Zahid Akhtar - Ph.D. Defense Slides

Pattern Recognition and Applications Group Department of Electrical and Electronic Engineering University of Cagliari, Italy

Security of Multimodal Biometric Systems against Spoof Attacks

Zahid Akhtar

Advisor: Prof. Fabio Roli

PhD in Electronic and Computer Engineering

Dr. Gian Luca Marcialis Co-advisors: Dr. Giorgio Fumera

2

Outline

06-03-2012 Security of Multimodal Biometric Systems against Spoof Attacks - Zahid Akhtar

• Background concepts biometric systems and their security issues

• Contributions of this thesis Robustness evaluation of multimodal biometric systems against real spoof attacks Proposed methods for security evaluation of multimodal biometric systems against spoof attacks Experiments

• Conclusions and future works

3

Biometrics


• Examples of body traits that can be used for biometric recognition

Face Fingerprint Iris Hand geometry

Palmprint Signature Voice Gait

4 06-03-2012 Security of Multimodal Biometric Systems against Spoof Attacks - Zahid Akhtar

• Enrollment Phase

• Verification Phase

` Feature Extractor

Biometric Sensor

System Database

XTemplate

User Identity

User

Feature Extractor

Biometric Sensor

System Database Yes

No

Score

Score > Threshold

Genuine

Impostor

XQuery

Claimed user Identity

Matcher

XTemplate

User

Biometric authentication systems

5

Biometric authentication systems


• Unimodal Biometric System

• Multimodal Biometric System

Feature Extractor

Biometric Sensor

Fingerprint Matcher

System Database

Yes

No

Score

Score > Threshold

Genuine

Impostor

Feature Extractor

Biometric Sensor

Face Matcher

Feature Extractor

Biometric Sensor

Fingerprint Matcher

System Database

Score Fusion Rule

f(s1,s2)

s1

s2

Yes

No

Score

Score > Threshold

Genuine

Impostor

6

Spoof (Direct) Attacks


• Spoof attacks attacks at the user interface (sensor) presentation of a fake biometric trait

• Countermeasures Liveness detection methods Multimodal biometric Systems “intrinsically” robust?

7

State-of-the-art


• Vulnerability identification contrary to a common belief, a multimodal biometric system can be evaded even if only one biometric trait is spoofed [Rodrigues et al. JVLC 2009, Rodrigues et al. BTAS 2010, P. A. Jonhson et al. WIFS 2010]

• Robustness evaluation against spoof attacks evaluation under working worst-case hypothesis

“worst-case” scenario, where it is assumed that the attacker is able to fabricate a perfect replica of a biometric trait

Fake scores are simulated under a worst-case scenario, resampling genuine user scores p(score|Impostor, spoofing) = p(score|Genuine)

p(score|Genuine) p(score|Impostor) p(score|Fake)

0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 10

1

2

3

4

5

6

score

8

State-of-the-art


• Defense strategies against spoof attacks two robust fusion rule under a worst-case hypothesis [Rodrigues et al. JVLC 2009]

• No methodology exist to evaluate the performance of biometric systems against real spoof attack

9

Open issues


1. Vulnerability identification against real spoof attacks vulnerability of multimodal biometric systems to real spoof attacks that may be exploited by an attacker to mislead the system

2. Performance evaluation methods against spoof attacks standard performance evaluation does not provide information about the security1 of a system against spoof attack

3. Robust system design current theory and design methods of biometric systems do not take into account the vulnerability to such adversary attacks.

1 In this thesis, we will use both “security” and “robustness” terms interchangeably, to indicate performance of biometric systems against spoof attacks.

10

Main contributions of this thesis


1. Security of multimodal biometric systems against real spoof attacks to provide empirical proof that multimodal systems are not intrinsically robust against real spoof attacks

2. Worst-case hypothesis validation to verify that current worst-case scenario is not realistic under “real” attacks

3. Security evaluation method to provide an estimate of the performance of multimodal biometric system against real spoof attack without fabrication of fake traits to select a more robust score fusion rule according to its performance under spoof attack

11

Problems


• Can multimodal biometric systems be actually cracked by attacking only one sensor via real spoof attacks?

to validate the state-of-the-art results obtained under “worst-case” spoof attack scenario

The scope of state-of-the-art results are very limited since they were obtained by simulating the scores of spoofed traits under worst-case

scenario.

