On the vulnerability of an EEG-based biometric system to hill-climbing attacks algorithms' comparison and possible countermeasures

In this paper we analyze the vulnerability to hill-climbing attacks of a biometric recognition system based on electroencephalography (EEG). It is assumed that an attacker can access the scores produced by the employed matcher, and use them to control the generation of synthetic EEG templates until achieving a successful authentication. To this aim, different general approaches relying on function optimization are evaluated and compared in terms of authentication success rate and average number of required attempts. The possibility of increasing the system robustness against this kind of attacks, without significantly affecting its recognition performance, is also investigated.

[1]  Katya Scheinberg,et al.  Introduction to derivative-free optimization , 2010, Math. Comput..

[2]  C. T. Kelley,et al.  An Implicit Filtering Algorithm for Optimization of Functions with Many Local Minima , 1995, SIAM J. Optim..

[3]  Julian Fierrez,et al.  Hill-climbing attack to an Eigenface-based face verification system , 2009, 2009 First IEEE International Conference on Biometrics, Identity and Security (BIdS).

[4]  Colin Soutar Implementation of Biometric Systems - Security and Privacy Considerations , 2002, Inf. Secur. Tech. Rep..

[5]  J. Fierrez-Aguilar,et al.  Hill-Climbing and Brute-Force Attacks on Biometric Systems: A Case Study in Match-on-Card Fingerprint Verification , 2006, Proceedings 40th Annual 2006 International Carnahan Conference on Security Technology.

[6]  Nalini K. Ratha,et al.  An Analysis of Minutiae Matching Strength , 2001, AVBPA.

[7]  Anil K. Jain,et al.  Biometric cryptosystems: issues and challenges , 2004, Proceedings of the IEEE.

[8]  S. P. Lloyd,et al.  Least squares quantization in PCM , 1982, IEEE Trans. Inf. Theory.

[9]  Patrizio Campisi,et al.  Hill-climbing attack: Parametric optimization and possible countermeasures. An application to on-line signature recognition , 2013, 2013 International Conference on Biometrics (ICB).

[10]  Julian Fiérrez,et al.  Hill-Climbing Attack Based on the Uphill Simplex Algorithm and Its Application to Signature Verification , 2011, BIOID.

[11]  Fabio Babiloni,et al.  Brain waves based user recognition using the “eyes closed resting conditions” protocol , 2011, 2011 IEEE International Workshop on Information Forensics and Security.

[12]  Patrizio Campisi,et al.  EEG biometrics for individual recognition in resting state with closed eyes , 2012, 2012 BIOSIG - Proceedings of the International Conference of Biometrics Special Interest Group (BIOSIG).

[13]  Patrizio Campisi,et al.  Fuzzy Commitment for Function Based Signature Template Protection , 2010, IEEE Signal Processing Letters.

[14]  Julian Fiérrez,et al.  On the Vulnerability of Iris-Based Systems to a Software Attack Based on a Genetic Algorithm , 2012, CIARP.

[15]  Robert Hooke,et al.  `` Direct Search'' Solution of Numerical and Statistical Problems , 1961, JACM.

[16]  Andy Adler Sample images can be independently restored from face recognition templates , 2003, CCECE 2003 - Canadian Conference on Electrical and Computer Engineering. Toward a Caring and Humane Technology (Cat. No.03CH37436).

[17]  J. Spall Implementation of the simultaneous perturbation algorithm for stochastic optimization , 1998 .

[18]  Enrique Argones-Rúa,et al.  Biometric Template Protection Using Universal Background Models: An Application to Online Signature , 2012, IEEE Transactions on Information Forensics and Security.

[19]  John A. Nelder,et al.  A Simplex Method for Function Minimization , 1965, Comput. J..

[20]  Julian Fiérrez,et al.  Bayesian Hill-Climbing Attack and Its Application to Signature Verification , 2007, ICB.

[21]  Daigo Muramatsu,et al.  Online Signature Verification Algorithm Using Hill-Climbing Method , 2008, 2008 IEEE/IFIP International Conference on Embedded and Ubiquitous Computing.

[22]  Julian Fiérrez,et al.  Face verification put to test: A hill-climbing attack based on the uphill-simplex algorithm , 2012, 2012 5th IAPR International Conference on Biometrics (ICB).

[23]  R. Luus,et al.  Application of numerical hill‐climbing in control of systems via Liapunov's direct method , 1971 .