Li W,Poh N,Zhou Y.

DOI: https://doi.org/10.1117/12.2061785

2014-01-01

Abstract:Spoof attack by replicating biometric traits represents a real threat to an automatic biometric verification/ authentication system. This is because the system, originally designed to distinguish between genuine users from impostors, simply cannot distinguish between a replicated biometric sample (replica) from a live sample. An effective solution is to obtain some measures that can indicate whether or not a biometric trait has been tempered with, e.g., liveness detection measures. These measures are referred to as evidence of spoofing or anti-spoofing measures. In order to make the final accept/rejection decision, a straightforward solution to define two thresholds: one for the anti-spoofing measure, and another for the verification score. We compared two variants of a method that relies on applying two thresholds - one to the verification (matching) score and another to the anti-spoofing measure. Our experiments carried out using a signature database as well as by simulation show that both the brute-force and its probabilistic variant turn out to be optimal under different operating conditions. © 2014 SPIE.

Zhihao Wu,Yushi Cheng,Shibo Zhang,Xiaoyu Ji,Wenyuan Xu

DOI: https://doi.org/10.14722/ndss.2024.241036

2024-01-01

Abstract:Face authentication systems are widely employed in access control systems to ensure the security of confidential facilities.Recent works have demonstrated their vulnerabilities to adversarial attacks.However, such attacks typically require adversaries to wear disguises such as glasses or hats during every authentication, which may raise suspicion and reduce their attack impacts.In this paper, we propose the UniID attack, which allows multiple adversaries to perform face spoofing attacks without any additional disguise by enabling an insider to register a universal identity into the face authentication database by wearing an adversarial patch.To achieve it, we first select appropriate adversaries through feature engineering, then generate the desired adversarial patch with a multi-target joint-optimization approach, and finally overcome practical challenges such as improving the transferability of the adversarial patch towards black-box systems and enhancing its robustness in the physical world.We implement UniID in laboratory setups and evaluate its effectiveness with six face recognition models (FaceNet, Mobile-FaceNet, ArcFace-18/50, and MagFace-18/50) and two commercial face authentication systems (ArcSoft and Face++).Simulation and real-world experimental results demonstrate that UniID can achieve a max attack success rate of 100% and 79% in 3-user scenarios under the white-box setting and black-box setting respectively, and it can be extended to more than 8 users.

Lei Li,Paulo Lobato Correia,Abdenour Hadid

DOI: https://doi.org/10.1049/iet-bmt.2017.0089

2017-11-16

IET Biometrics

Abstract:Among tangible threats facing current biometric systems are spoofing attacks. A spoofing attack occurs when a person tries to masquerade as someone else by falsifying data and thereby attempting to gain illegitimate access and advantages. Recently, an increasing attention has been given to this research problem, as can be attested by the growing number of articles and the various competitions that appear in major biometric forums. This study presents a comprehensive overview of the recent advances in face anti‐spoofing state‐of‐the‐art, discussing existing methodologies, available benchmarking databases, reported results and, more importantly, the open issues and future research directions. As a case study for illustration, a face anti‐spoofing method is described, which employs a colour local binary pattern descriptor to jointly analyse colour and texture available from the luminance and chrominance channels. Two publicly available databases are used for the analysis, and the importance of inter‐database evaluation to attest the generalisation capabilities of an anti‐spoofing method is discussed.

computer science, artificial intelligence

Kam Kong,Xiali Hei,Ting Zeng,Caijin Ling,Chao Zhang,Binheng Song,Hui Cao,Michael Peays

DOI: https://doi.org/10.1109/itoec.2017.8122453

2017-01-01

Abstract:With an increase in acceptance of face recognition systems, the desire for accurate biometric authentication - face recognition, has increased. Nowadays, the fundamental limitations of existing systems are, the vulnerabilities of false verification via a picture or simple video of a person. In this paper, it is inspired by how humans can perform reliable spoofing detection only based on the available scene and context information. We propose our framework in a combination of interaction model and Moire pattern analysis to make sure that a user is a real person. It is different from some systems that use hardware-based liveness detection. We focus on the software-based approaches, in particular, the necessary algorithms that allow for a liveness detection in real-time. Our experiments results show excellent performance to the state of the art.