12

Problems


To what extent the drop in performance under the “worst-case” attack scenario is representative of the performance under real spoof attacks.

• Is the “worst-case” scenario hypothesized in literature for spoofing biometrics representative of real spoof attacks?

whether and to what extend the “worst-case” scenario is realistic

• How can the security of multimodal systems be evaluated, under realistic attacks, without fabricating spoofed traits?

a current issue is to have a measurements of the performance drop under spoofing attacks for uni and multimodal systems

collecting “attack” samples is a non-trivial task

13

Problems


It is of interest to evaluate robustness of biometric systems under different qualities of fake traits.

14

Experiments


• Multimodal system with face and fingerprint matchers

Fingerprint: Bozorth3 (NIST) and Verifinger (Neurotechnology)

Face: Elastic Bunch Graph Matching - EBGM

Feature Extractor

Biometric Sensor

Face Matcher

Feature Extractor

Biometric Sensor

Fingerprint Matcher

System Database

Score Fusion Rule

f(s1,s2)

s1

s2

Yes

No

Score

Score > Threshold

Genuine

Impostor

15

Experiments


Score fusion rules

5. Weighted Product s =

1. Sum s = s1 + s2

€

s1w × s2

1−w

€

α3 (1− c1)(1+ c2)p(s1 |G)p(s2 | I)

€

+ α3 (1+ c1)(1− c2)p(s1 | I)p(s2 |G)

+ α3 (1− c1)(1− c2)p(s1 |G)p(s2 |G)

[(1−α) + α3 (c1 + c2 + c1c2)]p(s1 | I)p(s2 | I)

2. Product s = s1 × s2

3. Bayesian s = ( s1 × s2 ) / [(1- s1)(1- s2) + (s1 × s2)]

4. Weighted Sum (LDA) s = w0 + w1s1 × w2s2

6. Perceptron s = 1 / 1 + exp[(w0 + w1s1 × w2s2)]

7. Likelihood ratio (LLR) s = p(s1,s2|G) / p(s1,s2|I)

8. Extended LLR (ExtLLR)

p(s1,s2|I) = explicitly models the distribution of spoof attacks (worst-case) [Rodrigues et al. JVLC 2009]

16

Experiments


Fake biometric traits • Fake fingerprints by “consensual method”

mould: plasticine-like material cast: silicon, latex, gelatin and alginate

Live Fake (latex) Fake (silicon) !

!

!

!

!

!

!

!

!

Live Fake (photo) Fake (personal ) !

!

!

!

!

!

• Fake faces by “photo-attack”, “personal photo attack” and “print-attack” photo displayed on a laptop screen to camera Personal photos (like those appearing an social networks) video clips of printed-photo attacks

17

Experiments


Data sets

Data Set Number Number Number of clients of spoofs of live per client per client

Silicon 142 20 20 Latex 80 3 5 Gelatin 80 3 5 Alginate 80 3 5

Photo Attack 40 60 60 Personal Photo Attack 25 3(avg.) 60 Print Attack 50 12 16

12 chimerical multimodal data sets with 8 fusion rules 12 × 8 = 96 multimodal biometric systems

18

Robustness evaluation against real spoof attacks


19

Experiments


• can multimodal systems be cracked by attacking only one modality via real spoof attacks?

Fakes: latex (fingerprint) and photo (faces)

@1% FAR operational point (LDA): FAR under attacks: 64.91% (fingerprint spoofing) and 2.17% (face spoofing)

10!1

100

101

102

10!1

100

101

102

FAR (%)

FR

R (

%)

LDA

10−1

100

101

102

10−1

100

101

102

FAR (%)

FR

R (

%)

LLR

no spoof fing. face both w-fing. w-face

Results

20

Experiments


however the considered multimodal systems are more robust than unimodal ones, even when all biometric traits are spoofed

Fakes: silicon (fingerprint) and photo (faces)

10−1

100

101

102

10−1

100

101

102

FAR (%)

FR

R (

%)

LLR

fing. + face (no spoof) fing.+ face spoof fing. (no spoof) fing. spoof face (no spoof) face spoof

10−1

100

101

102

10−1

100

101

102

FAR (%)

FR

R (

%)

Product

Results

Zahid Akhtar, Battista Biggio, Giorgio Fumera, Gian Luca Marcialis, “Robustnessof Multi-modal Biometric Systems under Realistic Spoof Attacksagainst All Traits”, In IEEE Workshop on Biometric Measurements and Systems for Security and Medical Applications (BioMS), pp. 5–10, 2011.

