Generative Fingerprint Augmentation against Membership Inference Attacks

openThis thesis aspires to provide a privacy protection mechanism for neural networks concerning fingerprints. Biometric identifiers, especially fingerprints, have become crucial in the last several years, from banking operations to daily smartphone usage. Using generative adversarial networks (GANs), we train models specialized in compressing and decompressing (Codecs) images in order to augment the data these models used during the learning process to provide additional privacy preservation over the identity of the fingerprints found in such datasets. We test and analyze our framework with custom membership inference attacks (MIA) to assess the quality of our defensive mechanism.This thesis aspires to provide a privacy protection mechanism for neural networks concerning fingerprints. Biometric identifiers, especially fingerprints, have become crucial in the last several years, from banking operations to daily smartphone usage. Using generative adversarial networks (GANs), we train models specialized in compressing and decompressing (Codecs) images in order to augment the data these models used during the learning process to provide additional privacy preservation over the identity of the fingerprints found in such datasets. We test and analyze our framework with custom membership inference attacks (MIA) to assess the quality of our defensive mechanism

Interaction evaluation of a mobile voice authentication system

Biometric recognition is nowadays widely used in smartphones, making the users' authentication easier and more transparent than PIN codes or patterns. Starting from this idea, the EU project PIDaaS aims to create a secure authentication system through mobile devices based on voice and face recognition as two of the most reliable and user-accepted modalities. This work introduces the project and the first PIDaaS usability evaluation carried out by means of the well-known HBSI model In this experiment, participants interact with a mobile device using the PIDaaS system under laboratory conditions: video recorded and assisted by an operator. Our findings suggest variability among sessions in terms of usability and feed the next PIDaaS HCI design

Evaluation methodologies for security testing biometric systems beyond technological evaluation

