: false
04 detection_notice = true
05
06 # The path of the device to capture frames from
07 # Should be set automatically by an installer
08 # if your distro has one
09 device_path = /dev/video0
10
11 [snapshots]
12 # Capture snapshots of failed login attempts
13 # and save them to disk with metadata
14 # Snapshots are saved to the "snapshots" folder
15 capture_failed = true
16
17 # Do the same as the option above but for
18 # successful attempts
19 capture_successful = true

By default, the detection_notice parameter is set to false, which prevents Howdy from reporting successful face recognition. For initial testing, however, this feature is very useful, which is why you will want to specify a value of true instead (line 4).

By far the most important specification refers to the video device used (line 9). The IR camera was available as /dev/video2 in our lab; normal webcams are often designated /dev/video0 or /dev/video1. For some IR cameras, starting the system already activates the (built-in) IR lights.

If you are unsure, either find out the name of the device file using a photo application like Cheese, or use the v4l2-ctl command from the v4L-utils package:

$ v4l2-ctl --list-devices

Then copy the desired device, including the path to the configuration.

For face recognition using OpenCV, it does not matter whether the camera delivers normal monochrome or color images or IR images. For this reason, the standard laptop webcam is suitable for identification, unless you need genuine security.

The snapshots section in last part of the configuration file is also important. This section is where you specify whether Howdy saves an image at the time of authentication (Listing 1, lines 15 and 19). These snapshots help to analyze problems if face recognition did not work. Sometimes you can tell by looking at the image if there is insufficient light, if a reflection blinded the camera, or if parts of the face were obscured.

Howdy saves the image for each call as a JPEG file (Figure 1) in the /usr/lib/security/howdy/snapshots/ directory; you will want to delete these images occasionally. If authentication fails, the software creates a joint image of all three attempts that it makes by default, labeled FAILED LOGIN. The smaller the value for Best certainty value, the better the recognition process worked. On the other hand, if the login is successful, Howdy only stores one image.

Figure 1: When you log in via Howdy, the program saves an image in the system. In the test, the bright light reflex on the right edge probably confused the software.