Optimizing Key-Selection for Face-based One-Time Biometrics via Morphing
This work addresses adversarial attacks in facial recognition, an incremental improvement focusing on enhancing security for biometric systems.
The paper tackles the vulnerability of facial recognition systems to adversarial attacks by proposing key selection strategies for a cancelable scheme at the signal level, resulting in a reduction of attack success chance to approximately 5.0% for practical thresholds.
Nowadays, facial recognition systems are still vulnerable to adversarial attacks. These attacks vary from simple perturbations of the input image to modifying the parameters of the recognition model to impersonate an authorised subject. So-called privacy-enhancing facial recognition systems have been mostly developed to provide protection of stored biometric reference data, i.e. templates. In the literature, privacy-enhancing facial recognition approaches have focused solely on conventional security threats at the template level, ignoring the growing concern related to adversarial attacks. Up to now, few works have provided mechanisms to protect face recognition against adversarial attacks while maintaining high security at the template level. In this paper, we propose different key selection strategies to improve the security of a competitive cancelable scheme operating at the signal level. Experimental results show that certain strategies based on signal-level key selection can lead to complete blocking of the adversarial attack based on an iterative optimization for the most secure threshold, while for the most practical threshold, the attack success chance can be decreased to approximately 5.0%.