Biometric templates can be inverted for attacks, but also protected with hashing

A pair of papers from the Idiap Research Institute’s Biometrics Security and Privacy Group show the potential vulnerability of biometric templates to 3D reconstruction attacks, and a possible way to protect those templates through hashing.

Both papers were shared over LinkedIn by Idiap Senior Researcher Sébastien Marcel, who also co-authored each.

A new method of cancelable biometric template protection was presented in “MLP-Hash: Protecting Face Templates via Hashing of Randomized Multi-Layer Perceptron” at the EUSIPCO 2023. The research’s other authors are Vedrana Krivokuća Hahn and Hatef Otroshi.

The biometric features extracted to create the template are passed through a user-specific randomly-weighted multi-layer perceptron (MLP), and the output converted to binary.

A perceptron is described as “an algorithm for simplified learning of binary classifiers” by Simplilearn.

The method was tested with an evaluation based on the ISO/IEC 30136 biometric template protection evaluation standard, with the MOBIO and LFW datasets. It showed performance competitive with template protection algorithms like BioHashing and IoM Hashing, according to the report.

Encrypted templates are generally considered within the biometrics industry to be near-impossible to reverse engineer into usable data, particularly at scale. New attack techniques continue to emerge, however, potentially making previously safe templates vulnerable.

“Comprehensive Vulnerability Evaluation of Face Recognition Systems to Template Inversion Attacks Via 3D Face Reconstruction,” by Marcel and Otroshi, proposes a new method the researchers call GaFaR, for “Geometry-aware Face Reconstruction.”

The researchers developed a template inversion attack with a “pretrained geometry-aware face generation network” and mapping trained on real and synthetic faces.

The resulting method was tested in presentation attacks using digital and printed facial images, which showed some success in attacks against both the same system the template was stolen from and other facial recognition systems.

The paper was published in the IEEE Transactions on Pattern Analysis and Machine Intelligence.

Article Topics

3D reconstruction attacks  |  biometric hash  |  biometric template  |  biometrics  |  biometrics research  |  face biometrics  |  Idiap  |  template inversion attack