Security evaluation of a finger vein authentication algorithm against wolf attack

Presentation attack against biometric authentication systems is getting attention by many researchers since the seminal paper[4]. In this paper, we consider a new kind of presentation attack called wolf attack. Wolf attack does not require biometric feature from a victim which the other presentation attacks does but synthesizes biometric feature from scratch by analyzing vulnerability in biometric matching algorithms. The concept of wolf attack was first introduced in [2]. In the same paper, it was theoretically shown that in a finger vein authentication algorithm[3], there exists a wolf biometric feature which perfectly impersonates any individuals. In order to show the real impact of the attack, in this paper, we demonstrate the first experimental wolf attack to the finger vein authentication algorithm[3], by conducting a presentation attack using the artificially synthesized wolf artifact to an experimental finger vein authentication system. As a result, the impersonation success probability (or WAP defined later) is observed more than 50[%] at a threshold which gives the equal error rate of 1.6[%]. I. WOLF AND WOLF ATTACK PROBABILITY Une, Otsuka and Imai [2] defined the wolf attack as follows. Let SA be a set consisting of all possible input values including ones generated from non-biometric objects such as artefacts or synthetic objects. Let Th be a set consisting of templates generated from all human samples. Let COMP be a comparison algorithm employed in the comparison and decision subsystem, which takes input values s ∈ SA and a template t ∈ Th and outputs match if s and t are decided to be close by a predetermined threshold, and returns nonmatch otherwise. Definition 1.1 (p-wolf): An input value sw is called p-wolf if the probability that the comparison result of sw with a human template is match is equal to p, namely E t∈Th Pr[COMP(sw, t) = match ] = p. In the following, we focus biometric verification (one-to-one authentication) systems. Definition 1.2 (Wolf attack): Assume that the attacker satisfies the following two conditions. (i) The attacker has no information of a biometric feature of a genuine user to be impersonated. Namely we assume that, in the verification phase, the attacker claims an identity chosen uniformly at random. (ii) The attacker has complete information of the algorithms employed in the enrollment phase and the verification phase. Wolf attack is defined as an attacker’s attempt to impersonate a user by presenting a wolf to the sensor of the system. Definition 1.3: Wolf attack probability, WAP, is defined as the maximum of the expected success probability of impersonation over all possible wolf objects. WAP = max sw∈SA E t∈Th Pr[COMP(sw, t) = match ] (1) II. FINGER VEIN AUTHENTICATION ALGORITHM The algorithm proposed by Miura et al.[3] consists of the following steps. 1) Capture images by near-infrared camera 2) Extract finger vein patterns from the captured images 3) Compare a pair of vein patterns 4) Make decision on the matching score The essential part of the algorithm is that the near-infrared image is reduced to one third of its original size. In this process, pixels of 3× 3 are compressed to one value. According to the number of pixels decided as vein pixels (black pixels) out of 9 pixels, the value for the i-th value xi is determined as follows. The algorithm employs the resultant compressed image, which we call a finger vein pattern, as a biometric feature for comparison. xi =  0 if 0-2 pixels are decided vein null if 3-6 pixels are decided vein 1 if 7-9 pixels are decided vein (2) The dissimilarity score is defined over two vein patterns defined in (2) as follows: R(x, x′) = HD(x, x′) #{i |xi = 0}+#{i |xi = 0} (3) where x, x′ ∈ {0, 1, null} represents the vein patterns of length n, and HD(x, x′) = #{i | |xi − xi| = 1} denotes the Hamming distance between x and x′. Note that |null − 0| = |null − 1| = 0. Then the comparison algorithm declares the input and enrolled vein patterns to match if the dissimilarity score is less than the predetermined threshold, and otherwise declares not to match. III. WOLF ATTACK EXPERIMENT A. finger vein capture The finger vein capture equipment in Fig.1 is designed as described in [3]. The near-infrared LED array emits the NIR light transmits the finger and the image is captured by NIR camera device through band-pass filter with center wavelength of 800nm. The size of finger vein images is 198× 78. 2 of claimed template. EV is the number of the vein areas of enrolled templates. If both templates are similar, mismatch rate Rm is smaller. 3.5 Wolf of MNM algorithm Fig.2 is a wolf pattern. Brightness value of white area is 255, brightness value of black area is 0. If an image spread wolf pattern all over surface is claimed to the vein extraction algorithm, binarized output image Fig.3 is gained. Finally, this image is compressed, and a finger vein pattern all areas are ambiguous areas is gained. In case that all areas are ambiguous area, the mismatch rate of Rm becomes 0. Accordingly, Rm becomes 0, and it is determined that every enrolled templates match. Fig 2: Wolf pattern Fig 3: Extracted pattern 4 Wolf attack experiment 4.1 Experimental environment To evaluate the security of a finger vein authentication system against the wolf attack, we prepared an experimental environment that corresponds to the system described in the papers[4][9]. Our finger vein authentication system consists of two parts, an equipment to capture vein images and an algorithm that implements feature extraction and matching, which is already explained in section 3. Fig.4 shows the equipment to capture vein images used in this paper. An equipment on the left side of the Fig.4 is the near-infrared illumination, and equipment on the right side of the Fig.4 is the camera. The camera receives only near-infrared light of over 800nm by an NIR bandpass filter. The algorithm that