Zahid Akhtar - Ph.D. Defense Slides

PhD in Electronic and Computer Engineering

Security of Multimodal Biometric Systems
against Spoof Attacks

Zahid Akhtar

Advisor: Prof. Fabio Roli
Co-advisors: Dr. Giorgio Fumera
Dr. Gian Luca Marcialis

Pattern Recognition and Applications Group
Department of Electrical and Electronic Engineering
University of Cagliari, Italy

Outline

• Background concepts
 biometric systems and their security issues

• Contributions of this thesis
 Robustness evaluation of multimodal biometric systems against
real spoof attacks
 Proposed methods for security evaluation of multimodal
biometric systems against spoof attacks
 Experiments

• Conclusions and future works

06-03-2012 Security of Multimodal Biometric Systems against Spoof Attacks - Zahid Akhtar 2

Biometrics
• Examples of body traits that can be used for biometric recognition

Face Fingerprint Iris Hand geometry

Palmprint Signature Voice Gait


Biometric authentication systems
• Enrollment Phase

User Identity

XTemplate
Biometric `
Feature System
Sensor Extractor Database

User

• Verification Phase

Claimed user Identity
System Genuine
Database Yes
XTemplate
XQuery Score >
Biometric Feature
Sensor Extractor Matcher Threshold
Score
User
No
Impostor


Biometric authentication systems
• Unimodal Biometric System
Genuine
Yes

Biometric Feature Fingerprint Score >
Sensor Extractor Matcher Threshold
Score

System No
Impostor
Database

• Multimodal Biometric System

Biometric s1
Feature Face Genuine
Sensor Extractor Matcher Yes

Score Fusion Score >
System
Rule Threshold
Database Score
f(s1,s2)

Biometric Feature Fingerprint No
s2 Impostor
Sensor Extractor Matcher


Spoof (Direct) Attacks
• Spoof attacks
 attacks at the user interface (sensor)
 presentation of a fake biometric trait

• Countermeasures
 Liveness detection methods
 Multimodal biometric Systems  “intrinsically” robust?


State-of-the-art

• Vulnerability identification
 contrary to a common belief, a multimodal biometric system can be
evaded even if only one biometric trait is spoofed
[Rodrigues et al. JVLC 2009, Rodrigues et al. BTAS 2010, P. A. Jonhson et al. WIFS 2010]

• Robustness evaluation against spoof attacks
 evaluation under working worst-case hypothesis
 “worst-case” scenario, where it is assumed that the attacker is able to
fabricate a perfect replica of a biometric trait
 Fake scores are simulated under a worst-case scenario, resampling
genuine user scores
p(score|Impostor, spoofing) = p(score|Genuine)
6

5

4
p(score|Genuine)
3 p(score|Impostor)
p(score|Fake)
2

1

0
0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1
score


State-of-the-art

• Defense strategies against spoof attacks
 two robust fusion rule under a worst-case hypothesis [Rodrigues et al. JVLC 2009]

• No methodology exist to evaluate the performance of biometric systems
against real spoof attack


Open issues

1. Vulnerability identification against real spoof attacks
 vulnerability of multimodal biometric systems to real spoof attacks that
may be exploited by an attacker to mislead the system

2. Performance evaluation methods against spoof attacks
 standard performance evaluation does not provide information about the
security1 of a system against spoof attack

3. Robust system design
 current theory and design methods of biometric systems do not take into
account the vulnerability to such adversary attacks.

1 In this thesis, we will use both “security” and “robustness” terms interchangeably, to indicate performance of biometric systems against spoof attacks.


