Abstract
We assess the security of machine learning based biometric authentication systems against an attacker who submits uniform random inputs, either as feature vectors or raw inputs, in order to find an accepting sample of a target user. The average false positive rate (FPR) of the system, i.e., the rate at which an impostor is incorrectly accepted as the legitimate user, may be interpreted as a measure of the success probability of such an attack. However, we show that the success rate is often higher than the FPR. In particular, for one reconstructed biometric system with an average FPR of 0.03, the success rate was as high as 0.78. This has implications for the security of the system, as an attacker with only the knowledge of the length of the feature space can impersonate the user with less than 2 attempts on average. We provide detailed analysis of why the attack is successful, and validate our results using four different biometric modalities and four different machine learning classifiers. Finally, we propose mitigation techniques that render such attacks ineffective, with little to no effect on the accuracy of the system.
| Original language | English |
|---|---|
| Title of host publication | 2020 Network and Distributed System Security Symposium |
| Subtitle of host publication | proceedings |
| Place of Publication | Reston, VA |
| Publisher | The Internet Society |
| Number of pages | 18 |
| ISBN (Electronic) | 1891562614 |
| Publication status | Published - 2020 |
| Event | 27th Annual Network and Distributed System Security Symposium, NDSS 2020 - San Diego, United States Duration: 23 Feb 2020 → 26 Feb 2020 |
Conference
| Conference | 27th Annual Network and Distributed System Security Symposium, NDSS 2020 |
|---|---|
| Country/Territory | United States |
| City | San Diego |
| Period | 23/02/20 → 26/02/20 |