implements feature extraction and matching mostly based on the algorithm described in the paper[4]. However, two part of implemented program is different from the finger vein authentication MNM algorithm[4][9]. First, that is the determination of the threshold in binarizing the vein image described in section 3.2. In our implementation, the fixed value 1.50 was used as the threshold, because the determination method of MNM[4] and the Step 3 in section 3.2 did not work in our experiment. The threshold determined by maximizing the interclass variance of G(x, y) output highly unbalanced binarized images in our experiment. Second, the size of finger vein images is 198× 78. Fig 4: Camera and near-infrared illumination 4.2 Rotation and translation of vein images Two functions were added in order to improve the authentication accuracy. One is a function that normalizes the angle of vein images which are input to MNM algorithm. The other is translation at the time of comparison. Capturing vein images is performed like Fig.4. Images obtained from the same fingers deviates as to rotate each other, because the position of fingers is not fixed firmly. Therefore, we added the function of rotation. First, outline of the finger is detected from the image, and slope of the image is calculated based on the outline. Next, image is rotated so that the slope is zero degree. Images are shifted also to the horizontal and vertical directions. Translation function was also added in order to compensate for the deviation. In our experiment, size of template is 66 × 26. But, the area of 60 × 20 is used at the time of comparison. (x, y) is the coordinates of pixel , 0 ≤ x ≤ 65, 0 ≤ y ≤ 25, in the image. The ranges used in claimed template are 2 ≤ x ≤ 63 and 3 ≤ y ≤ 22. The ranges used in enrolled template are 2−i ≤ x ≤ 63− i and 3−j ≤ y ≤ 22−j. The ranges of i and j are −2 ≤ i ≤ 2 −2 ≤ j ≤ 2. The areas of enrolled template depend on the total number of combination of i and j. Each areas of enrolled template are compared with claimed template. The most smallest score is used in each comparison result. The lowest score among the matching scores is used. Fig 1. Camera and near-infrared illumination B. Artificial wolf finger The artificial wolf finger (Fig.2) consists of orange-colored rubber plates, white thin plastic plate and OHP sheet. White thin plastic plate is affixed on piles of orange-colored rubber plates, and OHP sheet is affixed on white thin plastic plate. In order to imitate the intensity of infra-red transmittance similar to the human fingers, we adjusted the thickness of orangecolored rubber plates. OHP sheet and white thin plastic plate are used is to reduce the noisy random pattern from the orangecol red plate. The wolf pattern is printed on a OHP sheet by a laser printer. The estimated resolution of camera on the wolf object is 130 dpi. Fig.3 (a), (b) are the captured wolf feature and its extracted vein pattern. If we could input the original wolf feature in [2] to the sensor, extracted vein pattern will be totally filled with null (ambiguous/gray) pixels, hence zero dissimilarity score against any vein pattern in equation (3). In the real experiment, it is not easy to make such an ideal wolf sample. As we see in Fig.3, some pixels are recognized as 0 (background) or 1 (vein) pixels by the feature extraction algorithm because of various noise and non-uniform light intensity. 4.3 Artificial finger used the experiment This section explains an artificial object used in the experiment and how create it. It is shown by Matsumoto et al. that finger vein authentication systems accept artificial objects[6]. In this study, we create those artificial object with wolf vein pattern. We created the artificial object of Fig.5. The artificial object consists of orange-colored rubber plates, white thin plastic plate and OHP sheet. White thin plastic plate is affixed on orange-colored rubber plates, and OHP sheet is affixed on white thin plastic plate. It is necessary that artificial objects have the same transmittance with the human fingers, because earinfrared light is used to capture vein images. Transmittance of the artificial object is adjusted by changing the thickness of orange-colored rubber plates. The reason that OHP sheet and white thin plastic plate are used is to reduce noise. We printed the wolf pattern on OHP sheet by laser pri ter, because OHP sheet is transparent and its thickn ss is uniform. If materials that thickness is un-uniform like paper are used, clear images can not be extracted. White thin plastic plate is used in between orange-colored rubber plates and OHP sheet. The reason is to cover bubbles or scratches on the surface of rubber plates, and to emphasize the wolf pattern on OHP sheet. The surface of a plastic plate has little noise which are extracted as vein areas by extracti n algorithm. DPI of the images that we use the experiment is assumed 130. This DPI derived from the fact that the vein image of paper[4] is about 130 dpi. Fig 5: Artificial finger Fig 6: Artificial wolf Fig 7: Extracted wolf pattern 4.4 Experiment and result We perform the wolf attack experiment using the artificial wolf object against implemented finger vein authentication MNM algorithm. Samples that we use the experiment are as follows. • near-infrared images of 70 human fingers (4 images each finger) • near-infrared image of the wolf artificial object (one image) Result of the experiment is Fig.8. If the score is smaller, it indicates likely genuine. Red line of Fig.8 is genuine score distribution, green line is wolf score distribution and blue line is imposter score distribution. Table.1 show the most characteristic relation of threshold, FAR , FRR and WAP. In the case of nearly EER, WAP is around 50[%]. Further, In the case that FAR is 0.0[%], WAP is 39.2[%]. It is the smallest WAP, because to lower the threshold does not make sense. Fig 8: Score distribution Table 1: Threshold and WAP Threshold FAR[%] FRR[%] WAP[%]