Zhihao Wu,Yushi Cheng,Xiaoyu Ji,Wenyuan Xu

DOI: https://doi.org/10.1109/tdsc.2024.3445570

2024-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Face authentication technology has been widely used in physical access control to critical infrastructures. The security of a face authentication system has been threatened by photo replay attacks and thus the 3D liveness detection techniques have been deployed to safeguard such systems. In this paper, we conduct a comprehensive analysis of the security aspects pertaining to 3D liveness detection systems that employ structured light depth camera, and propose a novel attack surface targeting 3D face authentication systems involving multiple modalities such as Depth, RGB and IR. We propose the DepthFake attack, a multi-modal spoofing attack against real-world 3D face authentication using only a single 2D photo. To achieve it, DepthFake first reconstruct the depth information of the victim's face from his 2D photo. Then, DepthFake actively projects a carefully-crafted scatter patterns embedded with the face depth information, in order to empower the 2D photo with 3D authentication properties. We address a range of practical challenges, including mitigating depth estimation errors, achieving depth images forgery techniques based on structured light, ensuring accurate alignment between various modalities of face images, and effectively implementing DepthFake in real world. We validated DepthFake on 5 commercial face authentication systems (i.e., Tencent Cloud, Baidu Cloud, 3DiVi, Ali Cloud and ArcSoft) and two commercial access control devices. The results over 50 users demonstrate that DepthFake achieves an overall Depth attack success rate of $79.4\%$ , RGB-D attack success rate of $59.4\%$ , IR-D attack success rate of $79.4\%$ , and RGB-IR attack success rate of $83.8\%$ in the real world.

Yijie Shen,Zhe Ma,Feng Lin,Hao Yan,Zhongjie Ba,Li Lu,Wenyao Xu,Kui Ren

DOI: https://doi.org/10.1145/3625687.3625783

2023-01-01

Abstract:Fingerprint recognition has been a vital security guard for various applications whose vulnerability has been explored by different works. However, previous works on spoofing fingerprint recognition rely on prior knowledge (e.g., photos and minutiae) of the target fingerprint, which fails to implement in practical scenarios. In this paper, we design a fingerprint spoofing attack, namely FingerFaker, to explore the vulnerability of fingerprint recognition, which can spoof automated fingerprint recognition systems (AFRSs) without prior knowledge of target fingerprints. Specifically, we propose a novel concept of "pseudo-minutiae-set" as an effective optimization object and design a two-stage scheme to optimize "pseudo-minutiaeset" leveraging a two-factor evolutionary strategy. In addition, we use a GAN-based training strategy with a minutiae loss function to pre-train a fingerprint generator to map a "pseudo-minutiae-set" into a fingerprint. We use 6342 fingerprint images to verify the performance of FingerFaker on spoofing the open-source AFRS, which shows a high attack success rate (ASR) of 97.78%. Meanwhile, we conduct a realistic case study on commercial off-the-shelf (COTS) AFRS, where FingerFaker also shows 94.22% ASR. Finally, we explore the impact of different conditions to guide the attack and propose countermeasures to mitigate the harm.

Wanying Ge,Hemlata Tak,Massimiliano Todisco,Nicholas Evans

DOI: https://doi.org/10.48550/arXiv.2209.00506

2022-09-01

Audio and Speech Processing

Abstract:The spoofing-aware speaker verification (SASV) challenge was designed to promote the study of jointly-optimised solutions to accomplish the traditionally separately-optimised tasks of spoofing detection and speaker verification. Jointly-optimised systems have the potential to operate in synergy as a better performing solution to the single task of reliable speaker verification. However, none of the 23 submissions to SASV 2022 are jointly optimised. We have hence sought to determine why separately-optimised sub-systems perform best or why joint optimisation was not successful. Experiments reported in this paper show that joint optimisation is successful in improving robustness to spoofing but that it degrades speaker verification performance. The findings suggest that spoofing detection and speaker verification sub-systems should be optimised jointly in a manner which reflects the differences in how information provided by each sub-system is complementary to that provided by the other. Progress will also likely depend upon the collection of data from a larger number of speakers.