The main objective of this PhD Thesis is the specification of formal evaluation methodologies for testing the security level achieved by biometric systems when these are working under specific contour conditions. This analysis is conducted through the calculation of the basic technical biometric system performance and its possible variations. To that end, the next two relevant contributions have been developed. The first contribution is the definition of two independent biometric performance evaluation methodologies for analysing and quantifying the influence of environmental conditions and human factors respectively. From the very beginning it has been claimed and demonstrated that these two contour conditions are the most significant parameters that may affect negatively the biometric performance. Nevertheless, in spite of ISO/IEC 19795 standard [ISO'06b], which addresses biometric performance testing and reporting, being published in 2006, no evaluation methodology for assessing such adverse effects has been implemented yet. Therefore, this dissertation proposes both methodologies which have been defined in accordance to the following requirements: - should be general and modality independent for covering the analysis of all kind of biometric systems; - should conform to the principles and requirements already defined in ISO/IEC 19795 multipart standard; and - should provide requirements and procedures to accurately define the evaluation conditions to be tested, conduct reproducible test methods and obtain objective and intercomparable results. The second relevant contribution is the development of detailed guidelines for addressing how to conduct biometric performance evaluations in compliance with Common Criteria [CC]. Common Criteria is currently the only international recognised evaluation framework with which developers have to analyse and demonstrate the level of security achieved by their products. However, the applicability of this methodology to biometrics needs the specification of supplementary guidelines. As a consequence, this dissertation proposes such guidelines which have been specified according to the following requirements: - should be independent of any biometric modality; - should be based on previous works published in this topic BTSE [BTSE'01], BEM [BEM'02] and the ISO/IEC 19792 international standard which addresses security evaluation of biometric system; - should conform to the last version of both Common Criteria and the ISO/IEC 19795 multipart standards; and - should cover those kinds of biometric performance evaluations that can be repeatable, i.e. technology and scenario evaluations as well as the Common Criteria evaluation activities involved in the execution of such test procedures. As for the evaluation of the security of biometric systems there is the need of determine their performance, and as such performance also depends on contour conditions, both evaluation methodologies (i.e. environmental and human factors) and Common Criteria guidelines, are merged in order to provide improved evaluation methodology for the security of biometric systems. ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------El objetivo principal de esta Tesis Doctoral es la especificación de metodologías de evaluación formales para analizar el nivel de seguridad alcanzado por los sistemas biométricos cuando estos se encuentran trabajando bajo condiciones de contorno específicas. Este análisis se realiza a través del cálculo del rendimiento técnico básico del sistema biométrico y sus posibles variaciones. A tal efecto, se han elaborado las siguientes contribuciones. En primer lugar, se han especificado dos metodologías de evaluación de rendimiento biométrico de manera independiente para analizar y cuantificar la influencia de las condiciones ambientales y los factores humanos, respectivamente. Desde los primeros estudios sobre rendimiento biométrico, se ha afirmado y demostrado que éstos son los parámetros más significativos que pueden afectar negativamente al rendimiento biométrico. No obstante, a pesar de que la norma ISO/IEC 19795 que regula la evaluación y documentación del rendimiento de los sistemas biométricos fue publicada en 2006, ninguna metodología que evalúe dichos efectos adversos ha sido implementada hasta el momento. Por lo tanto la presente Tesis Doctoral propone ambas metodologías, las cuáles han sido definidas conforme a las siguientes condiciones: - son de carácter general e independientes de cualquier modalidad biométrica para cubrir el análisis de todo tipo de sistemas biométricos, - cumplen con los principios y requisitos previamente definidos en la norma internacional ISO/IEC 19795 [ISO'06b], y - proporcionan requisitos y procedimientos detallados para: definir las condiciones de los ensayos, efectuar métodos de ensayo reproducibles y obtener resultados objetivos e intercomparables. En segundo lugar, se han desarrollado directrices específicas que abordan la forma de realizar evaluaciones de rendimiento biométrico conforme a "Common Criteria for IT security evaluation" (conocido habitualmente como "Common Criteria" [CC]). Common Criteria es actualmente el único marco de evaluación internacionalmente reconocido del que disponen los desarrolladores de sistemas biométricos para analizar y demostrar el nivel de seguridad que alcanzan sus productos. Sin embargo, la aplicación de esta metodología a la tecnología biométrica requiere la especificación de pautas complementarias. Por consiguiente, esta Tesis Doctoral propone tales pautas o directrices, las cuáles se han especificado de acuerdo con los siguientes requisitos: - son independientes de cualquier modalidad biométrica, - se basan en los trabajos previos que ya han sido publicados en esta área tales como BTSE [BTSE'01], BEM [BEM'02] y el estándar internacional ISO/IEC 19792 [ISO'09a] que regula la evaluación de seguridad de los sistemas biométricos, - son conformes a las últimas versiones tanto de Common Criteria como de la norma internacional ISO/IEC 19795, y - cubren tanto el tipo de evaluaciones de rendimiento biométrico que pueden ser repetibles, es decir las evaluaciones tecnológicas y de escenario, como las actividades de evaluación establecidas por la norma Common Criteria que conllevan la realización de dichos procedimientos de test. Debido a que es necesario determinar el rendimiento de los sistemas biométricos para evaluar su seguridad, y ya que dicho rendimiento depende de distintas condiciones de contorno, las dos metodologías de evaluación previamente definidas (condiciones ambientales y factores humanos) se han unido con las directrices de Common Criteria, para así conseguir una mejora sustancial en la metodología de evaluación de la seguridad de los sistemas biométricos

A Comparative Study Of Different Types Of Mother Wavelets For Heartbeat Biometric Verification System

Recently, advanced biometric technology is turning to the use of electrocardiograms (ECG) signal as new modality for verification system. The ECG signal contains sufficient information to verify an individual as it is unique to everyone. One of the feasible methods to extract the salient information from ECG signal for verification is by using wavelet transform. However, there is a challenge in implementing it as different types and orders of mother wavelet used will yield different verification performance. Therefore, in this study, a comparative study is done so as to investigate the optimum type and order of mother wavelet that represents the best feature for the verification system. Three different types of mother wavelets i.e. Symlet, Daubechies and Coiflet with order ranging from one to five have been studied in this research. The extracted features are then trained by using SVM classifier to generate a model to verify the features. The performance of the ECG biometric verification system is evaluated with the Receiver Operating Characteristic (ROC) plot and Equal Error Rate (EER). Experimental result showed that the developed system achieves the best performance when the 3rd order Coiflet is used as feature with an EER score of 10.755% is achieved

Vascular Biometric System Focused On the Identification of the Venous Map through Image Processing