Main contributions of this thesis

1. Security of multimodal biometric systems against real spoof attacks
 to provide empirical proof that multimodal systems are not intrinsically
robust against real spoof attacks

2. Worst-case hypothesis validation
 to verify that current worst-case scenario is not realistic under “real”
attacks

3. Security evaluation method
 to provide an estimate of the performance of multimodal biometric system
against real spoof attack without fabrication of fake traits
 to select a more robust score fusion rule according to its performance
under spoof attack


Problems
• Can multimodal biometric systems be actually cracked by attacking only
one sensor via real spoof attacks?

 to validate the state-of-the-art results obtained under “worst-case” spoof
attack scenario

The scope of state-of-the-art results are very limited since they were
obtained by simulating the scores of spoofed traits under worst-case
scenario.


Problems
• Is the “worst-case” scenario hypothesized in literature for spoofing biometrics
representative of real spoof attacks?

 whether and to what extend the “worst-case” scenario is realistic

To what extent the drop in performance under the “worst-case” attack
scenario is representative of the performance under real spoof attacks.


Problems
• How can the security of multimodal systems be evaluated, under realistic
attacks, without fabricating spoofed traits?

 a current issue is to have a measurements of the performance drop under
spoofing attacks for uni and multimodal systems

 collecting “attack” samples is a non-trivial task

It is of interest to evaluate robustness of biometric systems under
different qualities of fake traits.


Experiments
• Multimodal system with face and fingerprint matchers

 Fingerprint: Bozorth3 (NIST) and Verifinger (Neurotechnology)

 Face: Elastic Bunch Graph Matching - EBGM

Biometric s1
Feature Face Genuine
Sensor Extractor Matcher Yes

Score Fusion Score >
System
Rule Threshold
Database Score
f(s1,s2)

Biometric Feature Fingerprint No
s2 Impostor
Sensor Extractor Matcher


Experiments
Score fusion rules

1. Sum s = s1 + s2
2. Product s = s1 × s2
3. Bayesian s = ( s1 × s2 ) / [(1- s1)(1- s2) + (s1 × s2)]
4. Weighted Sum (LDA) s = w0 + w1s1 × w2s2

5. Weighted Product s = s1w × s1−w
2

6. Perceptron s = 1 / 1 + exp[(w0 + w1s1 × w2s2)]
7. Likelihood ratio (LLR) s = p(s1,s2|G) / p(s1,s2|I)
€
8. Extended LLR (ExtLLR) p(s1,s2|I) = α
3 (1− c1 )(1+ c 2 ) p(s1 | G) p(s2 | I)
 explicitly models the distribution
of spoof attacks (worst-case) + α (1+ c1 )(1− c 2 ) p(s1 | I) p(s2 | G)
3
[Rodrigues et al. JVLC 2009]
+ α (1− c1 )(1− c 2 ) p(s1 | G) p(s2 | G)
3

€ [(1− α ) + α (c1 + c 2 + c1c 2 )]p(s1 | I) p(s2 | I)
3

€

Experiments
Fake biometric traits
• Fake fingerprints by “consensual method”
 mould: plasticine-like material
 cast: silicon, latex, gelatin and alginate

! ! !
Live Fake (latex) Fake (silicon)
! ! !

! ! !
• Fake faces by “photo-attack”, “personal photo attack” and “print-attack”
 photo displayed on a laptop screen to camera
 Personal photos (like those appearing an social networks)
 video clips of printed-photo attacks

! ! !
Live Fake (photo) Fake (personal )
! ! !

Experiments
Data sets

Data Set Number Number Number
of clients of spoofs of live
per client per client

Silicon 142 20 20
Latex 80 3 5
Gelatin 80 3 5
Alginate 80 3 5
Photo Attack 40 60 60
Personal Photo Attack 25 3(avg.) 60
Print Attack 50 12 16

 12 chimerical multimodal data sets with 8 fusion rules
 12 × 8 = 96 multimodal biometric systems


Robustness evaluation against real
spoof attacks


Experiments
Results

• can multimodal systems be cracked by attacking only one modality via real
spoof attacks?

