Adversarial Biometric Recognition : A review on biometric system security from the adversarial machine-learning perspective

@article{Biggio2015AdversarialBR,
  title={Adversarial Biometric Recognition : A review on biometric system security from the adversarial machine-learning perspective},
  author={Battista Biggio and Giorgio Fumera and Paolo Russu and Luca Didaci and Fabio Roli},
  journal={IEEE Signal Processing Magazine},
  year={2015},
  volume={32},
  pages={31-41}
}
In this article, we review previous work on biometric security under a recent framework proposed in the field of adversarial machine learning. This allows us to highlight novel insights on the security of biometric systems when operating in the presence of intelligent and adaptive attackers that manipulate data to compromise normal system operation. We show how this framework enables the categorization of known and novel vulnerabilities of biometric recognition systems, along with the… 
View on IEEE
pralab.diee.unica.it
59 Citations
Highly Influential Citations
4
Background Citations
31
Methods Citations
3

59 Citations

Citation Type

Citation Type

Biometric Backdoors: A Poisoning Attack Against Unsupervised Template Updating
TLDR
This work designs a poisoning detection technique that leverages the consistent directionality of template updates in feature space to discriminate between legitimate and malicious updates and designs a countermeasure with a set of intra-user variability factors which may present the same directionality characteristics.
Evasion Attack for Fingerprint Biometric System and Countermeasure
TLDR
The aim of this work is to demonstrate that machine learning can be utilized to enhance system security, if one utilizes an adversary-aware approach that proactively intercept the attacker.
Characterizing and Evaluating Adversarial Examples for Offline Handwritten Signature Verification
TLDR
It is found that attacks that aim to get a genuine signature rejected are easy to generate, even in a limited knowledge scenario, where the attacker does not have access to the trained classifier nor the signatures used for training.
Reversing the irreversible: A survey on inverse biometrics
TLDR
A comprehensive review of the different aspects related to inverse biometrics: development of reconstruction algorithms for different characteristics; proposal of methodologies to assess the vulnerabilities of biometric systems to the aforementioned algorithms; development of countermeasures to reduce the possible effects of attacks.
A taxonomy and survey of attacks against machine learning
TLDR
The proposed taxonomy makes it easier to understand the existing attack landscape towards developing defence mechanisms, and is leveraged to identify open problems that can lead to new research areas within the field of adversarial machine learning.
Protection of Privacy in Biometric Data
TLDR
The functional mechanisms of popular PPBSs are explained and the state-of-the-art privacy-preserving biometric methods based on these mechanisms are presented.
Machine Learning under Attack: Vulnerability Exploitation and Security Measures
TLDR
A general framework is introduced that encompasses and unifies previous work in the field, allowing one to systematically evaluate classifier security against different, potential attacks, and shows how carefully-designed poisoning attacks can mislead some learning algorithms by manipulating only a small fraction of their training data.
On the guessability of binary biometric templates: A practical guessing entropy based approach
TLDR
An acceleration of the guessing entropy is presented which reflects the expected number of guessing trials in attacking the binary template based biometric systems and benefits from computation reuse and pruning.
Recent advances in adversarial machine learning: status, challenges and perspectives
TLDR
A survey of adversarial machine learning and some associated countermeasures is presented and a taxonomy of ML/AI system attacks that follow the same properties and characteristics, allowing them to be linked with different defensive approaches is presented.
Adaptive Biometric Systems
TLDR
This article provides the most up-to-date and complete discussion on adaptive biometrics systems the authors are aware of, including formalization, terminology, sources or variations that motivates the use of adaptation, adaptation strategies, evaluation methodology, and open challenges.
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 34 REFERENCES
Poisoning attacks to compromise face templates
TLDR
This paper shows that the attack on PCA-based face verification templates can be successful even in the case of multiple templates per client, for different matchers, and under more realistic scenarios, and validate it by experiments to highlight its practical relevance.
Security evaluation of biometric authentication systems under real spoofing attacks
TLDR
The results confirm that multimodal systems are vulnerable to attacks against a single biometric trait, and show that the `worst-case` scenario can be too pessimistic, which can lead to two conservative choices.
Biometric Template Security
TLDR
This work presents a high-level categorization of the various vulnerabilities of a biometric system and discusses countermeasures that have been proposed to address these vulnerabilities.
Poisoning Adaptive Biometric Systems
TLDR
It is shown how a carefully designed attack may gradually poison the template gallery of some users, and successfully mislead a simple PCA-based face verification system that performs self-update.
Security Evaluation of Pattern Classifiers under Attack
TLDR
A framework for empirical evaluation of classifier security that formalizes and generalizes the main ideas proposed in the literature, and given examples of its use in three real applications show that security evaluation can provide a more complete understanding of the classifier's behavior in adversarial environments, and lead to better design choices.
Vulnerabilities in Biometric Encryption Systems
TLDR
A potential vulnerability in biometric encryption systems that allows a less-than-brute force regeneration of the secret and an estimate of the enrolled image is described.
Multimodal fusion vulnerability to non-zero effort (spoof) imposters
TLDR
A method for assessment of multimodal systems and underlying fusion algorithms is outlined and experiments are conducted on a multi-modal database of face, iris, and fingerprint match scores.
On the vulnerability of face verification systems to hill-climbing attacks
TLDR
A hill-climbing attack algorithm based on Bayesian adaption is used to test the vulnerability of two face recognition systems to indirect attacks and demonstrates that the algorithm is very efficient and is able to bypass over 85% of the attacked accounts.
Robustness of multimodal biometric fusion methods against spoof attacks
TLDR
This paper proposes two novel fusion schemes that can increase the security of multimodal biometric systems when one of the modes is successfully spoofed, one is an extension of the likelihood ratio based fusion scheme and the other uses fuzzy logic.
An evaluation of indirect attacks and countermeasures in fingerprint verification systems
TLDR
It is found that hill climbing attacks are highly effective in the process of creating synthetic templates that are accepted by the matcher as genuine ones, and that score quantization drastically reduces the attack success rate.
...
1
2
3
4
...