Genetic & Evolutionary Biometric Security: Disposable Feature Extractors for Mitigating Biometric Replay Attacks

Abstract Biometric-based access control systems (BACSs) are vulnerable to replay attacks. Replay attacks occur when a biometric template is intercepted and maliciously used to gain unauthorized access to a system. In this paper, we introduce a Genetic and Evolutionary Biometric Security (GEBS) application which uses a Genetic and Evolutionary Computation to develop disposable Feature Extractors (FEs) in an effort to mitigate replay attacks. We describe how a previously developed system known as GEFE (Genetic and Evolutionary Feature Extraction) can be used to evolve unique and disposable FEs for users of BACS. Furthermore, we propose two access control protocols based on the use of disposable FEs and/or their resulting templates (also referred to as feature vectors (FVs)). In our proposed protocols, FEs/FVs are used to authenticate the identity of individuals and are then discarded. Our results show that this GEBS application can be successfully used to mitigate biometric replay attacks.

[1]  E. Mizutani,et al.  Neuro-Fuzzy and Soft Computing-A Computational Approach to Learning and Machine Intelligence [Book Review] , 1997, IEEE Transactions on Automatic Control.

[2]  Andries P. Engelbrecht,et al.  Computational Intelligence: An Introduction , 2002 .

[3]  Matti Pietikäinen,et al.  Multiresolution Gray-Scale and Rotation Invariant Texture Classification with Local Binary Patterns , 2002, IEEE Trans. Pattern Anal. Mach. Intell..

[4]  Sharath Pankanti,et al.  Biometrics: Personal Identification in Networked Society , 2013 .

[5]  Sharath Pankanti,et al.  Biometric Recognition: Security and Privacy Concerns , 2003, IEEE Secur. Priv..

[6]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[7]  J. A. Lozano,et al.  Estimation of Distribution Algorithms: A New Tool for Evolutionary Computation , 2001 .

[8]  Matti Pietikäinen,et al.  Face Description with Local Binary Patterns: Application to Face Recognition , 2006, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[9]  J. Nazuno Haykin, Simon. Neural networks: A comprehensive foundation, Prentice Hall, Inc. Segunda Edición, 1999 , 2000 .

[10]  Robert Frischholz,et al.  BioID: A Multimodal Biometric Identification System , 2000, Computer.

[11]  Jean-Jacques Quisquater,et al.  Biometrics, Access Control, Smart Cards: A not so Simple Combination , 2000, CARDIS.

[12]  Nenghai Yu,et al.  A Security Enhanced Remote Password Authentication Scheme Using Smart Card , 2010, 2010 Second International Symposium on Data, Privacy, and E-Commerce.

[13]  Liu Lu-lu Online Palmprint Identification Based on Improved 2D PCA , 2005 .

[14]  G. Dozier,et al.  Genetic & Evolutionary Biometrics: Hybrid feature selection and weighting for a multi-modal biometric system , 2012, 2012 Proceedings of IEEE Southeastcon.

[15]  B. Miller,et al.  Vital signs of identity [biometrics] , 1994, IEEE Spectrum.

[16]  Dmitry O. Gorodnichy,et al.  Evolution and evaluation of biometric systems , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[17]  Hung-Yu Chien,et al.  An Efficient and Practical Solution to Remote Authentication: Smart Card , 2002, Comput. Secur..

[18]  Nalini K. Ratha,et al.  Enhancing security and privacy in biometrics-based authentication systems , 2001, IBM Syst. J..

[19]  Simon Haykin,et al.  Neural Networks: A Comprehensive Foundation , 1998 .

[20]  Chris Roberts,et al.  Biometric attack vectors and defences , 2007, Comput. Secur..

[21]  Christopher Calabrese The trouble with biometrics , 1999 .

[22]  Robert Newman Security and Access Control Using Biometric Technologies: Application, Technology, and Management , 2009 .

[23]  Mingyue Li,et al.  Security vulnerabilities of an remote password authentication scheme with smart card , 2011, 2011 International Conference on Consumer Electronics, Communications and Networks (CECNet).

[24]  Sharath Pankanti,et al.  BIOMETRIC IDENTIFICATION , 2000 .

[25]  Salil Prabhakar,et al.  BIOMETRIC RECOGNITION: SECURITY AND PRIVACY VERIFICATION COMPETITION , 2003 .

[26]  L. O'Gorman,et al.  Comparing passwords, tokens, and biometrics for user authentication , 2003, Proceedings of the IEEE.