21

Worst-case hypothesis validation


22

Experiments


Results

10−1

100

101

102

10−1

100

101

102

FAR (%)

FR

R (

%)

Extended LLR

10−1

100

101

102

10−1

100

101

102

FAR (%)

FR

R (

%)

LLR


worst case assumption (dashed lines) holds to some extent for face spoofing but not for fingerprint spoofing

• Is the “worst-case” scenario for spoofing biometrics representative of real spoof attacks?

Fakes: latex (fingerprint) and photo (faces)

Battista Biggio, Zahid Akhtar, Giorgio Fumera, Gian Luca Marcialis, FabioRoli, “Robustness of multi-modal biometric verification systems under realistic spoofing attacks”, In International Joint Conference on Biometrics (IJCB), 2011.

Fake fingerprints silicon alginate

23

Experiments


• Matching score distributions

Fake faces photo personal photo

! !"# !"$ !"% !"& '!

!"!'

!"!#

!"!(

!"!$

!"!)

!"!%

*

*+,-./-,

/0123425

678,

! !"# !"$ !"% !"& '!

!"!'

!"!#

!"!(

!"!$

!"!)

!"!%

*

*+,-./-,

/0123425

678,

! !"# !"$ !"% !"& '!

!"!(

!"'

!"'(

!"#

!"#(

!")

!")(

!"$*+,-./''!01213/4)!0+15./3+67!8+*+91:

;

;<.:=+:.

+5>18/13

?76.

! !"# !"$ !"% !"& '!

!"!(

!"'

!"'(

!"#

!"#(

!")

!")(

!"$*+,-./''!01213/4)!0+15./3+67!7*8+97/

:

:8.9;+9.

+5<1=/13

>76.

Results

Extended LLR can be less robust than LLR to real fingerprint spoof attacks

24

Experiments


Fakes: silicon (fingerprint) and personal photo (faces)


10−1

100

101

102

10−1

100

101

102

FAR (%)

FR

R (

%)

Extended LLR

10!1

100

101

102

10!1

100

101

102

FAR (%)

FR

R (

%)

LLR

Results

Battista Biggio, Zahid Akhtar, Giorgio Fumera, Gian Luca Marcialis, FabioRoli, “Security evaluation of biometric authentication systems under realistic spoofing attacks”, In IET Biometrics, In press, 2012.

25

Security evaluation method


26

Security evaluation


• Security evaluation is required to have a more complete understanding of multimodal biometric systems’ performance

to assess the robustness of the multimodal systems to design novel fusion rules robust to spoof attacks to choose the most robust fusion rule

• Fabricating spoof attacks may be very difficult task

costly and time consuming

• We thus propose to simulate the effect of spoof attacks on corresponding matching score distribution

27

Attack simulation


• Factors: biometric trait spoofed, matching algorithm, forgery techniques and ability

• Sets of matching scores from genuine users and impostors distributions are given

• Baseline assumptions

worst-case for the system (best-case for the attacker) p(score|Fake) = p(score|Genuine) State-of-the-art

best-case for the system (worst-case for the attacker) p(score|Fake) = p(score|Impostor)

intermediate cases p(score|Fake) lies between p(score|Genuine) and p(score|Impostor)

28

Attack simulation


• Models of spoof attacks match score distribution based on baseline assumption

• Parametric model

Fake: same parametric form as Genuine and Impostor ones

µFake = α µGenuine + (1- α) µImpostor

σFake = α σGenuine + (1- α) σImpostor

α ∈ [0,1] : “Attack Strength”

state-of-the-art (worst-case) α = 1

0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 10

1

2

3

4

5

6

7

score

p(score|Genuine)

p(score|Impostor)

p(score|Fake)

α = 0.5

• Non-Parametric model

scoreFake = (1 - α) scoreImpostor + α scoreGenuine

Zahid Akhtar, Giorgio Fumera, Gian Luca Marcialis, and Fabio Roli, “Robustness Evaluation of Biometric Systems under Spoof Attacks”, In 16th International Conference Image Analysis and Processing (ICIAP), pp.159–168, 2011.

