Biometric recognition systems, despite the advantages provided with respect to traditional authentication methods, have some peculiar weaknesses which may allow an attacker being falsely recognized or accessing users’ personal data. Among such vulnerabilities, in this paper, we speculate on the hill-climbing attack, i.e., the possibility for an attacker to exploit the scores produced by the matcher with the goal of generating synthetic biometric data, which could allow a false acceptance. More in detail, we focus on multibiometrics systems and investigate about the robustness of different system architectures, both parallel and serial fusion schemes, against the hill-climbing attack. Nonuniform quantization is also evaluated as a possible countermeasure for limiting the effectiveness of the considered attacks in terms of recognition success rate and average number of required attempts without affecting the recognition performance.
Maiorana, E., Hine, G.E., Campisi, P. (2015). Hill-Climbing Attacks on Multibiometrics Recognition Systems. IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, 10(5), 900-915 [10.1109/TIFS.2014.2384735].
Hill-Climbing Attacks on Multibiometrics Recognition Systems
MAIORANA, EMANUELE;HINE, GABRIEL EMILE;CAMPISI, PATRIZIO
2015-01-01
Abstract
Biometric recognition systems, despite the advantages provided with respect to traditional authentication methods, have some peculiar weaknesses which may allow an attacker being falsely recognized or accessing users’ personal data. Among such vulnerabilities, in this paper, we speculate on the hill-climbing attack, i.e., the possibility for an attacker to exploit the scores produced by the matcher with the goal of generating synthetic biometric data, which could allow a false acceptance. More in detail, we focus on multibiometrics systems and investigate about the robustness of different system architectures, both parallel and serial fusion schemes, against the hill-climbing attack. Nonuniform quantization is also evaluated as a possible countermeasure for limiting the effectiveness of the considered attacks in terms of recognition success rate and average number of required attempts without affecting the recognition performance.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.