 Fakes: latex (fingerprint) and photo (faces)
LDA
2 LLR
10 2
10

1
10 1
10
FRR (%)

FRR (%)
no spoof
fing.
0
10 face 0
10
both
w-fing.
w-face
−1
10 −1 −1
10 10
0
10
1
10
2 10 −1 0 1 2
FAR (%) 10 10 10 10
FAR (%)

 @1% FAR operational point (LDA):
FAR under attacks: 64.91% (fingerprint spoofing) and 2.17% (face spoofing)

Experiments
Results

 Fakes: silicon (fingerprint) and photo (faces)

Product LLR
2 2
10 10

1 1
10 10
FRR (%)

FRR (%)
fing. + face (no spoof)
fing.+ face spoof
0 fing. (no spoof) 0
10 fing. spoof 10
face (no spoof)
face spoof
−1 −1
10 −1 0 1 2
10 −1 0 1 2
10 10 10 10 10 10 10 10
FAR (%) FAR (%)

 however the considered multimodal systems are more robust than unimodal
ones, even when all biometric traits are spoofed

Zahid Akhtar, Battista Biggio, Giorgio Fumera, Gian Luca Marcialis, “Robustnessof Multi-modal Biometric Systems under Realistic Spoof Attacksagainst All Traits”, In
IEEE Workshop on Biometric Measurements and Systems for Security and Medical Applications (BioMS), pp. 5–10, 2011.

Worst-case hypothesis validation


Experiments
Results
• Is the “worst-case” scenario for spoofing biometrics representative of real
spoof attacks?

 Fakes: latex (fingerprint) and photo (faces)
LLR
2 Extended LLR
10 2
10

1
10 1
10
FRR (%)

FRR (%)
no spoof
0
fing.
10 face 0
10
both
w-fing.
w-face
−1
10 −1 −1
10 10
0
10
1
10
2 10 −1 0 1 2
FAR (%) 10 10 10 10
FAR (%)

 worst case assumption (dashed lines) holds to some extent for face spoofing
but not for fingerprint spoofing
Battista Biggio, Zahid Akhtar, Giorgio Fumera, Gian Luca Marcialis, FabioRoli, “Robustness of multi-modal biometric verification systems under realistic spoofing
attacks”, In International Joint Conference on Biometrics (IJCB), 2011.

Experiments
Results
• Matching score distributions

 Fake faces
photo personal photo
!"!% * !"!% *
+,-./-, +,-./-,
/0123425 /0123425
!"!) !"!)
678, 678,

!"!$ !"!$

!"!( !"!(

!"!# !"!#

!"!' !"!'

!* !*
! !"# !"$ !"% !"& ' ! !"# !"$ !"% !"& '

 Fake fingerprints
silicon
*+,-./''!01213/4)!0+15./3+67!8+*+91:
alginate
*+,-./''!01213/4)!0+15./3+67!7*8+97/
!"$ ; !"$ :
<.:=+:. 8.9;+9.
!")( +5>18/13 !")( +5<1=/13
?76. >76.
!") !")

!"#( !"#(

!"# !"#

!"'( !"'(

!"' !"'

!"!( !"!(

!; !:
! !"# !"$ !"% !"& ' ! !"# !"$ !"% !"& '


Experiments
Results

 Fakes: silicon (fingerprint) and personal photo (faces)

Extended LLR can be less robust than LLR to real fingerprint spoof attacks
LLR
2 Extended LLR
10 2
10

1
10 1
10
FRR (%)

FRR (%)
no spoof
0
fing.
10 face 0
10
both
w-fing.
w-face
−1
10 −1 −1
10 10
0
10
1
10
2 10 −1 0 1 2
FAR (%) 10 10 10 10
FAR (%)

Battista Biggio, Zahid Akhtar, Giorgio Fumera, Gian Luca Marcialis, FabioRoli, “Security evaluation of biometric authentication systems under realistic
spoofing attacks”, In IET Biometrics, In press, 2012.

