Swap It Like Its Hot: Segmentation-based spoof attacks on eye-tracking images
This addresses a security vulnerability in biometric authentication for users of eye-tracking systems, highlighting an incremental but specific threat to existing defenses.
The paper tackles the problem of digital spoofing attacks on eye-tracking authentication by proposing IrisSwap, a method that segments and swaps iris patterns to deceive liveness detection, achieving deception rates up to 58% against state-of-the-art defenses.
Video-based eye trackers capture the iris biometric and enable authentication to secure user identity. However, biometric authentication is susceptible to spoofing another user's identity through physical or digital manipulation. The current standard to identify physical spoofing attacks on eye-tracking sensors uses liveness detection. Liveness detection classifies gaze data as real or fake, which is sufficient to detect physical presentation attacks. However, such defenses cannot detect a spoofing attack when real eye image inputs are digitally manipulated to swap the iris pattern of another person. We propose IrisSwap as a novel attack on gaze-based liveness detection. IrisSwap allows attackers to segment and digitally swap in a victim's iris pattern to fool iris authentication. Both offline and online attacks produce gaze data that deceives the current state-of-the-art defense models at rates up to 58% and motivates the need to develop more advanced authentication methods for eye trackers.