Biometric technologies have become an integral part of many secure access systems. Biometric-based authentication systems are being deployed in both low-risk secure systems such as laptops and cell phones to relatively high-risk secure systems such as military bases and airports. The use of biometric technologies has a number of advantages over password or smartcard-based technologies, such as user convenience, high security, and less fraud. However, like many other authentication technologies, biometric-based systems are also vulnerable to security breaches. The cost of replacing a biometric token or template is higher to that of a password or a smart card, with severe security and privacy implications. The templates can be reused over digital networks or can be used to reproduce synthetic biometric templates such as fake fingers or model faces. In the case of face templates, there is an additional risk that the identity of a person using a biometric access system in a highly secure facility can be revealed. Several sources of security breaches in biometric-based authentication systems have been found. Some countermeasures have also been proposed to nullify such threats and the standardized biometric application programming interface (BioAPI) is continuously updated with countermeasure guidelines such as encrypting templates, avoiding storage and transmission of original templates, and performing quantization of match scores.
In general, most biometric authentication systems have four major modules, a biometric template acquisition sensor, a matching module to compare a new template to an enrolled template, a decision module using predefined thresholds for particular operational points, and a database for enrolled templates (template gallery). In many applications, it is not possible to integrate all these modules to one unit. In such scenarios, the information is passed from one unit to the other through digital channels and/or stored in digital media for offline processing. Each module possesses different levels of security threats, and different countermeasures are necessary to nullify such threats. For instance, ‘aliveness’ detection at the sensor unit will detect any attempts to hack the system with synthetic templates. Similarly, a secure database or a secure digital channel will prevent any unauthorized access to templates over a network. In applications, where the matching module and decision module are not integrated together, the ‘match scores’ must be stored in a digital media or transmitted through a digital channel to a decision module. Security breaches resulting from attacks on match scores can occur in distributed network cluster biometric systems with a central decision unit. Such networks are common in wide area monitoring contexts.
The dominant approach for a match score-based attack on a biometric system is based on hill climbing. C. Soutar was the first to propose an iterative template adaptation method, popularly known as the hill climbing attack, to break into a biometric system based on match scores. Biometric System Security, Secure, vol. 5, p. 46-49 (2002). As shown in FIG. 1, hill-climbing approach 1 attacks the account of a subject, referred to as the targeted subject, by starting from arbitrary face template 2 and iteratively refining 3 it. Face recognition system (FRS) 15 outputs match score 4, which is the distance between arbitrary face template 2 and target subject 41. At every iteration, if the modified template results in a better score than the previous match score 7, then the modified template is retained 9, or else, it is discarded and prior template 8 is modified again. The process is iterated until the template is accepted 6 as the targeted subject. With this method, a break-in may be achieved using a final template that does not look like any real face, as long as it deceives the system. In other words, it is not a face reconstruction method but just a break-in strategy.
One countermeasure for the first generation of hill climbing approaches is to quantize the match scores. In this approach, the FRS outputs match scores, but does not alter the match scores with small changes in input images. With appropriate quantization, it is not possible to get the incremental feedback needed by these approaches. Therefore, A. Adler developed a modified hill climbing attack for a face recognition system with quantized match scores using an additional independent set of eigenfaces. Images Can Be Regenerated from Quantized Biometric Match Score Data, Proc. Canadian Conf. Electrical and Computer Eng., p. 469-472 (May 2004). In Adler's modification, after initializing the process with an arbitrary face template, at every iteration, the previously updated template is multiplied with randomly selected eigenfaces having different weights. This generates templates farther away from the previous template. The face template that results in a better match score is retained as the updated image for the next iteration. The process terminates when there is no further improvement in match scores. Experimental results on a commercial face recognition algorithm show that after nearly 4,000 attempts, a high match score is achieved with 99% confidence. Later, Adler extended this idea to work with encrypted face templates. Vulnerabilities in Biometric Encryption System, Proc. Int'l Conf. Audio and Video-Based Biometric Person Authentication, p. 1100-1109 (July 2005).
Security breaches are possible not only in face biometrics but in other biometric applications also. U. Uludag and A. Jain extended the hill climbing approach to break into minutiae-based fingerprint recognition system. Attacks on Biometric Systems: A Case Study in Fingerprints, Proc. SPIE-EI 2004, Security, Steganography and Watermarking of Multimedia Contents, p. 622-633 (January 2004).
Although hill climbing-based attacks can successfully break a particular targeted account, effective countermeasures for such attacks can also be created. One property of hill climbing-based attacks is that they require a large number of attempts before success. Therefore, one possible countermeasure for such attacks is to restrict the number of consecutive, unsuccessful attempts. However, this still leaves the system vulnerable to a spyware-based attack that interlaces its false attempts with attempts by genuine users (successful attempts) and collects information to iterate over a period of time. However, in most hill climbing-based attacks, the templates at the ith attempt (iteration) are generated from the (i−1)th attempts (iterations) and are similar to each other. Therefore, if all unsuccessful attempts for a particular targeted account within a fixed time interval are monitored, a pattern of similar faces with decreasing dissimilarity scores will be found. Therefore, a continuous observation of unsuccessful match scores will help to detect hill climbing-based spyware attacks.
Recently, a method of modeling of a face recognition algorithm using an affine transform was developed. P. Mohanty, S. Sarkar, and R. Kasturi, Designing Affine Transformations Based Face Recognition Algorithms, Proc. IEEE Workshop Face Recognition Challenge (June 2005). Starting from distances computed by any face recognition algorithm, such as the Face Recognition Grand Challenge (FRGC) baseline algorithm, the modeling process calculates the best affine transform that approximates it. The modeling process is a closed-form solution based on classical Multidimensional Scaling (MDS).
Attempts to find vulnerabilities have focused on modifications of the hill-climbing technique; however, these techniques have become identifiable by recognition systems as attacks because of their iterative nature. Discovery of vulnerabilities in recognition systems, therefore, needs to be expanded beyond variations of the hill-climbing technique, in order for countermeasures to be designed to further prevent security breaches resulting from a recognition system's vulnerabilities. Although a process of modeling a face recognition algorithm is available, the process needs modification and improvement to better model a FRS and a method is needed to utilize the improved modeling process to identify vulnerabilities in recognition systems.