3,299 research outputs found
Biometric cryptosystem using online signatures
Biometric cryptosystems combine cryptography and biometrics to benefit from the strengths of both fields. In such systems, while cryptography provides high and adjustable security levels, biometrics brings in non-repudiation and eliminates the need to remember passwords or to carry tokens etc. In this work we present a biometric cryptosystems which uses online signatures, based on the Fuzzy Vault scheme of Jules et al. The Fuzzy Vault scheme releases a previously stored key when the biometric data presented for verification matches the previously stored template hidden in a vault. The online signature of a person is a behavioral biometric which is widely accepted as the formal way of approving documents, bank transactions, etc. As such, biometric-based key release using online signatures may have many application areas. We extract minutiae points (trajectory crossings, endings and points of high curvature) from online signatures and use those during the locking & unlocking phases of the vault. We present our preliminary results and demonstrate that high security level (128 bit encryption key length) can be achieved using online signatures
FLARE: Fingerprinting Deep Reinforcement Learning Agents using Universal Adversarial Masks
We propose FLARE, the first fingerprinting mechanism to verify whether a
suspected Deep Reinforcement Learning (DRL) policy is an illegitimate copy of
another (victim) policy. We first show that it is possible to find
non-transferable, universal adversarial masks, i.e., perturbations, to generate
adversarial examples that can successfully transfer from a victim policy to its
modified versions but not to independently trained policies. FLARE employs
these masks as fingerprints to verify the true ownership of stolen DRL policies
by measuring an action agreement value over states perturbed via such masks.
Our empirical evaluations show that FLARE is effective (100% action agreement
on stolen copies) and does not falsely accuse independent policies (no false
positives). FLARE is also robust to model modification attacks and cannot be
easily evaded by more informed adversaries without negatively impacting agent
performance. We also show that not all universal adversarial masks are suitable
candidates for fingerprints due to the inherent characteristics of DRL
policies. The spatio-temporal dynamics of DRL problems and sequential
decision-making process make characterizing the decision boundary of DRL
policies more difficult, as well as searching for universal masks that capture
the geometry of it.Comment: Will appear in the proceedings of ACSAC 2023; 13 pages, 5 figures, 7
table
Ownership Protection of Generative Adversarial Networks
Generative adversarial networks (GANs) have shown remarkable success in image
synthesis, making GAN models themselves commercially valuable to legitimate
model owners. Therefore, it is critical to technically protect the intellectual
property of GANs. Prior works need to tamper with the training set or training
process, and they are not robust to emerging model extraction attacks. In this
paper, we propose a new ownership protection method based on the common
characteristics of a target model and its stolen models. Our method can be
directly applicable to all well-trained GANs as it does not require retraining
target models. Extensive experimental results show that our new method can
achieve the best protection performance, compared to the state-of-the-art
methods. Finally, we demonstrate the effectiveness of our method with respect
to the number of generations of model extraction attacks, the number of
generated samples, different datasets, as well as adaptive attacks
- …