29

Security evaluation method


State-of-the-art p(score|Fake) = p(score|Genuine)

0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 10

1

2

3

4

5

6

score


0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 10

1

2

3

4

5

6

score

p(score|Genuine) p(score|Impostor)

Threshold

Fused score distribution

Training Phase Testing Phase

Matchers under attack

0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 10

1

2

3

4

5

6

score


Matchers under attack

Our method Parametric

µFake = α µGenuine + (1- α) µImpostor σFake = α σGenuine + (1- α) σImpostor

Non-parametric scoreFake = (1 - α) scoreImpostor + α scoreGenuine

0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 10

1

2

3

4

5

6

score


Matchers not attacked

0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 10

1

2

3

4

5

6

score



accu

racy

attack strength (α)

multimodal biometric system

0 0.1 0.2 0.8 0.9 …………..…. 1

Score Fusion Rule

Score Fusion Rule

Zahid Akhtar, Giorgio Fumera, Gian Luca Marcialis and Fabio Roli, “Robustness analysis of Likelihood Ratio score fusion rule for multi-modal biometric systems under spoof attacks”, In 45th IEEE Intl. Carnahan Conference on Security Technology (ICCST), pp. 237–244, 2011.

30

Experiments


score distribution of fake trait is lying between Genuine and Impostor distributions

0.4 0.5 0.6 0.7 0.8 0.9 10

0.01

0.02

0.03

0.04

0.05

0.06

0.07

0.08

0.09

score

Frequency

Genuine

Impostor

Fake

0.49 0.5 0.51 0.52 0.53 0.54 0.550

0.05

0.1

0.15

0.2

0.25

0.3

0.35

0.4

0.45

score

Frequency

Genuine

Impostor

Fake

Results • Matching score distributions

Fake faces: Photo Fake fingerprints: silicon

31

Experiments


• Can our method reasonably approximate a real fake score distribution?

Hellinger Distance: ∈ [0 , 2]

Non-parametric model

Data set Hellinger Distance α

Face 0.0939 0.9144 Fingerprint 0.4397 0.0522

Face System Fingerprint System

!"# !"## !"$ !"$# !"% !"%# !"& !"&# !"' !"'# (!

(

)

*

+

#

$

,-./0

1/02304-5

!

!

67839:;0<=,-./0,

1:>0=,-./0,

!"#$% !"% !"%!% !"%& !"%&% !"%'!

&!!

'!!

(!!

#!!

%!!

)!!

*+,-.

/-.01.2+3

!

!

4561789.:;*+,-.*

/8<.;*+,-.*

Results

32

Experiments



0.5 0.55 0.6 0.65 0.7 0.75 0.8 0.85 0.9 0.95 10

10

20

30

40

50

60

70

80

90

100

Threshold

Fa

lse

Ac

ce

pta

nc

e R

ate

! F

AR

(%)

the real Performance

the estimated performance by our model

the estimated performance by state!of!the!art

0.5 0.51 0.52 0.53 0.54 0.55 0.56 0.57 0.58 0.59 0.60

10

20

30

40

50

60

70

80

90

100

Threshold

Fa

lse

Ac

ce

pta

nc

e R

ate

! F

AR

(%)

the real Performance

the estimated performance by our model

the estimated performance by state!of!the!art

Results • Does our method provide a good estimate of the performance under attacks?

Performance measure: False Acceptance Rate (FAR)

Performance estimation of unimodal biometric systems under spoof attack

33

Experiments


Comparison with the worst-case spoof attacks

Operational Real Approximated Approximated Point FAR FAR FAR (our model) (worst-case assumption)

4.80 23.50

50.60 60.00

4.20 23.30

62.50 80.80

11.40 24.30

94.80 95.10

zeroFAR 1%FAR

zeroFAR 1%FAR

Face System

Fingerprint System

Results

34

Experiments


Performance estimation of multimodal biometric systems under spoof attack

Results

Operational Real Approximated Approximated Point FAR FAR FAR (our model) (worst-case assumption)

2.51

5.13 5.20

6.27

2.70

8.93 4.83

6.35

5.91

11.24 95.05

98.01

zeroFAR

1%FAR zeroFAR

1%FAR

Face System Fingerprint

System

!"!#

!"!$

!"!%

!"!&

!""

"

!"

&"

'"

%"

("

$"

)"

#"

*"

!""

