Fuzzy Commitments Offer Insufficient Protection to Biometric Templates Produced by Deep Learning
This work reveals a critical vulnerability in biometric template protection for deep learning-based facial recognition systems, impacting user privacy and security.
This paper investigates the security of fuzzy commitments when applied to facial images processed by deep learning facial recognition systems. It demonstrates that these systems produce templates with insufficient entropy, enabling a reconstruction attack that recovers facial images closely resembling the originals. The attack achieves over 78% success in unlocking accounts in the simplest scenario and 50 to 120 times higher success rates than the system's FAR in the hardest settings.
In this work, we study the protection that fuzzy commitments offer when they are applied to facial images, processed by the state of the art deep learning facial recognition systems. We show that while these systems are capable of producing great accuracy, they produce templates of too little entropy. As a result, we present a reconstruction attack that takes a protected template, and reconstructs a facial image. The reconstructed facial images greatly resemble the original ones. In the simplest attack scenario, more than 78% of these reconstructed templates succeed in unlocking an account (when the system is configured to 0.1% FAR). Even in the "hardest" settings (in which we take a reconstructed image from one system and use it in a different system, with different feature extraction process) the reconstructed image offers 50 to 120 times higher success rates than the system's FAR.