当前位置:
X-MOL 学术
›
Comput. Secur.
›
论文详情
Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
LOPA: A Linear Offset Based Poisoning Attack Method Against Adaptive Fingerprint Authentication System
Computers & Security ( IF 4.8 ) Pub Date : 2020-12-01 , DOI: 10.1016/j.cose.2020.102046 Mingfu Xue , Can He , Jian Wang , Weiqiang Liu
Computers & Security ( IF 4.8 ) Pub Date : 2020-12-01 , DOI: 10.1016/j.cose.2020.102046 Mingfu Xue , Can He , Jian Wang , Weiqiang Liu
Abstract Biological characteristics have been widely used in various identity authentication systems. The authentication systems typically store one or several biometric templates to identify whether a claimed user is legitimate. However, since the biological characteristics of users may undergo intra-class variabilities (such as aging or injuring by accidents) as time goes by, those initial enrolled templates may be not able to match the latest characteristics of the users. Therefore, some adaptive systems have been proposed to continuously update the enrolled templates by using collected run-time data. However, a smart attacker can leverage this self-updating procedure to drift the stored templates by constructing and submitting a set of well-designed poisoning samples. In this paper, for the first time, we propose a novel l inear o ffset based p oisoning a ttack method, named “LOPA”, against the online self-update fingerprint authentication systems. By making minor linear transformation to the minutia representation matrix of a victim’s fingerprint template, the proposed attack method can generate a series of poisoning samples which are then submitted to the fingerprint authentication system. In this way, the initial template stored in the system will be imperceptibly and stealthily poisoned (i.e., updated), and eventually becomes unusable. Experimental results show that the proposed LOPA method is effective, where the stored fingerprint templates have been successfully poisoned, and those target fingers are incorrectly denied by the target system after a certain time. Specifically, the performance (the average GAR of all target fingers) of the fingerprint authentication system has dropped by 42.86%. In addition, the average matching score and the average matched minutia pairs of all target fingers have both declined, which indicate the universality of the proposed poisoning attack. This work reveals a novel security threat to the fingerprint authentication systems, and can hopefully provide references for developing future countermeasures.
中文翻译:
LOPA:一种针对自适应指纹认证系统的基于线性偏移的中毒攻击方法
摘要 生物特征已广泛应用于各种身份认证系统中。认证系统通常存储一个或多个生物特征模板以识别声称的用户是否合法。然而,由于用户的生物特征随着时间的推移可能会发生类内变异(例如老化或意外伤害),这些最初注册的模板可能无法匹配用户的最新特征。因此,已经提出了一些自适应系统,通过使用收集的运行时数据来不断更新注册模板。然而,聪明的攻击者可以通过构建和提交一组精心设计的中毒样本,利用这种自我更新程序来漂移存储的模板。在本文中,第一次,我们提出了一种新的基于线性偏移的中毒攻击方法,名为“LOPA”,针对在线自更新指纹认证系统。通过对受害者指纹模板的细节表示矩阵进行微小的线性变换,所提出的攻击方法可以生成一系列中毒样本,然后提交给指纹认证系统。这样,系统中存储的初始模板就会在不知不觉中被偷偷地中毒(即更新),最终变得无法使用。实验结果表明,所提出的LOPA方法是有效的,其中存储的指纹模板已成功中毒,并且在一定时间后目标系统错误地拒绝了那些目标手指。具体来说,指纹认证系统的性能(所有目标手指的平均GAR)下降了42.86%。此外,所有目标手指的平均匹配分数和平均匹配细节对均有所下降,这表明所提出的中毒攻击具有普遍性。这项工作揭示了指纹认证系统的一种新的安全威胁,有望为制定未来的对策提供参考。
更新日期:2020-12-01
中文翻译:
LOPA:一种针对自适应指纹认证系统的基于线性偏移的中毒攻击方法
摘要 生物特征已广泛应用于各种身份认证系统中。认证系统通常存储一个或多个生物特征模板以识别声称的用户是否合法。然而,由于用户的生物特征随着时间的推移可能会发生类内变异(例如老化或意外伤害),这些最初注册的模板可能无法匹配用户的最新特征。因此,已经提出了一些自适应系统,通过使用收集的运行时数据来不断更新注册模板。然而,聪明的攻击者可以通过构建和提交一组精心设计的中毒样本,利用这种自我更新程序来漂移存储的模板。在本文中,第一次,我们提出了一种新的基于线性偏移的中毒攻击方法,名为“LOPA”,针对在线自更新指纹认证系统。通过对受害者指纹模板的细节表示矩阵进行微小的线性变换,所提出的攻击方法可以生成一系列中毒样本,然后提交给指纹认证系统。这样,系统中存储的初始模板就会在不知不觉中被偷偷地中毒(即更新),最终变得无法使用。实验结果表明,所提出的LOPA方法是有效的,其中存储的指纹模板已成功中毒,并且在一定时间后目标系统错误地拒绝了那些目标手指。具体来说,指纹认证系统的性能(所有目标手指的平均GAR)下降了42.86%。此外,所有目标手指的平均匹配分数和平均匹配细节对均有所下降,这表明所提出的中毒攻击具有普遍性。这项工作揭示了指纹认证系统的一种新的安全威胁,有望为制定未来的对策提供参考。
京公网安备 11010802027423号