Análise de propriedades intrínsecas e extrínsecas de amostras biométricas para detecção de ataques de apresentação

Orientadores: Anderson de Rezende Rocha, Hélio PedriniTese (doutorado) - Universidade Estadual de Campinas, Instituto de ComputaçãoResumo: Os recentes avanços nas áreas de pesquisa em biometria, forense e segurança da informação trouxeram importantes melhorias na eficácia dos sistemas de reconhecimento biométricos. No entanto, um desafio ainda em aberto é a vulnerabilidade de tais sistemas contra ataques de apresentação, nos quais os usuários impostores criam amostras sintéticas, a partir das informações biométricas originais de um usuário legítimo, e as apresentam ao sensor de aquisição procurando se autenticar como um usuário válido. Dependendo da modalidade biométrica, os tipos de ataque variam de acordo com o tipo de material usado para construir as amostras sintéticas. Por exemplo, em biometria facial, uma tentativa de ataque é caracterizada quando um usuário impostor apresenta ao sensor de aquisição uma fotografia, um vídeo digital ou uma máscara 3D com as informações faciais de um usuário-alvo. Em sistemas de biometria baseados em íris, os ataques de apresentação podem ser realizados com fotografias impressas ou com lentes de contato contendo os padrões de íris de um usuário-alvo ou mesmo padrões de textura sintéticas. Nos sistemas biométricos de impressão digital, os usuários impostores podem enganar o sensor biométrico usando réplicas dos padrões de impressão digital construídas com materiais sintéticos, como látex, massa de modelar, silicone, entre outros. Esta pesquisa teve como objetivo o desenvolvimento de soluções para detecção de ataques de apresentação considerando os sistemas biométricos faciais, de íris e de impressão digital. As linhas de investigação apresentadas nesta tese incluem o desenvolvimento de representações baseadas nas informações espaciais, temporais e espectrais da assinatura de ruído; em propriedades intrínsecas das amostras biométricas (e.g., mapas de albedo, de reflectância e de profundidade) e em técnicas de aprendizagem supervisionada de características. Os principais resultados e contribuições apresentadas nesta tese incluem: a criação de um grande conjunto de dados publicamente disponível contendo aproximadamente 17K videos de simulações de ataques de apresentações e de acessos genuínos em um sistema biométrico facial, os quais foram coletados com a autorização do Comitê de Ética em Pesquisa da Unicamp; o desenvolvimento de novas abordagens para modelagem e análise de propriedades extrínsecas das amostras biométricas relacionadas aos artefatos que são adicionados durante a fabricação das amostras sintéticas e sua captura pelo sensor de aquisição, cujos resultados de desempenho foram superiores a diversos métodos propostos na literature que se utilizam de métodos tradicionais de análise de images (e.g., análise de textura); a investigação de uma abordagem baseada na análise de propriedades intrínsecas das faces, estimadas a partir da informação de sombras presentes em sua superfície; e, por fim, a investigação de diferentes abordagens baseadas em redes neurais convolucionais para o aprendizado automático de características relacionadas ao nosso problema, cujos resultados foram superiores ou competitivos aos métodos considerados estado da arte para as diferentes modalidades biométricas consideradas nesta tese. A pesquisa também considerou o projeto de eficientes redes neurais com arquiteturas rasas capazes de aprender características relacionadas ao nosso problema a partir de pequenos conjuntos de dados disponíveis para o desenvolvimento e a avaliação de soluções para a detecção de ataques de apresentaçãoAbstract: Recent advances in biometrics, information forensics, and security have improved the recognition effectiveness of biometric systems. However, an ever-growing challenge is the vulnerability of such systems against presentation attacks, in which impostor users create synthetic samples from the original biometric information of a legitimate user and show them to the acquisition sensor seeking to authenticate themselves as legitimate users. Depending on the trait used by the biometric authentication, the attack types vary with the type of material used to build the synthetic samples. For instance, in facial biometric systems, an attempted attack is characterized by the type of material the impostor uses such as a photograph, a digital video, or a 3D mask with the facial information of a target user. In iris-based biometrics, presentation attacks can be accomplished with printout photographs or with contact lenses containing the iris patterns of a target user or even synthetic texture patterns. In fingerprint biometric systems, impostor users can deceive the authentication process using replicas of the fingerprint patterns built with synthetic materials such as latex, play-doh, silicone, among others. This research aimed at developing presentation attack detection (PAD) solutions whose objective is to detect attempted attacks considering different attack types, in each modality. The lines of investigation presented in this thesis aimed at devising and developing representations based on spatial, temporal and spectral information from noise signature, intrinsic properties of the biometric data (e.g., albedo, reflectance, and depth maps), and supervised feature learning techniques, taking into account different testing scenarios including cross-sensor, intra-, and inter-dataset scenarios. The main findings and contributions presented in this thesis include: the creation of a large and publicly available benchmark containing 17K videos of presentation attacks and bona-fide presentations simulations in a facial biometric system, whose collect were formally authorized by the Research Ethics Committee at Unicamp; the development of novel approaches to modeling and analysis of extrinsic properties of biometric samples related to artifacts added during the manufacturing of the synthetic samples and their capture by the acquisition sensor, whose results were superior to several approaches published in the literature that use traditional methods for image analysis (e.g., texture-based analysis); the investigation of an approach based on the analysis of intrinsic properties of faces, estimated from the information of shadows present on their surface; and the investigation of different approaches to automatically learning representations related to our problem, whose results were superior or competitive to state-of-the-art methods for the biometric modalities considered in this thesis. We also considered in this research the design of efficient neural networks with shallow architectures capable of learning characteristics related to our problem from small sets of data available to develop and evaluate PAD solutionsDoutoradoCiência da ComputaçãoDoutor em Ciência da Computação140069/2016-0 CNPq, 142110/2017-5CAPESCNP