Zhaoyu Chen,Bo Li,Kaixun Jiang,Shuang Wu,Shouhong Ding,Wenqiang Zhang

2023-10-18

Abstract:Face forgery generation technologies generate vivid faces, which have raised public concerns about security and privacy. Many intelligent systems, such as electronic payment and identity verification, rely on face forgery detection. Although face forgery detection has successfully distinguished fake faces, recent studies have demonstrated that face forgery detectors are very vulnerable to adversarial examples. Meanwhile, existing attacks rely on network architectures or training datasets instead of the predicted labels, which leads to a gap in attacking deployed applications. To narrow this gap, we first explore the decision-based attacks on face forgery detection. However, applying existing decision-based attacks directly suffers from perturbation initialization failure and low image quality. First, we propose cross-task perturbation to handle initialization failures by utilizing the high correlation of face features on different tasks. Then, inspired by using frequency cues by face forgery detection, we propose the frequency decision-based attack. We add perturbations in the frequency domain and then constrain the visual quality in the spatial domain. Finally, extensive experiments demonstrate that our method achieves state-of-the-art attack performance on FaceForensics++, CelebDF, and industrial APIs, with high query efficiency and guaranteed image quality. Further, the fake faces by our method can pass face forgery detection and face recognition, which exposes the security problems of face forgery detectors.

Computer Vision and Pattern Recognition,Computers and Society

Yu-Jie Xiong,Song-Yang Cheng,Jian-Xin Ren,Yu-Jin Zhang

DOI: https://doi.org/10.1007/s10032-023-00455-6

2023-01-01

International Journal on Document Analysis and Recognition (IJDAR)

Abstract:In the area of biometrics and document forensics, handwritten signatures are one of the most commonly accepted symbols. Thus, financial and commercial institutions usually use them to verify the identity of an individual. However, offline signature verification is still a challenging task due to the difficulties in discriminating the minute but significant details between genuine and skilled forged signatures. To tackle this issue, we propose a novel writer-independent offline signature verification approach using attention-based multiple siamese networks with primary representation guiding. The proposed multiple siamese networks regard the reference signature images, query signature images, and their corresponding inverse images as inputs. These images are fed to four weight-shared parallel branches, respectively. We present an efficient and reliable mutual attention module to discover prominent stroke information from both original and inverse branches. In each branch, feature maps of the first convolution are utilized to guide the combination with deeper features, named as primary representation guiding, which guides the model into concerning the shallow stroke information. The four branches are concatenated in an ordered way and are put into four contrastive pairs, which is helpful to obtain useful representations by comparing reference and query samples. Four contrastive pairs generate four preliminary decisions independently. Then, the eventual verification result is created based on the four preliminary decisions using a voting mechanism. In order to assess the performance of the proposed method, extensive experiments on four widely used public datasets are conducted. The experimental results demonstrate that the proposed method outperforms existing approaches in most cases and can be applied to various language scenarios.

Zhongliang Guo,Weiye Li,Yifei Qian,Ognjen Arandjelović,Lei Fang

DOI: https://doi.org/10.48550/arXiv.2308.08925

2024-02-10

Abstract:In this paper, we tackle the challenge of white-box false positive adversarial attacks on contrastive loss based offline handwritten signature verification models. We propose a novel attack method that treats the attack as a style transfer between closely related but distinct writing styles. To guide the generation of deceptive images, we introduce two new loss functions that enhance the attack success rate by perturbing the Euclidean distance between the embedding vectors of the original and synthesized samples, while ensuring minimal perturbations by reducing the difference between the generated image and the original image. Our method demonstrates state-of-the-art performance in white-box attacks on contrastive loss based offline handwritten signature verification models, as evidenced by our experiments. The key contributions of this paper include a novel false positive attack method, two new loss functions, effective style transfer in handwriting styles, and superior performance in white-box false positive attacks compared to other white-box attack methods.