Security evaluation method


Security evaluation

• Security evaluation is required to have a more complete understanding of
multimodal biometric systems’ performance

 to assess the robustness of the multimodal systems
 to design novel fusion rules robust to spoof attacks
 to choose the most robust fusion rule

• Fabricating spoof attacks may be very difficult task

 costly and time consuming

• We thus propose to simulate the effect of spoof attacks on corresponding
matching score distribution


Attack simulation

• Factors: biometric trait spoofed, matching algorithm, forgery techniques and ability

• Sets of matching scores from genuine users and impostors distributions are given

• Baseline assumptions

 worst-case for the system (best-case for the attacker)
 p(score|Fake) = p(score|Genuine)  State-of-the-art

 best-case for the system (worst-case for the attacker)
 p(score|Fake) = p(score|Impostor)

 intermediate cases
 p(score|Fake) lies between p(score|Genuine) and p(score|Impostor)


Attack simulation
• Models of spoof attacks match score distribution
Zahid Akhtar, Giorgio Fumera, Gian Luca Marcialis,
 based on baseline assumption and Fabio Roli, “Robustness Evaluation of Biometric
Systems under Spoof Attacks”, In 16th International
Conference Image Analysis and Processing (ICIAP),

• Parametric model pp.159–168, 2011.

 Fake: same parametric form as Genuine and Impostor ones

µFake = α µGenuine + (1- α) µImpostor
7
p(score|Genuine)

σFake = α σGenuine + (1- α) σImpostor 6
p(score|Impostor)

p(score|Fake)
5 α = 0.5
 α ∈ [0,1] : “Attack Strength”
4

 state-of-the-art (worst-case)  α = 1 3

2

• Non-Parametric model
1

scoreFake = (1 - α) scoreImpostor + α scoreGenuine 0
0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1
score


Security evaluation method
Training Phase Testing Phase Matchers not attacked
State-of-the-art 6

p(score|Fake) = p(score|Genuine) p(score|Genuine)
5
p(score|Impostor)
Matchers under attack 4
6

p(score|Genuine) 3
5
p(score|Impostor)
4
p(score|Fake) 2

1
3

Fused score distribution
0
0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1
2
score

6
1
Score Fusion
Threshold p(score|Genuine) Rule
5
p(score|Impostor) 0
0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1
score
multimodal biometric

accuracy
4

3 Our method system
2
Parametric
µFake = α µGenuine + (1- α) µImpostor
1
σFake = α σGenuine + (1- α) σImpostor
0
0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1
0 0.1 0.2 …………..…. 0.8 0.9 1
attack strength (α)
score

Non-parametric
scoreFake = (1 - α) scoreImpostor + α scoreGenuine

Matchers under attack Matchers not attacked
6 6

p(score|Genuine) p(score|Genuine)
5
p(score|Impostor) 5
p(score|Impostor)
p(score|Fake)
Zahid Akhtar, Giorgio Fumera, Gian Luca Marcialis 4 4

and Fabio Roli, “Robustness analysis of Likelihood 3 Score Fusion 3

Ratio score fusion rule for multi-modal biometric Rule
systems under spoof attacks”, In 45th IEEE Intl. 2 2

Carnahan Conference on Security Technology 1 1

(ICCST), pp. 237–244, 2011.
0 0
0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1
score score


Experiments
Results
• Matching score distributions

Fake faces: Photo Fake fingerprints: silicon
0.09 0.45
Genuine Genuine
0.08 Impostor Impostor
0.4
Fake Fake
0.07
0.35

0.06 0.3
Frequency

Frequency
0.05
0.25

0.04
0.2

0.03
0.15

0.02
0.1

0.01
0.05

0
0.4 0.5 0.6 0.7 0.8 0.9 1 0
score 0.49 0.5 0.51 0.52 0.53 0.54 0.55
score

 score distribution of fake trait is lying between Genuine and Impostor
distributions


Experiments
Results
• Can our method reasonably approximate a real fake score distribution?