+,-./,012

341/.5677.894:7.5;49.5!536;<=>

!

!

:0549947?

-.415/800@549947?5<@47.>

/ABC149.25/800@549947?5<@47.>

! !"# !"$ !"% !"& !"' !"( !") !"* !"+ #!

#!

$!

%!

&!

'!

(!

)!

*!

+!

#!!

,-./0-123

4520/6788/9:5;8/6<5:/6!647<=>?

!

!

;165::58@

./5260911A65::58@6=AB;C/.9.B;:?

0BDE25:/360911A65::58@6=AB;C/.9.B;:?


Comparison with the worst-case spoof attacks

35

Experiments


€

= logσ I s1

σ I s 2

σGs1σGs 2

+12(s1 −µI s1

)2

σ I s12 +

(s2 −µI s 2)2

σ I s 22 −

(s1 −µGs1)2

σGs1

2 −(s2 −µGs 2

)2

σGs 2

2

€

z(s1,s2) = log p(s1 |G)p(s2 |G)p(s1 | I)p(s2 | I)

• Robustness analysis of likelihood ratio score fusion rule using parametric model

a bi-modal system using LLR fusion rule with Gaussian distribution

Case study

€

z(s1,s2) − log t = As12 + Bs1s2 + Cs2

2 + Ds1 + Es2 + F

€

z(s1,s2) − log t = 0

B2 - 4AC < 0 : an ellipse B2 - 4AC = 0 : a parabola B2 - 4AC > 0 : an hyperbola

€

FAR(t) = p(s1 | I)p(s2 | I)G∫∫ ds1ds2

FAR under spoof attack: when only matcher 1 is spoofed

€

FAR(t) = p(s1 |F)p(s2 | I)G∫∫ ds1ds2

36

Experiments


• NIST Biometric score set Release 1(BSSR1)

two different face matchers (C & G)

one fingerprint matchers (LI & RI)

no. of clients: 517 for each client 1 genuine & 516 impostor samples

• Four multimodal systems: G-RI, G-LI, C-RI, and C-LI

• α (attack strength) values: 0 (best-case) to 1 (worst-case) scenario

Data sets

37

Experiments


Performance measure: False Acceptance Rate (FAR) α = 0 absence of attacks α = 1 worst-case scenario (state-of-the-art)

FAR under attacks increases as the fake strength increases

! !"# !"$ !"% !"& !"' !"( !") !"* !"+ ##!

!$

#!!#

#!!

#!#

#!$

,-./0123/4526

,-78/09::/;2-4:/0<-2/0!0,9<0=>?

!

!

@@<0!0,A45/3;3A4201;BBC/D

@@<0!0,-:/01;BBC/D

! !"# !"$ !"% !"& !"' !"( !") !"* !"+ ##!

!

#!#

#!$

,-./0123/4526,-78/09::/;2-4:/0<-2/0!0,9<0=>?

!

!

@@<0!0,A45/3;3A4201;BBC/D

@@<0!0,-:/01;BBC/D

At 0.01% FAR operational point At 1% FAR operational point

Results

38

Experiments


fingerprint spoofing: FAR increases very quickly

face spoofing: relatively a more graceful increase of FAR

multimodal biometric systems can be vulnerable to spoof attacks against only one matcher

! !"# !"$ !"% !"& !"' !"( !") !"* !"+ ##!

!$

#!!#

#!!

#!#

#!$

,-./0123/4526

,-78/09::/;2-4:/0<-2/0!0,9<0=>?

!

!

@@<0!0,A45/3;3A4201;BBC/D

@@<0!0,-:/01;BBC/D

! !"# !"$ !"% !"& !"' !"( !") !"* !"+ ##!

!

#!#

#!$

,-./0123/4526

,-78/09::/;2-4:/0<-2/0!0,9<0=>?

!

!

@@<0!0,A45/3;3A4201;BBC/D

@@<0!0,-:/01;BBC/D

At 0.01% FAR operational point At 1% FAR operational point

Results

39

Score fusion rules ranking method


40

Score fusion rule ranking method


Training Phase Testing Phase Our method

Parametric µFake = α µGenuine + (1- α) µImpostor σFake = α σGenuine + (1- α) σImpostor

Non-parametric scoreFake = (1 - α) scoreImpostor + α scoreGenuine

0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 10

1

2

3

4

5

6

score


rank

ing

attack strength (α) 0 0.1 0.2 0.8 0.9 1 …………..….