Computer Vision and Pattern Recognition,Artificial Intelligence,Cryptography and Security,Machine Learning

Thomas Thebaud,Gaël Le Lan,Anthony Larcher

2024-08-15

Abstract:Biometric recognition systems are security systems based on intrinsic properties of their users, usually encoded in high dimension representations called embeddings, which potential theft would represent a greater threat than a temporary password or a replaceable key. To study the threat of embedding theft, we perform spoofing attacks on two behavioral biometric systems (an automatic speaker verification system and a handwritten digit analysis system) using a set of alignment techniques. Biometric recognition systems based on embeddings work in two phases: enrollment - where embeddings are collected and stored - then authentication - when new embeddings are compared to the stored ones -.The threat of stolen enrollment embeddings has been explored by the template reconstruction attack literature: reconstructing the original data to spoof an authentication system is doable with black-box access to their encoder. In this document, we explore the options available to perform template reconstruction attacks without any access to the encoder. To perform those attacks, we suppose general rules over the distribution of embeddings across encoders and use supervised and unsupervised algorithms to align an unlabeled set of embeddings with a set from a known encoder. The use of an alignment algorithm from the unsupervised translation literature gives promising results on spoofing two behavioral biometric systems.

Cryptography and Security,Artificial Intelligence

Roberto Casula,Giulia Orrù,Daniele Angioni,Xiaoyi Feng,Gian Luca Marcialis,Fabio Roli

DOI: https://doi.org/10.48550/arXiv.2007.03397

2020-10-17

Abstract:We investigated the threat level of realistic attacks using latent fingerprints against sensors equipped with state-of-art liveness detectors and fingerprint verification systems which integrate such liveness algorithms. To the best of our knowledge, only a previous investigation was done with spoofs from latent prints. In this paper, we focus on using snapshot pictures of latent fingerprints. These pictures provide molds, that allows, after some digital processing, to fabricate high-quality spoofs. Taking a snapshot picture is much simpler than developing fingerprints left on a surface by magnetic powders and lifting the trace by a tape. What we are interested here is to evaluate preliminary at which extent attacks of the kind can be considered a real threat for state-of-art fingerprint liveness detectors and verification systems. To this aim, we collected a novel data set of live and spoof images fabricated with snapshot pictures of latent fingerprints. This data set provide a set of attacks at the most favourable conditions. We refer to this method and the related data set as "ScreenSpoof". Then, we tested with it the performances of the best liveness detection algorithms, namely, the three winners of the LivDet competition. Reported results point out that the ScreenSpoof method is a threat of the same level, in terms of detection and verification errors, than that of attacks using spoofs fabricated with the full consensus of the victim. We think that this is a notable result, never reported in previous work.

Computer Vision and Pattern Recognition

Smita Khairnar,Shilpa Gite,Kashish Mahajan,Biswajeet Pradhan,Abdullah Alamri,Sudeep D. Thepade

DOI: https://doi.org/10.1109/access.2024.3474690

IF: 3.9

2024-10-29

IEEE Access

Abstract:Liveness face detection is essential for modern biometric systems, ensuring that input data is genuine and not derived from a false image or video. Liveness face detection in today's biometric systems will ensure that input comes from a real, live person rather than a manipulated image or video. The novelty of this study lies in combining deep learning models with local interpretable model-agnostic interpretation (LIME) to enhance the interpretability and transparency of facial liveness detection systems. This technology is necessary for preventing spoofing attacks and attempts by hackers to break the security feature via pictures, videos, masks, etc. Spoofing refers to the compromise of a biometric system by providing it with untruthful material, photographs, videos, or masks to gain access. However, if not dealt with, such forms of fraud could affect the security of the biometrics. Liveness detection relies on several strategies, from basic facial actions like blinking and head twists to even more advanced algorithms that can identify natural skin texture and warmth or detect differences at the pixel level between live and static images. Robust liveness detection in biometric authentication significantly enhances security and reliability. The objective of this research is to test the different pre-trained models to detect spoofing attacks and to use LIME to explain the model's predictions. This paper focuses on a dataset of Spoof in Wild with Multiple Attacks Version 2 (SiWMv2), comprising 14 different spoofing techniques, ranging from replay attacks and makeup disguises with paper glasses to more complex ones. Seven pre-trained architectures, VGG16, DenseNet201, InceptionV3, VGG19, ResNet50, MobileNetV2, and Xception, are fine-tuned with the potential for actual automatic liveness identification in facial images. Deep learning approaches achieve superior detection performance against contemporary spoofing techniques. These techniques aim to enhance the interpretability of their predictions. Building on deep learning approaches, LIME is incorporated to improve transparency further. LIME provides visual explanations of the prediction to represent what features support the