 Hellinger Distance:
∈ [0 , 2]

 Non-parametric model
Data set Hellinger Distance α

Face 0.0939 0.9144
Fingerprint 0.4397 0.0522
Face System Fingerprint System
$ ! )!! !
67839:;0<=,-./0, 4561789.:;*+,-.*
1:>0=,-./0, /8<.;*+,-.*
# %!!

+ #!!
1/02304-5

/-.01.2+3

* (!!

) '!!

( &!!

!! !!
!"# !"## !"$ !"$# !"% !"%# !"& !"&# !"' !"'# ( !"#$% !"% !"%!% !"%& !"%&% !"%'
,-./0 *+,-.


Experiments
Results
• Does our method provide a good estimate of the performance under attacks?

 Performance measure: False Acceptance Rate (FAR)

 Performance estimation of unimodal biometric systems under spoof attack

100 100
the real Performance
the estimated performance by our model
90 90
the estimated performance by state!of!the!art

80 80
False Acceptance Rate ! FAR(%)

False Acceptance Rate ! FAR(%)
70 70

60 60

50 50

40 40

30 30

20 the real Performance 20

the estimated performance by our model
10 10
the estimated performance by state!of!the!art

0 0
0.5 0.51 0.52 0.53 0.54 0.55 0.56 0.57 0.58 0.59 0.6
0.5 0.55 0.6 0.65 0.7 0.75 0.8 0.85 0.9 0.95 1
Threshold
Threshold


Experiments
Results
 Comparison with the worst-case spoof attacks

Operational Real Approximated Approximated
Point FAR FAR FAR
(our model) (worst-case assumption)
Face zeroFAR 4.80 4.20 11.40
System 1%FAR 23.50 23.30 24.30
Fingerprint zeroFAR 50.60 62.50 94.80
System 1%FAR 60.00 80.80 95.10


Experiments
Results
 Performance estimation of multimodal biometric systems under spoof attack
!"" ! #!! !
:0549947? ;165::58@
*" -.415/800@549947?5<@47.> +! ./5260911A65::58@6=AB;C/.9.B;:?
/ABC149.25/800@549947?5<@47.> 0BDE25:/360911A65::58@6=AB;C/.9.B;:?
#" *!
341/.5677.894:7.5;49.5!536;<=>

4520/6788/9:5;8/6<5:/6!647<=>?
)" )!

$" (!

(" '!

%" &!

'" %!

&" $!

!" #!

"!
!# !$ !% !& "
!!
!" !" !" !" !" ! !"# !"$ !"% !"& !"' !"( !") !"* !"+ #
+,-./,012 ,-./0-123

 Comparison with the worst-case spoof attacks
Operational Real Approximated Approximated
Point FAR FAR FAR
(our model) (worst-case assumption)
Face zeroFAR 2.51 2.70 5.91
System 1%FAR 5.13 8.93 11.24
Fingerprint zeroFAR 5.20 4.83 95.05
System 1%FAR 6.27 6.35 98.01

Experiments
Case study
• Robustness analysis of likelihood ratio score fusion rule using parametric
model

 a bi-modal system using LLR fusion rule with Gaussian distribution

p(s1 | G) p(s2 | G)  σ σ  1 (s − µ ) 2 (s − µ ) 2 (s − µ ) 2 (s − µ ) 2 
z(s1,s2 ) = log = log I s 1 I s 2  +  1 2 I s1 + 2 2 I s 2 − 1 2 Gs1 − 2 2 Gs 2 
σ σ  2  σ
p(s1 | I) p(s2 | I)  Gs 1 Gs 2   I s1 σ Is2 σ Gs1 σ Gs 2 

z(s1,s2 ) − log t = As12 + Bs1s2 + Cs2 + Ds1 + Es2 + F
2

€ €
z(s1,s2 ) − log t = 0

€  B2 - 4AC < 0 : an ellipse
 B2 - 4AC = 0 : a parabola FAR(t) = ∫∫ G
p(s1 | I) p(s2 | I)ds1ds2
€  B2 - 4AC > 0 : an hyperbola
 FAR under spoof attack: when only matcher 1 is spoofed
€
FAR(t) = ∫∫G p(s1 | F) p(s2 | I)ds1ds2


