Biometric Authentication Revisited: Understanding the Impact of - - PowerPoint PPT Presentation

Biometric Authentication Revisited: Understanding the Impact of Wolves in Sheep’s clothing in Sheep’s clothing

Lucas Ballard, Fabian Monrose, Daniel Lopresti Presented by : Anuj Sawani

1

Biometrics

• What is it?

– identifying, or verifying a person based on

• Physiological characteristics
• Behavioral characteristics

Examples? – Examples?

• Biometric Authentication vs Identification

– “Am I who I claim to be?” – “Who am I?”

• Better than passwords?

2

Handwriting as a biometric

• Offline

– 2-D bitmap

• Online

Real-time data – Real-time data

• Signatures as a biometric?

Feature extraction Hash/Key

3

So, what’s with the menagerie?

• Sheep

– Easily accepted by the system

• Goats

Exceptionally unsuccessful at being accepted – Exceptionally unsuccessful at being accepted

• Lambs

– Exceptionally vulnerable to imitations

• Wolves

– Exceptionally successful at imitations

4

The Threat Model

• Exploiting poorly protected template

databases Eavesdropping communication between

• Eavesdropping communication between

sensor and the system

• Presenting artificially created samples to the

sensor

5

A neat idea – Concatenation attack

• Samples of user’s handwriting from other

contexts

• General samples of the style of writing

Feature analysis …

• Feature analysis …
• Generate the user’s handwriting synthetically!

6

Performance Statistics

False Accept Rate (FAR) False Reject Rate (FRR) Equal Error Rate (ERR)

7

Forgery styles

• Naïve

– Use other users’ writing as it was naturally rendered to forge the passphrase

• Naïve*

Naïve*

– Similar to Naïve, but uses similar writing styles

• Static

– Forgery using an image of the passphrase

• Dynamic

– Real-time rendering of the passphrase

8

Grooming the sheep into wolves

• 11,038 handwriting samples
• Incentives awarded to consistent writers,

“dedicated forgers” Three Rounds

• Three Rounds
• 1. Collect the samples
• 2. Static and Dynamic forging
• 3. Selected “trained” forgers

9

Handwriting features

• How difficult is the feature to forge?
• Signals – t, x(t), y(t), p(t)
• For every feature f

– rf missed by legitimate users – rf missed by legitimate users – af missed by forgers

• Quality metric

– Q = (af - rf + 1)/2

• Q = 0 – never reliably reproduced by users
• Q = 1 – never reproduced by forgers

10

The winning features

• The probability that the ith stroke of c1

connects c2

• Median gap between the adjacent characters

Median time between end of c and beginning

• Median time between end of c1 and beginning
• f c2
• Pen-up velocity
• A total of 36 good features out of 144

11

Algorithm to generate a known passphrase

• Select n-grams from different context such that

– g1 || g2 || … ||gk = passphrase

• Normalize t, x(t) and y(t) – match baselines
• Spatial adjustment of x(t)

– Use median gap feature

Fabricate p(t)

• Fabricate p(t)

– Use probability of connection feature – Delayed strokes pushed into stack

• Executed after each pen-up
• Add time delays

– Use median time feature – Use pen-up velocity and distance between strokes

12

The system at work…

• Used small sample set of 15 samples of user’s

writing

– Each character from passphrase exists in set – Does not include passphrase Does not include passphrase

• Also, used 15 samples of similar writing style
• The algorithm caused an EER of 27.4%

– Forgers caused an EER of 20.6%

• n-gram length < 2
• Used 6.67 of the samples on average

13

Conclusion

• Handwriting as a reliable biometric?

– Refutable

• Adversary has been under-estimated till now

Generative approach produces better

• Generative approach produces better

forgeries than trained humans

14

Take away Watch out for the next generation

• f wolves!

15