当前位置: X-MOL 学术IEEE Trans. Inform. Forensics Secur. › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Inverting Binarizations of Facial Templates Produced by Deep Learning (and Its Implications)
IEEE Transactions on Information Forensics and Security ( IF 6.3 ) Pub Date : 2021-08-06 , DOI: 10.1109/tifs.2021.3103056
Danny Keller , Margarita Osadchy , Orr Dunkelman

We focus on attacks against a biometric authentication system aimed at reconstructing a biometric sample of the subject from the protected template. Such systems include three blocks: feature extraction, binarization, and protection. We propose a new white-box reversing attack on the binarization block that approximates a biometric template given the binary string obtained by the binarization block. The experiments show that the proposed attack reconstructs very accurate approximations that pass the verification threshold when compared to templates produced from the same and different samples of the subject. We then integrate this attack with known attacks on the other two blocks, namely, a variant of a guessing attack to extract the binary string and biometric inversion attack to reconstruct a sample from its template. We instantiate this end-to-end attack on a face authentication system using fuzzy commitments for protection. Facial images reconstructed by the end-to-end attack greatly resemble the original ones. In the simplest attack scenario, more than 83% of these reconstructed templates succeed in unlocking an account (when the system is configured to 0.1% FMR). Even in the “hardest” settings (in which we take a reconstructed image from one system and use it in a different system, with a different feature extraction process) the reconstructed image offers 170 to 210 times higher success rates than the system's FMR.

中文翻译:


深度学习生成的面部模板的反转二值化(及其含义)



我们专注于针对生物识别认证系统的攻击,旨在从受保护的模板重建主体的生物识别样本。此类系统包括三个模块:特征提取、二值化和保护。我们提出了一种针对二值化块的新白盒逆向攻击,该攻击在给定二值化块获得的二进制字符串的情况下近似生物识别模板。实验表明,与从主题的相同和不同样本生成的模板相比,所提出的攻击重建了非常准确的近似值,该近似值通过了验证阈值。然后,我们将此攻击与对其他两个块的已知攻击相结合,即提取二进制字符串的猜测攻击的变体和从模板重建样本的生物特征反转攻击。我们使用模糊承诺进行保护,实例化了对人脸身份验证系统的端到端攻击。通过端到端攻击重建的面部图像与原始图像非常相似。在最简单的攻击场景中,超过 83% 的重构模板成功解锁账户(当系统配置为 0.1% FMR 时)。即使在“最困难”的设置中(我们从一个系统获取重建图像并在不同的系统中使用它,采用不同的特征提取过程),重建图像的成功率也比系统的 FMR 高 170 到 210 倍。
更新日期:2021-08-06
down
wechat
bug