Spectrum Sensing and Mitigation of Primary User Emulation Attack in Cognitive Radio

The overwhelming growth of wireless communication has led to spectrum shortage issues. In recent days, cognitive radio (CR) has risen as a complete solution for the issue. It is an artificial intelligence-based radio which is capable of finding the free spectrum and utilises it by adapting itself to the environment. Hence, searching of the free spectrum becomes the key task of the cognitive radio termed as spectrum sensing. Some malicious users disrupt the decision-making ability of the cognitive radio. Proper selection of the spectrum scheme and decision-making capability of the cognitive reduces the chance of colliding with the primary user. This chapter discusses the suitable spectrum sensing scheme for low noise environment and a trilayered solution to mitigate the primary user emulation attack (PUEA) in the physical layer of the cognitive radio. The tag is generated in three ways. Sequences were generated using DNA and chaotic algorithm. These sequences are then used as the initial seed value for the generation of gold codes. The output of the generator is considered as the authentication tag. This tag is used to identify the malicious user, thereby PUEA is mitigated. Threat-free environment enables the cognitive radio to come up with a precise decision about the spectrum holes

Limites práticos de segurança da distribuição de chaves quânticas de variáveis contínuas

Discrete Modulation Continuous Variable Quantum Key Distribution (DM-CV-QKD) systems are very attractive for modern quantum cryptography, since they manage to surpass all Gaussian modulation (GM) system’s disadvantages while maintaining the advantages of using CVs. Nonetheless, DM-CV-QKD is still underdeveloped, with a very limited study of large constellations. This work intends to increase the knowledge on DM-CV-QKD systems considering large constellations, namely M-symbol Amplitude Phase Shift Keying (M-APSK) irregular and regular constellations. As such, a complete DM-CV-QKD system was implemented, con sidering collective attacks and reverse reconciliation under the realistic scenario, assuming Bob detains the knowledge of his detector’s noise. Tight security bounds were obtained considering M-APSK constellations and GM, both for the mutual information between Bob and Alice and the Holevo bound between Bob and Eve. M-APSK constellations with binomial distribution can approximate GM’s results for the secret key rate. Without the consideration of the finite size effects (FSEs), the regular constellation 256-APSK (reg. 32) with binomial distribution achieves 242.9 km, only less 7.2 km than GM for a secret key rate of 10¯⁶ photons per symbol. Considering FSEs, 256-APSK (reg. 32) achieves 96.4% of GM’s maximum transmission distance (2.3 times more than 4-PSK), and 78.4% of GM’s maximum compatible excess noise (10.2 times more than 4-PSK). Additionally, larger constellations allow the use of higher values of modulation variance in a practical implementation, i.e., we are no longer subjected to the sub-one limit for the mean number of photons per symbol. The information reconciliation step considering a binary symmetric channel, the sum-product algorithm and multi-edge type low den sity parity check matrices, constructed from the progressive edge growth algorithm, allowed the correction of keys up to 18 km. The consideration of multidimensional reconciliation allows 256-APSK (reg. 32) to reconcile keys up to 55 km. Privacy amplification was carried out considering the application of fast Fourier transforms to the Toeplitz extractor, being unable of extracting keys for more than, approximately, 49 km, almost haft the theoretical value, and for excess noises larger than 0.16 SNU, like the theoretical value.Os sistemas de distribuição de chaves quânticas com variáveis contínuas e modulação discreta (DM-CV-QKD) são muito atrativos para a criptografia quântica moderna, pois conseguem superar todas as desvantagens do sistema com modulação Gaussiana (GM) enquanto mantêm as vantagens do uso de CVs. No entanto, DM-CV-QKD ainda está subdesenvolvida, sendo o estudo de grandes constelações muito reduzido. Este trabalho pretende aumentar o conhecimento sobre os sistemas DM-CV-QKD com constelações grandes, nomeadamente as do tipo M-symbol Amplitude Phase Shift Keying (M-APSK) irregulares e regulares. Com isto, foi simulado um sistema DM-CV-QKD completo, considerando ataques coletivos e reconciliação reversa tendo em conta o cenário realista, assumindo que o Bob co nhece o ruído de seu detetor. Os limites de segurança foram obtidos considerando constelações M-APSK e GM, tanto para a informação mútua entre o Bob e a Alice, quanto para o limite de Holevo entre o Bob e a Eve. As constelações M-APSK com distribuição binomial aproximam-se à GM quanto à taxa de chave secreta. Sem considerar o efeito de tamanho finito (FSE), a constelação regular 256-APSK (reg. 32) com distribuição binomial atinge 242.9 km, apenas menos 7.2 km do que GM para uma taxa de chave secreta de 10¯⁶ fotões por símbolo. Considerando FSEs, a 256-APSK (reg. 32) atinge 96.4% da distância máxima de transmissão para GM (2.3 vezes mais que a 4-PSK), e 78.4% do valor máximo de excesso de ruído compatível para GM (10.2 vezes mais do que a 4-PSK). Adicionalmente, grandes constelações permitem o uso de valores mais altos de variância de modulação em implementações práticas, pelo que deixa de ser necessário um número de fotões por símbolo abaixo de um. A etapa de reconciliação de informação considerou um canal binário simétrico, o algoritmo soma-produto e matrizes multi-edge type low density parity check, construídas a partir do algoritmo progressive edge growth, permitindo a correção de chaves até 18 km. A consideração de reconciliação multidimensional permite que a 256-APSK (reg. 32) reconcilie chaves até 55 km. A amplificação de privacidade foi realizada considerando a aplicação de transformadas de Fourier rápidas ao extrator de Toeplitz, mostrando-se incapaz de extrair chaves para mais de, aproximadamente, 49 km, quase metade do valor teórico, e para excesso de ruído superior a 0.16 SNU, semelhante ao valor teórico.Mestrado em Engenharia Físic

