Hiding Your Signals: A Security Analysis of PPG-based Biometric Authentication

TL;DR

An active defence strategy to hide the physiological signals of the face to resist the attack of rPPG-based biometrics, including user authentication and communication protocols is proposed.

Abstract

Recently, physiological signal-based biometric systems have received wide attention. Unlike traditional biometric features, physiological signals can not be easily compromised (usually unobservable to human eyes). Photoplethysmography (PPG) signal is easy to measure, making it more attractive than many other physiological signals for biometric authentication. However, with the advent of remote PPG (rPPG), unobservability has been challenged when the attacker can remotely steal the rPPG signals by monitoring the victim's face, subsequently posing a threat to PPG-based biometrics. In PPG-based biometric authentication, current attack approaches mandate the victim's PPG signal, making rPPG-based attacks neglected. In this paper, we firstly analyze the security of PPG-based biometrics, including user authentication and communication protocols. We evaluate the signal waveforms, heart rate and inter-pulse-interval information extracted by five rPPG methods, including four traditional optical computing methods (CHROM, POS, LGI, PCA) and one deep learning method (CL_rPPG). We conducted experiments on five datasets (PURE, UBFC_rPPG, UBFC_Phys, LGI_PPGI, and COHFACE) to collect a comprehensive set of results. Our empirical studies show that rPPG poses a serious threat to the authentication system. The success rate of the rPPG signal spoofing attack in the user authentication system reached 0.35. The bit hit rate is 0.6 in inter-pulse-interval-based security protocols. Further, we propose an active defence strategy to hide the physiological signals of the face to resist the attack. It reduces the success rate of rPPG spoofing attacks in user authentication to 0.05. The bit hit rate was reduced to 0.5, which is at the level of a random guess. Our strategy effectively prevents the exposure of PPG signals to protect users' sensitive physiological data.

Figures (7)

• Figure 1: Evolution of the attack against PPG-based user authentication. The attack assumptions are released from requiring the victim's PPG signal to only needing the victim's video clip.
• Figure 2: Features of the PPG signal (including the original waveform, the first-/second- order derivatives of the waveform) that are related to heart health.
• Figure 3: Our proposed spoofing attack flow. We identify the ROI region from the target video frame before extracting the rPPG signal from the ROI. The rPPG signal is used to launch a spoofing attack on the authentication system. Usually, we can use a waveform generator to convert the PPG signal to an electrical signal for transmission to the target terminal or simulate the process of PPG signal acquisition. For the IPI-based protocol, we can extract the IPI sequence from the rPPG signal.
• Figure 4: The raw video quantile-based IPI coding bit hit rate in different datasets. The horizontal coordinate indicates the bit hit rate.
• Figure 5: Our proposed workflow for active defence strategy. First, we detect the face area from the original video to distinguish it from the attack strategy. We use a different detection method. Then the face mesh is extracted in the face area. The face mesh includes 468 3D face landmarks. Using face mesh, we remove non-skin regions, such as the eyes and mouth. Next, we use the generated sine signal with the extracted ROI to create a template for injecting the video. Theoretically, we can inject arbitrary waveforms. To make the injected edges imperceptible, we blurred the template. Finally, the template sequence is superimposed on the original video to complete the signal hiding.