computer science, information systems,telecommunications,engineering, electrical & electronic

LI Shengchun,DING Xiaoqing,Chen Yan

DOI: https://doi.org/10.3321/j.issn:1000-0054.1999.09.017

1999-01-01

Abstract:The paper presented a new method of online signature verification in PC windows environment. In this method, training part determines the alignment of two signature traces by normal dynamic programming matching. And based on this, the normal pattern, local stability and decision threshold were obtained from reference patterns. Verification part adopts weighted dynamic programming matching to overcome the faults of normal dynamic programming matching using in online signature verification. This new method has low computation and high performance, and correction of the test of reference patterns and nonprofessional forgeries reaches 92%.

Daile Osorio-Roig,Mahdi Ghafourian,Christian Rathgeb,Ruben Vera-Rodriguez,Christoph Busch,Julian Fierrez

2023-10-05

Abstract:Nowadays, facial recognition systems are still vulnerable to adversarial attacks. These attacks vary from simple perturbations of the input image to modifying the parameters of the recognition model to impersonate an authorised subject. So-called privacy-enhancing facial recognition systems have been mostly developed to provide protection of stored biometric reference data, i.e. templates. In the literature, privacy-enhancing facial recognition approaches have focused solely on conventional security threats at the template level, ignoring the growing concern related to adversarial attacks. Up to now, few works have provided mechanisms to protect face recognition against adversarial attacks while maintaining high security at the template level. In this paper, we propose different key selection strategies to improve the security of a competitive cancelable scheme operating at the signal level. Experimental results show that certain strategies based on signal-level key selection can lead to complete blocking of the adversarial attack based on an iterative optimization for the most secure threshold, while for the most practical threshold, the attack success chance can be decreased to approximately 5.0%.

Computer Vision and Pattern Recognition

Shouhuai Xu,Xiaohu Li,T. Paul Parker

DOI: https://doi.org/10.1145/1368310.1368358

2008-01-01

Abstract:ABSTRACTDigital signatures are an important security mechanism, especially when non-repudiation is desired. However, non-repudiation is meaningful only when the private signing keys and functions are adequately protected --- an assumption that is very difficult to accommodate in the real world because computers (and thus cryptographic keys and functions) could be relatively easily compromised. One approach to resolving, or at least alleviating, this problem is to use threshold cryptography. But how should such techniques be employed in the real world? In this paper we propose exploiting social networks whereby average users take advantage of their trusted ones to help secure their cryptographic keys. While the idea is simple from an individual user's perspective, we aim to understand the resulting systems from a whole-system perspective. Specifically, we propose and investigate two measures of the resulting systems: attack-resilience, which captures the security consequences due to the compromise of some computers and thus the compromise of the cryptographic key shares stored on them; availability, which captures the effect when computers are not always responsive (due to the peer-to-peer nature of social networks).

You Ji,Shiliang Sun,Jian Jin

DOI: https://doi.org/10.1007/978-3-642-21111-9_36

2011-01-01

Abstract:Off-line signature verification is very important to biometric authentication. This paper presents an effective strategy to perform off-line signature verification based on multitask support vector machines. This strategy can get a significant resolution of classification between skilled forgeries and genuine signatures. Firstly modified direction feature is extracted from signature's boundary. Secondly we use Principal Component Analysis to reduce dimensions. We add sonic helpful assistant tasks which are chosen from other tasks to each people's task. Then we use multitask support vector machines to build a useful model. The proposed model is evaluated on GPDS and MCYT data sets. Our experiments demonstrated the effectiveness of the proposed strategy.

