Hill-Climbing Attacks on Multibiometrics Recognition Systems

Biometric recognition systems, despite the advantages provided with respect to traditional authentication methods, have some peculiar weaknesses which may allow an attacker being falsely recognized or accessing users' personal data. Among such vulnerabilities, in this paper, we speculate on the hill-climbing attack, i.e., the possibility for an attacker to exploit the scores produced by the matcher with the goal of generating synthetic biometric data, which could allow a false acceptance. More in detail, we focus on multibiometrics systems and investigate about the robustness of different system architectures, both parallel and serial fusion schemes, against the hill-climbing attack. Nonuniform quantization is also evaluated as a possible countermeasure for limiting the effectiveness of the considered attacks in terms of recognition success rate and average number of required attempts without affecting the recognition performance.

[1]  Jian Yang,et al.  Feature fusion: parallel strategy vs. serial strategy , 2003, Pattern Recognit..

[2]  J. Fierrez-Aguilar,et al.  Hill-Climbing and Brute-Force Attacks on Biometric Systems: A Case Study in Match-on-Card Fingerprint Verification , 2006, Proceedings 40th Annual 2006 International Carnahan Conference on Security Technology.

[3]  Fabio Roli,et al.  Personal identity verification by serial fusion of fingerprint and face matchers , 2009, Pattern Recognit..

[4]  Andreas Uhl,et al.  Attacking Iris Recognition: An Efficient Hill-Climbing Technique , 2010, 2010 20th International Conference on Pattern Recognition.

[5]  Arun Ross,et al.  Handbook of Multibiometrics , 2006, The Kluwer international series on biometrics.

[6]  Fabio Babiloni,et al.  Brain waves based user recognition using the “eyes closed resting conditions” protocol , 2011, 2011 IEEE International Workshop on Information Forensics and Security.

[7]  Juan J. Igarza,et al.  MCYT baseline corpus: a bimodal biometric database , 2003 .

[8]  Robert Hooke,et al.  `` Direct Search'' Solution of Numerical and Statistical Problems , 1961, JACM.

[9]  Julian Fiérrez,et al.  On the Vulnerability of Iris-Based Systems to a Software Attack Based on a Genetic Algorithm , 2012, CIARP.

[10]  C. T. Kelley,et al.  An Implicit Filtering Algorithm for Optimization of Functions with Many Local Minima , 1995, SIAM J. Optim..

[11]  Alessandro Neri,et al.  Feature Selection and Binarization for On-Line Signature Recognition , 2009, ICB.

[12]  J. Spall Implementation of the simultaneous perturbation algorithm for stochastic optimization , 1998 .

[13]  John L. Nazareth,et al.  Introduction to derivative-free optimization , 2010, Math. Comput..

[14]  Xiaoli Zhou,et al.  Feature fusion of side face and gait for video-based human identification , 2008, Pattern Recognit..

[15]  Loris Nanni,et al.  An On-Line Signature Verification System Based on Fusion of Local and Global Information , 2005, AVBPA.

[16]  Patrizio Campisi,et al.  On the vulnerability of an EEG-based biometric system to hill-climbing attacks algorithms' comparison and possible countermeasures , 2013, 2013 IEEE Sixth International Conference on Biometrics: Theory, Applications and Systems (BTAS).

[17]  Daigo Muramatsu,et al.  Online Signature Verification Algorithm Using Hill-Climbing Method , 2008, 2008 IEEE/IFIP International Conference on Embedded and Ubiquitous Computing.

[18]  Patrizio Campisi,et al.  Security and Privacy in Biometrics , 2013, Springer London.

[19]  S. P. Lloyd,et al.  Least squares quantization in PCM , 1982, IEEE Trans. Inf. Theory.

[20]  Raymond N. J. Veldhuis,et al.  Threshold-optimized decision-level fusion and its application to biometrics , 2009, Pattern Recognit..

[21]  Sharath Pankanti,et al.  Filterbank-based fingerprint matching , 2000, IEEE Trans. Image Process..

[22]  Patrizio Campisi,et al.  Hill-climbing attack: Parametric optimization and possible countermeasures. An application to on-line signature recognition , 2013, 2013 International Conference on Biometrics (ICB).

[23]  Julian Fiérrez,et al.  Bayesian Hill-Climbing Attack and Its Application to Signature Verification , 2007, ICB.

[24]  Samy Bengio,et al.  Can Chimeric Persons Be Used in Multimodal Biometric Authentication Experiments? , 2005, MLMI.

[25]  Julian Fiérrez,et al.  Cancelable Templates for Sequence-Based Biometrics with Application to On-line Signature Recognition , 2010, IEEE Transactions on Systems, Man, and Cybernetics - Part A: Systems and Humans.

[26]  Patrizio Campisi,et al.  Brain waves for automatic biometric-based user recognition , 2014, IEEE Transactions on Information Forensics and Security.

[27]  Julian Fiérrez,et al.  Face verification put to test: A hill-climbing attack based on the uphill-simplex algorithm , 2012, 2012 5th IAPR International Conference on Biometrics (ICB).

[28]  John A. Nelder,et al.  A Simplex Method for Function Minimization , 1965, Comput. J..