1

2

3

……

..….

Rule 1

Rule 2

Rule 3

……

..….

Rule 1

Rule 2

Rule 3

……

..….

…………..…. 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 10

1

2

3

4

5

6

score


Threshold

Fused score distribution Matchers under attack

0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 10

1

2

3

4

5

6

score



0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 10

1

2

3

4

5

6

score


Score Fusion Rules

Zahid Akhtar, Giorgio Fumera, Gian Luca Marcialis and Fabio Roli, “Evaluation of multimodal biometric score fusion rules under spoof attacks”, In 5th IAPR/IEEE Intl. Conf. on Biometrics (ICB), 2012.

Threshold

41

Experiments


• Ranking of fusion rules according to their FAR under real spoof attacks


Face Spoofing zeroFAR FAR(%) Rules

0.04 ExtLLR 0.05 LLR 0.27 W. Product 0.48 W. Sum 1.30 Perceptron 6.75 Bayesian 6.80 Sum 6.82 Product

1% FAR FAR(%) Rules

2.26 ExtLLR 2.29 LLR 10.72 W. Product 18.37 W. Sum 20.95 Perceptron 23.47 Bayesian 23.49 Sum 23.57 Product

Fingerprint Spoofing zeroFAR FAR(%) Rules

0.00 Bayesian 0.00 Sum 0.00 Product 24.56 W. Sum 27.73 Perceptron 34.87 W. Product 50.42 ExtLLR 50.43 LLR

1% FAR FAR(%) Rules

1.05 Bayesian 1.15 Sum 1.33 Product 42.59 W. Sum 44.11 Perceptron 51.10 W. Product 60.31 ExtLLR 60.32 LLR

our method always predicted the correct ranking corresponding to the optimal α value

Results

42

Experiments



Optimal α values : face 0.9144 fingerprint

fingerprint spoofing predicted ranking of each rule remains constant bayesian rule always exhibits the best ranking

Results

0.0522

! !"# !"$ !"% !"& !"' !"( !") !"* !"+ #

*

)

(

'

&

%

$

#

,--./012-3456-7

8.50956

!

!

:.;4<9.5

2=>

?3@A=/-

B"12=>

?43/4C-3@5

B"1?3@A=/-

DE-FF8

FF8

! !"# !"$ !"% !"& !"' !"( !") !"* !"+ #

*

)

(

'

&

%

$

#

,--./012-3456-7

8.50956

!

!

:.;4<9.5

2=>

?3@A=/-

B"12=>

?43/4C-3@5

B"1?3@A=/-

DE-FF8

FF8

Face spoofing Fingerprint spoofing

43

Experiments



Optimal α values : face 0.9144 fingerprint

face spoofing two different rankings are predicted: one for α < 0.5, and the other α ≥ 0.5 weighted sum or weighted product rule can be reasonable choice

Results

0.0522

! !"# !"$ !"% !"& !"' !"( !") !"* !"+ #

*

)

(

'

&

%

$

#

,--./012-3456-7

8.50956

!

!

:.;4<9.5

2=>

?3@A=/-

B"12=>

?43/4C-3@5

B"1?3@A=/-

DE-FF8

FF8

! !"# !"$ !"% !"& !"' !"( !") !"* !"+ #

*

)

(

'

&

%

$

#

,--./012-3456-7

8.50956

!

!

:.;4<9.5

2=>

?3@A=/-

B"12=>

?43/4C-3@5

B"1?3@A=/-

DE-FF8

FF8

Face spoofing Fingerprint spoofing

44

Conclusions and future works


• Multimodal biometric systems are not intrinsically robust

• Multimodal systems can be more robust than unimodal systems

• Worst-case hypothesis does not hold in real scenarios

• Methodology for security evaluation without fabrication of spoof attacks

two models for fake score distribution based on the concept of “Attack strength”

developed models are a good alternative to the worst-case assumption

• Methodology for Ranking the score fusion rule under spoof attacks

45

Conclusions and future works


• Experimental results provide useful insights for the design of robust multimodal biometric systems

• Future works

more accurate modelling and simulation of fake score distributions

extensive validation of our models on data sets with significant spoof attacks of different biometric traits

development of robust score fusion rules

46

Thank you