Songxiang Liu,Haibin Wu,Hung-yi Lee,Helen Meng

DOI: https://doi.org/10.48550/arXiv.1910.08716

2019-10-19

Abstract:High-performance spoofing countermeasure systems for automatic speaker verification (ASV) have been proposed in the ASVspoof 2019 challenge. However, the robustness of such systems under adversarial attacks has not been studied yet. In this paper, we investigate the vulnerability of spoofing countermeasures for ASV under both white-box and black-box adversarial attacks with the fast gradient sign method (FGSM) and the projected gradient descent (PGD) method. We implement high-performing countermeasure models in the ASVspoof 2019 challenge and conduct adversarial attacks on them. We compare performance of black-box attacks across spoofing countermeasure models with different network architectures and different amount of model parameters. The experimental results show that all implemented countermeasure models are vulnerable to FGSM and PGD attacks under the scenario of white-box attack. The more dangerous black-box attacks also prove to be effective by the experimental results.

Audio and Speech Processing,Computation and Language

Xuechen Liu,Md Sahidullah,Kong Aik Lee,Tomi Kinnunen

DOI: https://doi.org/10.1109/taslp.2024.3358056

2024-01-01

Abstract:It is now well-known that automatic speaker verification (ASV) systems can be spoofed using various types of adversaries. The usual approach to counteract ASV systems against such attacks is to develop a separate spoofing countermeasure (CM) module to classify speech input either as a bonafide, or a spoofed utterance. Nevertheless, such a design requires additional computation and utilization efforts at the authentication stage. An alternative strategy involves a single monolithic ASV system designed to handle both zero-effort imposter (non-targets) and spoofing attacks. Such spoof-aware ASV systems have the potential to provide stronger protections and more economic computations. To this end, we propose to generalize the standalone ASV (G-SASV) against spoofing attacks, where we leverage limited training data from CM to enhance a simple backend in the embedding space, without the involvement of a separate CM module during the test (authentication) phase. We propose a novel yet simple backend classifier based on deep neural networks and conduct the study via domain adaptation and multi-task integration of spoof embeddings at the training stage. Experiments are conducted on the ASVspoof 2019 logical access dataset, where we improve the performance of statistical ASV backends on the joint (bonafide and spoofed) and spoofed conditions by a maximum of 36.2 and 49.8 in terms of equal error rates, respectively.

engineering, electrical & electronic,acoustics

Xiang Xu,Tianchen Zhao,Zheng Zhang,Zhihua Li,Jon Wu,Alessandro Achille,Mani Srivastava

2024-06-06

Abstract:Protecting digital identities of human face from various attack vectors is paramount, and face anti-spoofing plays a crucial role in this endeavor. Current approaches primarily focus on detecting spoofing attempts within individual frames to detect presentation attacks. However, the emergence of hyper-realistic generative models capable of real-time operation has heightened the risk of digitally generated attacks. In light of these evolving threats, this paper aims to address two key aspects. First, it sheds light on the vulnerabilities of state-of-the-art face anti-spoofing methods against digital attacks. Second, it presents a comprehensive taxonomy of common threats encountered in face anti-spoofing systems. Through a series of experiments, we demonstrate the limitations of current face anti-spoofing detection techniques and their failure to generalize to novel digital attack scenarios. Notably, the existing models struggle with digital injection attacks including adversarial noise, realistic deepfake attacks, and digital replay attacks. To aid in the design and implementation of robust face anti-spoofing systems resilient to these emerging vulnerabilities, the paper proposes key design principles from model accuracy and robustness to pipeline robustness and even platform robustness. Especially, we suggest to implement the proactive face anti-spoofing system using active sensors to significant reduce the risks for unseen attack vectors and improve the user experience.

Computer Vision and Pattern Recognition,Cryptography and Security