Modern biometric systems establish their decision based on the outcome of machine learning (ML) classifiers trained to make accurate predictions. Such classifiers are vulnerable to diverse adversarial attacks, altering the classifiers' predictions by adding a crafted perturbation. According to ML literature, those attacks are transferable among models that perform the same task. However, models performing different tasks, but sharing the same input space and the same model architecture, were never included in transferability scenarios. In this paper, we analyze this phenomenon for the special case of VGG16-based biometric classifiers. Concretely, we study the effect of the white-box FGSM attack, on a gender classifier and compare several defense methods as countermeasures. Then, in a black-box manner, we attack a pre-trained face recognition classifier using adversarial images generated by the FGSM. Our experiments show that this attack is transferable from a gender classifier to a face recognition classifier where both were independently trained.
Fast and Accurate Likelihood Ratio-Based Biometric Verification Secure Against Malicious Adversaries
Biometric verification has been widely deployed in current authentication solutions as it proves the physical presence of individuals. Several solutions have been developed to protect the sensitive biometric data in such systems that provide security against honest-but-curious (a.k.a. semi-honest) attackers. However, in practice, attackers typically do not act honestly and multiple studies have shown severe biometric information leakage in such honest-but-curious solutions when considering dishonest, malicious attackers.In this paper, we propose a provably secure biometric verification protocol to withstand malicious attackers and prevent biometric data from any leakage. The proposed protocol is based on a homomorphically encrypted log likelihood-ratio (HELR) classifier that supports any biometric modality (e.g., face, fingerprint, dynamic signature, etc.) encoded as a fixed-length real-valued feature vector. The HELR classifier performs an accurate and fast biometric recognition. Furthermore, our protocol, which is secure against malicious adversaries, is designed from a protocol secure against semi-honest adversaries enhanced by zero-knowledge proofs. We evaluate both protocols for various security levels and record a sub-second speed (between 0.37s and 0.88s) for the protocol secure against semi-honest adversaries and between 0.95s and 2.50s for the protocol secure against malicious adversaries.
Bloom filter (BF) and homomorphic encryption (HE) are popular modern techniques used to design biometric template protection (BTP) schemes that aim to protect the sensitive biometric information during storage and the comparison process. However, in practice, many BTP schemes based on BF or HE violate at least one of the privacy requirements of the international standard ISO/IEC 24745: irreversibility, unlinkability and confidentiality. In this paper, we investigate the state-of-the-art BTP schemes based on these two approaches and assess their relative strengths and weaknesses with respect to the three requirements of ISO/IEC 24745. The results of our investigation showed that the choice between BF and HE depends on the setting where the BTP scheme will be deployed and the level of trustworthiness of the parties involved in processing the protected template. As a result, HE enhanced by verifiable computation techniques can satisfy the privacy requirements of ISO/IEC 24745 in a trustless setting.
The cutting-edge biometric recognition systems extract distinctive feature vectors of biometric samples using deep neural networks to measure the amount of (dis-)similarity between two biometric samples. Studies have shown that personal information (e.g., health condition, ethnicity, etc.) can be inferred, and biometric samples can be reconstructed from those feature vectors, making their protection an urgent necessity. State-of-theart biometrics protection solutions are based on homomorphic encryption (HE) to perform recognition over encrypted feature vectors, hiding the features and their processing while releasing the outcome only. However, this comes at the cost of those solutions' efficiency due to the inefficiency of HE-based solutions with a large number of multiplications; for (dis-)similarity measures, this number is proportional to the vector's dimension. In this paper, we tackle the HE performance bottleneck by freeing the two common (dis-)similarity measures, the cosine similarity and the squared Euclidean distance, from multiplications. Assuming normalized feature vectors, our approach pre-computes and organizes those (dis-)similarity measures into lookup tables. This transforms their computation into simple table-lookups and summation only. We study quantization parameters for the values in the lookup tables and evaluate performances on both synthetic and facial feature vectors for which we achieve a recognition performance identical to the non-tabularized baseline systems. We then assess their efficiency under HE and record runtimes between 28.95ms and 59.35ms for the three security levels, demonstrating their enhanced speed.
Bloom filters (BFs) and homomorphic encryption (HE) are prominent techniques used to design biometric template protection (BTP) schemes that aim to protect sensitive biometric information during storage and biometric comparison. However, the pros and cons of BF-and HE-based BTPs are not well studied in literature. We investigate the strengths and weaknesses of these two approaches since both seem promising from a theoretical viewpoint. Our key insight is to extend our theoretical investigation to cover the practical case of iris recognition on the ground that iris (1) benefits from the alignment-free property of BFs and (2) induces huge computational burdens when implemented in the HE-encrypted domain. BF-based BTPs can be implemented to be either fast with high recognition accuracy while missing the important privacy property of 'unlinkability', or to be fast with unlinkability-property while missing the high accuracy. HE-based BTPs, on the other hand, are highly secure, achieve good accuracy, and meet the unlinkability-property, but they are much slower than BF-based approaches. As a synthesis, we propose a hybrid BTP scheme that combines the good properties of BFs and HE, ensuring unlinkability and high recognition accuracy, while being about seven times faster than the traditional HE-based approach. | INTRODUCTIONA biometric template is a compact representation of a physiological or a behavioural biometric characteristic such as face, iris, voice, etc. The biometric characteristic itself is not a secret as, in human-to-human interaction, humans recognise each other from their actual characteristics. However, in a human-tomachine interaction, a biometric template becomes a numerical equivalent of the human characteristic understandable by a machine. Thus, a biometric template reflects the identity of an individual that allows him/her to be recognized by the system. Given the fact that systems are subject to various types of security threats, a biometric template must be well protected.References [2, 3] define biometric template protection (BTP) schemes as the branch of biometrics that tackles the problem of persevering biometric templates while maintaining the recognition performance. There exist different approaches to design BTP schemes that try to satisfy the privacy requirements of the international standard ISO/IEC 24,745 [4]: irreversibility, unlinkability, and confidentiality. Among those approaches, Bloom filter (BF)-based BTPs, process the template in a transformed domain, while homomorphic encryption (HE)-based BTPs, process the template in an encrypted domain. Both approaches have common and exclusive interesting properties that deal with the BTP challenges and the tradeoffs. Several surveys investigate either Bloom filters [5,6] This paper is an extension of [1] published at BIOSIG 2021.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
Contact Info
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Product
Resources
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.
