TY - JOUR
T1 - LOPA
T2 - A linear offset based poisoning attack method against adaptive fingerprint authentication system
AU - Xue, Mingfu
AU - He, Can
AU - Wang, Jian
AU - Liu, Weiqiang
N1 - Publisher Copyright:
© 2020 Elsevier Ltd
PY - 2020/12
Y1 - 2020/12
N2 - Biological characteristics have been widely used in various identity authentication systems. The authentication systems typically store one or several biometric templates to identify whether a claimed user is legitimate. However, since the biological characteristics of users may undergo intra-class variabilities (such as aging or injuring by accidents) as time goes by, those initial enrolled templates may be not able to match the latest characteristics of the users. Therefore, some adaptive systems have been proposed to continuously update the enrolled templates by using collected run-time data. However, a smart attacker can leverage this self-updating procedure to drift the stored templates by constructing and submitting a set of well-designed poisoning samples. In this paper, for the first time, we propose a novel linear offset based poisoning attack method, named “LOPA”, against the online self-update fingerprint authentication systems. By making minor linear transformation to the minutia representation matrix of a victim's fingerprint template, the proposed attack method can generate a series of poisoning samples which are then submitted to the fingerprint authentication system. In this way, the initial template stored in the system will be imperceptibly and stealthily poisoned (i.e., updated), and eventually becomes unusable. Experimental results show that the proposed LOPA method is effective, where the stored fingerprint templates have been successfully poisoned, and those target fingers are incorrectly denied by the target system after a certain time. Specifically, the performance (the average GAR of all target fingers) of the fingerprint authentication system has dropped by 42.86%. In addition, the average matching score and the average matched minutia pairs of all target fingers have both declined, which indicate the universality of the proposed poisoning attack. This work reveals a novel security threat to the fingerprint authentication systems, and can hopefully provide references for developing future countermeasures.
AB - Biological characteristics have been widely used in various identity authentication systems. The authentication systems typically store one or several biometric templates to identify whether a claimed user is legitimate. However, since the biological characteristics of users may undergo intra-class variabilities (such as aging or injuring by accidents) as time goes by, those initial enrolled templates may be not able to match the latest characteristics of the users. Therefore, some adaptive systems have been proposed to continuously update the enrolled templates by using collected run-time data. However, a smart attacker can leverage this self-updating procedure to drift the stored templates by constructing and submitting a set of well-designed poisoning samples. In this paper, for the first time, we propose a novel linear offset based poisoning attack method, named “LOPA”, against the online self-update fingerprint authentication systems. By making minor linear transformation to the minutia representation matrix of a victim's fingerprint template, the proposed attack method can generate a series of poisoning samples which are then submitted to the fingerprint authentication system. In this way, the initial template stored in the system will be imperceptibly and stealthily poisoned (i.e., updated), and eventually becomes unusable. Experimental results show that the proposed LOPA method is effective, where the stored fingerprint templates have been successfully poisoned, and those target fingers are incorrectly denied by the target system after a certain time. Specifically, the performance (the average GAR of all target fingers) of the fingerprint authentication system has dropped by 42.86%. In addition, the average matching score and the average matched minutia pairs of all target fingers have both declined, which indicate the universality of the proposed poisoning attack. This work reveals a novel security threat to the fingerprint authentication systems, and can hopefully provide references for developing future countermeasures.
KW - Adaptive biometric authentication systems
KW - Artificial intelligence security
KW - Fingerprint authentication
KW - Poisoning attacks
KW - Template self-update
UR - https://www.scopus.com/pages/publications/85091213602
U2 - 10.1016/j.cose.2020.102046
DO - 10.1016/j.cose.2020.102046
M3 - 文章
AN - SCOPUS:85091213602
SN - 0167-4048
VL - 99
JO - Computers and Security
JF - Computers and Security
M1 - 102046
ER -