The Internet of Everything

In the era before IoT, the world wide web, internet, web 2.0 and social media made people’s lives comfortable by providing web services and enabling access personal data irrespective of their location. Further, to save time and improve efficiency, there is a need for machine to machine communication, automation, smart computing and ubiquitous access to personal devices. This need gave birth to the phenomenon of Internet of Things (IoT) and further to the concept of Internet of Everything (IoE)

Physical-Layer Security Enhancement in Wireless Communication Systems

Without any doubt, wireless infrastructures and services have fundamental impacts on every aspect of our lives. Despite of their popularities, wireless communications are vulnerable to various attacks due to the open nature of radio propagation. In fact, communication security in wireless networks is becoming more critical than ever. As a solution, conventional cryptographic techniques are deployed on upper layers of network protocols. Along with direct attacks from lower layer, wireless security challenges come with the rapid evolution of sophisticated decipher techniques. Conventional security mechanisms are not necessarily effective against potential attacks from the open wireless environment anymore. As an alternative, physical-layer(PHY) security, utilizing unique features from lower layer, becomes a new research focus for many wireless communication systems. In this thesis, three mechanisms for PHY security enhancement are investigated. Beginning with a discussion on the security vulnerability in highly standardized infrastructures, the thesis proposed a time domain scrambling scheme of orthogonal frequency division multiplexing (OFDM) system to improve the PHY security. The method relies on secretly scrambling each OFDM symbol in time domain, resulting in constellation transformation in frequency domain, to hide transmission features. As a complement to existing secrecy capacity maximization based optimal cooperative jamming systems, a security strategy based on the compromised secrecy region (CSR) minimization in cooperative jamming is then proposed when instantaneous channel state information(CSI) is not available. The optimal parameters of the jammer are derived to minimize the CSR which exhibits high secrecy outage probability. At last, security enhancement of OFDM system in cooperative networks is also investigated. The function selection strategies of cooperative nodes are studied. Our approach is capable of enhancing the security of broadband communications by selecting the proper function of each cooperative node. Numerical results demonstrate the feasibility of three proposed physical layer security mechanisms by examining the communication reliability, achievable CSR and secrecy capacity respectively

IEEE 802.11 i Security and Vulnerabilities

Despite using a variety of comprehensive preventive security measures, the Robust Secure Networks (RSNs) remain vulnerable to a number of attacks. Failure of preventive measures to address all RSN vulnerabilities dictates the need for enhancing the performance of Wireless Intrusion Detection Systems (WIDSs) to detect all attacks on RSNs with less false positive and false negative rates

A Survey of Techniques for Improving Security of GPUs

Graphics processing unit (GPU), although a powerful performance-booster, also has many security vulnerabilities. Due to these, the GPU can act as a safe-haven for stealthy malware and the weakest `link' in the security `chain'. In this paper, we present a survey of techniques for analyzing and improving GPU security. We classify the works on key attributes to highlight their similarities and differences. More than informing users and researchers about GPU security techniques, this survey aims to increase their awareness about GPU security vulnerabilities and potential countermeasures