Vulnerabilities and Attack Protection in Security Systems Based on Biometric Recognition

Absolute security does not exist: given funding, willpower and the proper technology, every security system can be compromised. However, the objective of the security community should be to develop such applications that the funding, the will, and the resources needed by the attacker to crack the system prevent him from attempting to do so. This Thesis is focused on the vulnerability assessment of biometric systems. Although being relatively young compared to other mature and long-used security technologies, biometrics have emerged in the last decade as a pushing alternative for applications where automatic recognition of people is needed. Certainly, biometrics are very attractive and useful for the final user: forget about PINs and passwords, you are your own key. However, we cannot forget that as any technology aimed to provide a security service, biometric systems are exposed to external attacks which could compromise their integrity. Thus, it is of special relevance to understand the threats to which they are subjected and to analyze their vulnerabilities in order to prevent possible attacks and increase their benefits for the users. In this context, the present PhD Thesis pretends to give some insight into the difficult problem of biometric security evaluation through the systematic study of biometric systems vulnerabilities and the analysis of effective countermeasures that can minimize the effects of the detected threats, in order to increase the confidence of the final users in this thriving technology. This way, the experimental studies presented in this Dissertation can help to further develop the ongoing security evaluation standardization efforts, and may be used as guidelines to adapt the existing best practices in security evaluation to the specificities of particular security applications based on biometric recognition. The Thesis has been developed following the security through transparency principle, largely applied in other security related areas such as cryptography, which pleads for making security systems as public as possible. This paradigm relies on the fact that vulnerabilities exist regardless of their publication, therefore: let?s face the problems and find solutions for them (controlled risk before somebody else finds the way to take advantage of our secrets (unpredictable consequences). That is not to say that obscurity cannot provide any protection, rather that the protection is out of our control and most probably temporary. We believe that in order to make biometric devices and applications secure it is necessary to understand and assess the threats, and publicly report quantitative measures of the impact of these threats so that effective countermeasures, technical and procedural, can be issued if necessary. The problem of vulnerability assessment in biometric systems had already been addressed in some previous works, but in most cases not using a statistically significant approach, or any systematic and reproducible protocol. In this Dissertation, after summarizing the most relevant works related to the Thesis, we describe the security evaluation methodology that has been followed throughout the experimental chapters. These are dedicated to the vulnerability study of three commonly employed biometrics, namely: fingerprint, signature, and face; using the biometric data and benchmarks previously described. The experimental part of the Thesis starts with the security evaluation of fingerprint-based recognition systems against two different direct attacks: starting from a latent fingerprint and starting from a standard ISO minutiae template (this last study questions the widespread belief of minutiae templates non-reversibility). An indirect hill-climbing attack is also implemented and different countermeasures for the studied attacks are analyzed (a liveness detection method based on quality measures for the direct approaches, and a score quantization scheme for the hill-climbing algorithm). We then study the vulnerabilities of on-line signature recognition systems. Two type of indirect attacks are implemented: a novel hill-climbing attack based on Bayesian adaptation, and a brute-force attack carried out with synthetically generated signatures. The hill-climbing algorithm was used against a feature-based verification system and a comparative study between the most robust and the best performing features is presented as a way to increase its robustness against the attack. In the case of the brute force attack carried out with synthetically generated signatures, the experiments are performed by attacking real signature models obtained with a HMM-based recognition system with synthetic samples. The feasibility of using synthetic duplicated signatures in the enrollment stage to increase the robustness of the system against user intravariability, is studied as a countermeasure that can minimize the success chances of the brute-force attack. Finally, an evaluation of the robustness of two face recognition systems (one PCA-based and one working on GMMs) against the Bayesian-based hill-climbing attack is reported, and the effectiveness of score quantization as a way to reject the attack is explored. The experimental results show that the two face verification systems studied are highly vulnerable to this type of attacking approach, even when no real images are used to initialize the algorithm. Furthermore, the attack shows its ability to reconstruct the user?s real face image from the scores, thus arising security issues concerning the privacy of the client. The experimental evidence obtained from the evaluation of signature and face verification systems against this novel hill-climbing algorithm proves the ability of this attacking strategy to adapt to totally different environments and therefore its big attacking potential. The research work described in this Dissertation has led to novel contributions which include the development of three new methods for vulnerability assessment and attack protection of biometric systems, namely: i) a hill-climbing attack based on Bayesian adaptation, ii) an on-line signature synthetic generation method based on spectral analysis, and iii) a liveness detection approach for fingerprint recognition based on quality related features. Moreover, different original experimental studies have been carried out during the development of the Thesis (e.g., first time that a minutiae template is reverse engineered to generate a gummy finger). Besides, the research work completed throughout the Thesis has been complemented with the generation of several novel literature reviews and with the acquisition of new biometric data.