Search Icon
Register

On the Resilience of Biometric Authentication Systems against Random Inputs

Benjamin Zi Hao Zhao (University of New South Wales and Data61 CSIRO), Hassan Jameel Asghar (Macquarie University and Data61 CSIRO), Mohamed Ali Kaafar (Macquarie University and Data61 CSIRO)

We assess the security of machine learning based biometric authentication systems against an attacker who submits uniform random inputs, either as feature vectors or raw inputs, in order to find an emph{accepting sample} of a target user. The average false positive rate (FPR) of the system, i.e., the rate at which an impostor is incorrectly accepted as the legitimate user, may be interpreted as a measure of the success probability of such an attack. However, we show that the success rate is often higher than the FPR. In particular, for one reconstructed biometric system with an average FPR of 0.03, the success rate was as high as 0.78. This has implications for the security of the system, as an attacker with only the knowledge of the length of the feature space can impersonate the user with less than 2 attempts on average. We provide detailed analysis of why the attack is successful, and validate our results using four different biometric modalities and four different machine learning classifiers. Finally, we propose mitigation techniques that render such attacks ineffective, with little to no effect on the accuracy of the system.

Paper
Video

View More Papers

coucouArray ( [post_type] => ndss-paper [post_status] => publish [posts_per_page] => 4 [orderby] => rand [tax_query] => Array ( [0] => Array ( [taxonomy] => category [field] => id [terms] => Array ( [0] => 39 ) ) ) [post__not_in] => Array ( [0] => 5885 ) )

Data-Driven Debugging for Functional Side Channels

Saeid Tizpaz-Niari (University of Colorado Boulder), Pavol Černý (TU Wien), Ashutosh Trivedi (University of Colorado Boulder)

Read More

The Attack of the Clones Against Proof-of-Authority

Parinya Ekparinya (University of Sydney), Vincent Gramoli (University of Sydney and CSIRO-Data61), Guillaume Jourjon (CSIRO-Data61)

Read More

DISCO: Sidestepping RPKI's Deployment Barriers

Tomas Hlavacek (Fraunhofer SIT), Italo Cunha (Universidade Federal de Minas Gerais), Yossi Gilad (Hebrew University of Jerusalem), Amir Herzberg (University of Connecticut), Ethan Katz-Bassett (Columbia University), Michael Schapira (Hebrew University of Jerusalem), Haya Shulman (Fraunhofer SIT)

Read More

Prevalence and Impact of Low-Entropy Packing Schemes in the...

Alessandro Mantovani (EURECOM), Simone Aonzo (University of Genoa), Xabier Ugarte-Pedrero (Cisco Systems), Alessio Merlo (University of Genoa), Davide Balzarotti (EURECOM)

Read More

Privacy Starts with UI: Privacy Patterns and Designer Perspectives in UI/UX Practice

Anxhela Maloku (Technical University of Munich), Alexandra Klymenko (Technical University of Munich), Stephen Meisenbacher (Technical University of Munich), Florian Matthes (Technical University of Munich)

Vision: Profiling Human Attackers: Personality and Behavioral Patterns in Deceptive Multi-Stage CTF Challenges

Khalid Alasiri (School of Computing and Augmented Intelligence Arizona State University), Rakibul Hasan (School of Computing and Augmented Intelligence Arizona State University)

From Underground to Mainstream Marketplaces: Measuring AI-Enabled NSFW Deepfakes on Fiverr

Mohamed Moustafa Dawoud (University of California, Santa Cruz), Alejandro Cuevas (Princeton University), Ram Sundara Raman (University of California, Santa Cruz)