Adversarial Biometric Recognition : A review on biometric system security from the adversarial machine-learning perspective

@article{Biggio2015AdversarialBR,
  title={Adversarial Biometric Recognition : A review on biometric system security from the adversarial machine-learning perspective},
  author={Battista Biggio and Giorgio Fumera and Paolo Russu and Luca Didaci and Fabio Roli},
  journal={IEEE Signal Processing Magazine},
  year={2015},
  volume={32},
  pages={31-41}
}
In this article, we review previous work on biometric security under a recent framework proposed in the field of adversarial machine learning. This allows us to highlight novel insights on the security of biometric systems when operating in the presence of intelligent and adaptive attackers that manipulate data to compromise normal system operation. We show how this framework enables the categorization of known and novel vulnerabilities of biometric recognition systems, along with the… 
View on IEEE
iris.unica.it
64 Citations
Highly Influential Citations
4
Background Citations
39
Methods Citations
4
Results Citations
1

Figures and Tables from this paper

64 Citations

Biometric Backdoors: A Poisoning Attack Against Unsupervised Template Updating

This work designs a poisoning detection technique that leverages the consistent directionality of template updates in feature space to discriminate between legitimate and malicious updates and designs a countermeasure with a set of intra-user variability factors which may present the same directionality characteristics.

Evasion Attack for Fingerprint Biometric System and Countermeasure

The aim of this work is to demonstrate that machine learning can be utilized to enhance system security, if one utilizes an adversary-aware approach that proactively intercept the attacker.

Characterizing and Evaluating Adversarial Examples for Offline Handwritten Signature Verification

It is found that attacks that aim to get a genuine signature rejected are easy to generate, even in a limited knowledge scenario, where the attacker does not have access to the trained classifier nor the signatures used for training.

Adversarial Robustness is Not Enough: Practical Limitations for Securing Facial Authentication

This paper assesses the strengths and limitations of prominent robustness methods in light of facial authentication, a realistic use case where adversarial perturbations pose a real threat, which allows for a natural reflection on the security gained by the obtained robustness.

Reversing the irreversible: A survey on inverse biometrics

Protection of Privacy in Biometric Data

The functional mechanisms of popular PPBSs are explained and the state-of-the-art privacy-preserving biometric methods based on these mechanisms are presented.

Machine Learning under Attack: Vulnerability Exploitation and Security Measures

A general framework is introduced that encompasses and unifies previous work in the field, allowing one to systematically evaluate classifier security against different, potential attacks, and shows how carefully-designed poisoning attacks can mislead some learning algorithms by manipulating only a small fraction of their training data.

On the guessability of binary biometric templates: A practical guessing entropy based approach

An acceleration of the guessing entropy is presented which reflects the expected number of guessing trials in attacking the binary template based biometric systems and benefits from computation reuse and pruning.

Adaptive Biometric Systems

This article provides the most up-to-date and complete discussion on adaptive biometrics systems the authors are aware of, including formalization, terminology, sources or variations that motivates the use of adaptation, adaptation strategies, evaluation methodology, and open challenges.

Wild Patterns: Ten Years After the Rise of Adversarial Machine Learning

...

References

SHOWING 1-10 OF 32 REFERENCES

Poisoning attacks to compromise face templates

This paper shows that the attack on PCA-based face verification templates can be successful even in the case of multiple templates per client, for different matchers, and under more realistic scenarios, and validate it by experiments to highlight its practical relevance.

Security evaluation of biometric authentication systems under real spoofing attacks

The results confirm that multimodal systems are vulnerable to attacks against a single biometric trait, and show that the `worst-case` scenario can be too pessimistic, which can lead to two conservative choices.

Biometric Template Security

This work presents a high-level categorization of the various vulnerabilities of a biometric system and discusses countermeasures that have been proposed to address these vulnerabilities.

Security Evaluation of Pattern Classifiers under Attack

A framework for empirical evaluation of classifier security that formalizes and generalizes the main ideas proposed in the literature, and given examples of its use in three real applications show that security evaluation can provide a more complete understanding of the classifier's behavior in adversarial environments, and lead to better design choices.

Vulnerabilities in Biometric Encryption Systems

  • A. Adler
  • Computer Science, Mathematics
    AVBPA
  • 2005
A potential vulnerability in biometric encryption systems that allows a less-than-brute force regeneration of the secret and an estimate of the enrolled image is described.

Multimodal fusion vulnerability to non-zero effort (spoof) imposters

A method for assessment of multimodal systems and underlying fusion algorithms is outlined and experiments are conducted on a multi-modal database of face, iris, and fingerprint match scores.

On the vulnerability of face verification systems to hill-climbing attacks

Robustness of multimodal biometric fusion methods against spoof attacks

An evaluation of indirect attacks and countermeasures in fingerprint verification systems

Pattern Recognition Systems under Attack: Design Issues and Research Challenges

The ultimate goal is to provide some useful guidelines for improving the security of pattern recognition in adversarial settings, and to suggest related open issues to foster research in this area.