skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: A Trustworthy Authentication Against Visual Master Face Dictionary Attacks (Trauma)
Facial Recognition Systems (FRS) have become one of the most viable biometric identity authentication approaches in supervised and unsupervised applications. However, FRSs are known to be vulnerable to adversarial attacks such as identity theft and presentation attacks. The master face dictionary attacks (MFDA) leveraging multiple enrolled face templates have posed a notable threat to FRS. Federated learning-based FRS deployed on edge or mobile devices are particularly vulnerable to MFDA due to the absence of robust MF detectors. To mitigate the MFDA risks, we propose a trustworthy authentication system against visual MFDA (Trauma). Trauma leverages the analysis of specular highlights on diverse facial components and physiological characteristics inherent to human faces, exploiting the inability of existing MFDAs to replicate reflective elements accurately. We have developed a feature extractor network that employs a lightweight and low-latency vision transformer architecture to discern inconsistencies among specular highlights and physiological features in facial imagery. Extensive experimentation has been conducted to assess Trauma’s efficacy, utilizing public GAN-face detection datasets and mobile devices. Empirical findings demonstrate that Trauma achieves high detection accuracy, ranging from 97.83% to 99.56%, coupled with rapid detection speeds (less than 11 ms on mobile devices), even when confronted with state-of-the-art MFDA techniques.  more » « less
Award ID(s):
2306109
PAR ID:
10594812
Author(s) / Creator(s):
; ;
Publisher / Repository:
IEEE
Date Published:
ISBN:
979-8-3503-4939-9
Page Range / eLocation ID:
3230 to 3235
Format(s):
Medium: X
Location:
Abu Dhabi, United Arab Emirates
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; ; ; (, ACM Computing Surveys)
    null (Ed.)
    In recent years, biometrics (e.g., fingerprint or face recognition) has replaced traditional passwords and PINs as a widely used method for user authentication, particularly in personal or mobile devices. Differing from state-of-the-art biometrics, heart biometrics offer the advantages of liveness detection, which provides strong tolerance to spoofing attacks. To date, several authentication methods primarily focusing on electrocardiogram (ECG) have demonstrated remarkable success; however, the degree of exploration with other cardiac signals is still limited. To this end, we discuss the challenges in various cardiac domains and propose future prospectives for developing effective heart biometrics systems in real-world applications. 
    more » « less
  2. ; (, IEEE Internet of Things Journal)
    null (Ed.)
    The Host Identity Protocol (HIP) has emerged as the most suitable solution to uniquely identify smart devices in the mobile and distributed Internet of Things (IoT) systems, such as smart cities, homes, cars, and healthcare. The HIP provides authentication methods that enable secure communications between HIP peers. However, the authentication methods provided by the HIP cannot be adopted by the IoT devices with limited processing power because of the computation-intensive cryptographic operations involved in hash generation, signature validation, and session key establishment. Moreover, IoT devices cannot utilize the HIP as is to communicate securely in the low power and lossy networks as there is a considerable communication overhead, such as packet fragmentation and reassembly, for exchanging certificates over a lossy link. Additionally, the use of static host identifiers makes IoT devices vulnerable to cyber espionage and user-targeted attacks. In this article, we propose an authentication scheme, P-HIP, that protects the identity privacy of an IoT device by enabling the device to compute and use unique host identifiers from networks to networks and sessions to sessions. To make the HIP suitable for resource-constrained IoT devices, P-HIP provides methods that unburden IoT devices from computation-intensive operations, such as modular exponentiation, involved in authentication and session-key exchange. Additionally, P-HIP minimizes the communication overheads for exchanging certificates in lossy networks. We implement a prototype of P-HIP on Contiki enabled IoT that shows P-HIP can reduce computation costs, communication overheads, and the session-key establishment time when used by low-powered devices in a lossy network. 
    more » « less
  3. ; ; ; (, IEEE Internet of Things Journal)
    Voice biometrics is drawing increasing attention to user authentication on smart devices. However, voice biometrics is vulnerable to replay attacks, where adversaries try to spoof voice authentication systems using pre-recorded voice samples collected from genuine users. To this end, we propose VoiceGesture, a liveness detection solution for voice authentication on smart devices such as smartphones and smart speakers. With audio hardware advances on smart devices, VoiceGesture leverages built-in speaker and microphone pairs on smart devices as Doppler Radar to sense articulatory gestures for liveness detection during voice authentication. The experiments with 21 participants and different smart devices show that VoiceGesture achieves over 99% and around 98% detection accuracy for text-dependent and text-independent liveness detection, respectively. Moreover, VoiceGesture is robust to different device placements, low audio sampling frequency, and supports medium range liveness detection on smart speakers in various use scenarios, including smart homes and smart vehicles. 
    more » « less
  4. (, Who Are You?! Adventures in Authentication Workshop)
    Password-based mobile user authentication is vulnerable to a variety of security threats. Shoulder-surfing is the key to those security threats. Despite a large body of research on password security with mobile devices, existing studies have focused on shaping the security behavior of mobile users by enhancing the strengths of user passwords or by establishing secure password composition policies. There is little understanding of how an attacker actually goes about observing the password of a target user. This study empirically examines attackers’ behaviors in observing passwordbased mobile user authentication sessions across the three observation attempts. It collects data through a longitudinal user study and analyzes the data collected through a system log. The results reveal several behavioral patterns of attackers. The findings suggest that attackers are strategic in deploying attacks of shoulder-surfing. The findings have implications for enhancing users’ password security and refining organizations’ password composition policies. 
    more » « less
  5. ; ; (, 2022 IEEE Interational Joint Conference on Biometrics)
    Authentication systems are vulnerable to model inversion attacks where an adversary is able to approximate the inverse of a target machine learning model. Biometric models are a prime candidate for this type of attack. This is because inverting a biometric model allows the attacker to produce a realistic biometric input to spoof biometric authentication systems. One of the main constraints in conducting a successful model inversion attack is the amount of training data required. In this work, we focus on iris and facial biometric systems and propose a new technique that drastically reduces the amount of training data necessary. By leveraging the output of multiple models, we are able to conduct model inversion attacks with 1/10th the training set size of Ahmad and Fuller (IJCB 2020) for iris data and 1/1000th the training set size of Mai et al. (Pattern Analysis and Machine Intelligence 2019) for facial data. We denote our new attack technique as structured random with alignment loss. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email