Experiments
Data sets

• NIST Biometric score set Release 1(BSSR1)

 two different face matchers (C & G)

 one fingerprint matchers (LI & RI)

 no. of clients: 517
 for each client 1 genuine & 516 impostor samples

• Four multimodal systems: G-RI, G-LI, C-RI, and C-LI

• α (attack strength) values: 0 (best-case) to 1 (worst-case) scenario


Experiments
Results

 Performance measure: False Acceptance Rate (FAR)
 α = 0  absence of attacks
 α = 1  worst-case scenario (state-of-the-art)

At 0.01% FAR operational point At 1% FAR operational point
$ $
#! ! #! !

,-78/09::/;2-4:/0<-2/0!0,9<0=>?
,-78/09::/;2-4:/0<-2/0!0,9<0=>?

#
#!

#
! #!
#!

!#
#!

@@<0!0,A45/3;3A4201;BBC/D
@@<0!0,A45/3;3A4201;BBC/D
@@<0!0,-:/01;BBC/D
@@<0!0,-:/01;BBC/D !
#! !
!$
#! ! ! !"# !"$ !"% !"& !"' !"( !") !"* !"+ #
! !"# !"$ !"% !"& !"' !"( !") !"* !"+ # ,-./0123/4526
,-./0123/4526

 FAR under attacks increases as the fake strength increases


Experiments
Results

At 0.01% FAR operational point At 1% FAR operational point
$ $
#! ! #! !

,-78/09::/;2-4:/0<-2/0!0,9<0=>?
,-78/09::/;2-4:/0<-2/0!0,9<0=>?

#
#!

#
! #!
#!

!#
#!

@@<0!0,A45/3;3A4201;BBC/D
@@<0!0,A45/3;3A4201;BBC/D
@@<0!0,-:/01;BBC/D
@@<0!0,-:/01;BBC/D !
#! !
!$
#! ! ! !"# !"$ !"% !"& !"' !"( !") !"* !"+ #
! !"# !"$ !"% !"& !"' !"( !") !"* !"+ # ,-./0123/4526
,-./0123/4526

 fingerprint spoofing: FAR increases very quickly

 face spoofing: relatively a more graceful increase of FAR

 multimodal biometric systems can be vulnerable to spoof attacks against only
one matcher

Score fusion rules ranking method


Score fusion rule ranking method
Training Phase Testing Phase
Our method
6
Threshold p(score|Genuine)
Parametric 5
p(score|Impostor)
µFake = α µGenuine + (1- α) µImpostor 4
p(score|Fake)
σFake = α σGenuine + (1- α) σImpostor 3

Non-parametric 2

scoreFake = (1 - α) scoreImpostor + α scoreGenuine 1

0
0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1
score

Fused score distribution Matchers under attack
6 6

Threshold p(score|Genuine) p(score|Genuine)
5
p(score|Impostor) 5
p(score|Impostor)
4 4
p(score|Fake)

3 3

2 2

1 1 1 Rule 1 Rule 1

0 0 2 Rule 2 Rule 2

ranking
0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1
score
score
Score Fusion 3 Rule 3 …………..…. Rule 3
Matchers not attacked Rules

……..….

……..….