El siguiente artículo muestra el diseño, implementación y ejecución de un sistema biométrico basado en la detección de las venas de la mano, usado como medio de autenticación y confirmación de identidad. El sistema se basa en la generación de un mapa venoso del dorso de la mano de la persona a identificar, mediante el uso de unos leds infrarrojos, se realzan las venas en la mano y se captura una imagen a la cual se le realiza un procesamiento de imágenes necesario para llegar a una matriz de identificación del sujeto, al obtener la matriz con los parámetros necesarios para realizar las validaciones de la identidad necesarias mediante un algoritmo de inteligencia artificial que realice una comparación con la población objeto a identificar; como resultado se tiene un sistema que identifica a una persona dentro de una población listada en una base de datos y una interfaz gráfica que ayuda con la identificaciónThe following article shows the design, implementation and execution of a biometric system based on the detection of the hands of the hand, used as a means of authentication and identity confirmation. The system is based on the generation of a venous map of the back of the hand of the person to be identified, through the use of infrared lenses, the veins are highlighted in the hand and an image is captured, which is processed of images necessary to arrive at an identification matrix of the subject, to obtain the matrix with the necessary parameters to carry out the validations of the necessary identity through an artificial intelligence algorithm that makes a comparison with the target population to be identified; as a result it has a system that identifies a person within a population listed in a database and a graphical interface that helps with identificatio

Securing voice communications using audio steganography

Although authentication of users of digital voice-based systems has been addressed by much research and many commercially available products, there are very few that perform well in terms of both usability and security in the audio domain. In addition, the use of voice biometrics has been shown to have limitations and relatively poor performance when compared to other authentication methods. We propose using audio steganography as a method of placing authentication key material into sound, such that an authentication factor can be achieved within an audio channel to supplement other methods, thus providing a multi factor authentication opportunity that retains the usability associated with voice channels. In this research we outline the challenges and threats to audio and voice-based systems in the form of an original threat model focusing on audio and voice-based systems, we outline a novel architectural model that utilises audio steganography to mitigate the threats in various authentication scenarios and finally, we conduct experimentation into hiding authentication materials into an audible sound. The experimentation focused on creating and testing a new steganographic technique which is robust to noise, resilient to steganalysis and has sufficient capacity to hold cryptographic material such as a 2048 bit RSA key in a short audio music clip of just a few seconds achieving a signal to noise ratio of over 70 dB in some scenarios. The method developed was seen to be very robust using digital transmission which has applications beyond this research. With acoustic transmission, despite the progress demonstrated in this research some challenges remain to ensure the approach achieves its full potential in noisy real-world applications and therefore the future research direction required is outlined and discussed

C-BET evaluation of voice biometrics

Abstract-C-BET is the Comprehensive Biometrics Evaluation Toolkit developed by CBSA in order to analyze the suitability of biometric systems for fully-automated border/access control applications. Following the multiorder score analysis and the threshold-validated analysis defined within the C-BET framework, the paper presents the results of the C-BET evaluation of a commercial voice biometric product. In addition to error tradeoff and ranking curves traditionally reported elsewhere, the paper presents the results on the newly introduced performance metrics: threshold-validated recognition ranking and non-confident decisions due to multiple threshold-validated scores. The results are obtained on over a million voice audio clip comparisons. Good biometric evaluation practices offered within C-BET framework are presented

A Survey on Modality Characteristics, Performance Evaluation Metrics, and Security for Traditional and Wearable Biometric Systems

Biometric research is directed increasingly towards Wearable Biometric Systems (WBS) for user authentication and identification. However, prior to engaging in WBS research, how their operational dynamics and design considerations differ from those of Traditional Biometric Systems (TBS) must be understood. While the current literature is cognizant of those differences, there is no effective work that summarizes the factors where TBS and WBS differ, namely, their modality characteristics, performance, security and privacy. To bridge the gap, this paper accordingly reviews and compares the key characteristics of modalities, contrasts the metrics used to evaluate system performance, and highlights the divergence in critical vulnerabilities, attacks and defenses for TBS and WBS. It further discusses how these factors affect the design considerations for WBS, the open challenges and future directions of research in these areas. In doing so, the paper provides a big-picture overview of the important avenues of challenges and potential solutions that researchers entering the field should be aware of. Hence, this survey aims to be a starting point for researchers in comprehending the fundamental differences between TBS and WBS before understanding the core challenges associated with WBS and its design