……..….
6

p(score|Genuine)
5
p(score|Impostor)
4

3 0 0.1 0.2 …………..…. 0.8 0.9 1
Zahid Akhtar, Giorgio Fumera, Gian Luca attack strength (α)
2
Marcialis and Fabio Roli, “Evaluation of
multimodal biometric score fusion rules 1

under spoof attacks”, In 5th IAPR/IEEE 0

Intl. Conf. on Biometrics (ICB), 2012. 0 0.1 0.2 0.3 0.4 0.5
score
0.6 0.7 0.8 0.9 1


Experiments
Results
• Ranking of fusion rules according to their FAR under real spoof attacks


Face Spoofing Fingerprint Spoofing
zeroFAR 1% FAR zeroFAR 1% FAR
FAR(%) Rules FAR(%) Rules FAR(%) Rules FAR(%) Rules

0.04 ExtLLR 2.26 ExtLLR 0.00 Bayesian 1.05 Bayesian
0.05 LLR 2.29 LLR 0.00 Sum 1.15 Sum
0.27 W. Product 10.72 W. Product 0.00 Product 1.33 Product
0.48 W. Sum 18.37 W. Sum 24.56 W. Sum 42.59 W. Sum
1.30 Perceptron 20.95 Perceptron 27.73 Perceptron 44.11 Perceptron
6.75 Bayesian 23.47 Bayesian 34.87 W. Product 51.10 W. Product
6.80 Sum 23.49 Sum 50.42 ExtLLR 60.31 ExtLLR
6.82 Product 23.57 Product 50.43 LLR 60.32 LLR

 our method always predicted the correct ranking corresponding to the optimal
α value


Experiments
Results


 Optimal α values : face  0.9144 fingerprint  0.0522

Face spoofing Fingerprint spoofing
! !

# #

$ $

:.;4<9.5 % :.;4<9.5
%
2=> 2=>
?3@A=/-

8.50956
?3@A=/- &
8.50956

&
B"12=> B"12=>
?43/4C-3@5
?43/4C-3@5 '
' B"1?3@A=/-
B"1?3@A=/-
DE-FF8
DE-FF8 (
( FF8
FF8
)
)

*
*

!
! ! !"# !"$ !"% !"& !"' !"( !") !"* !"+ #
! !"# !"$ !"% !"& !"' !"( !") !"* !"+ # ,--./012-3456-7
,--./012-3456-7

 fingerprint spoofing
 predicted ranking of each rule remains constant
 bayesian rule always exhibits the best ranking


Experiments
Results


 Optimal α values : face  0.9144 fingerprint  0.0522

Face spoofing Fingerprint spoofing
! !

# #

$ $

:.;4<9.5 % :.;4<9.5
%
2=> 2=>
?3@A=/-

8.50956
?3@A=/- &
8.50956

&
B"12=> B"12=>
?43/4C-3@5
?43/4C-3@5 '
' B"1?3@A=/-
B"1?3@A=/-
DE-FF8
DE-FF8 (
( FF8
FF8
)
)

*
*

!
! ! !"# !"$ !"% !"& !"' !"( !") !"* !"+ #
! !"# !"$ !"% !"& !"' !"( !") !"* !"+ # ,--./012-3456-7
,--./012-3456-7

 face spoofing
 two different rankings are predicted: one for α < 0.5, and the other α ≥ 0.5
 weighted sum or weighted product rule can be reasonable choice


Conclusions and future works

• Multimodal biometric systems are not intrinsically robust

• Multimodal systems can be more robust than unimodal systems

• Worst-case hypothesis does not hold in real scenarios

• Methodology for security evaluation without fabrication of spoof attacks

 two models for fake score distribution based on the concept of “Attack
strength”

 developed models are a good alternative to the worst-case assumption

• Methodology for Ranking the score fusion rule under spoof attacks


Conclusions and future works
• Experimental results provide useful insights for the design of robust multimodal
biometric systems

• Future works

 more accurate modelling and simulation of fake score distributions

 extensive validation of our models on data sets with significant spoof
attacks of different biometric traits

 development of robust score fusion rules


Thank you


Zahid Akhtar - Ph.D. Defense Slides

More Related Content

What's hot

Similar to Zahid Akhtar - Ph.D. Defense Slides

More from Pluribus One

Recently uploaded

Zahid Akhtar - Ph.D. Defense Slides