Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Hypersphere Secure Sketch Revisited: Probabilistic Linear Regression Attack on IronMask in Multiple Usage

Pengxu Zhu, Lei Wang

TL;DR

This attack is the first algorithm to successfully recover the original template when getting multiple protected templates in acceptable time and requirement of storage and is the first algorithm to successfully recover the original template when getting multiple protected templates in acceptable time and requirement of storage.

Abstract

Protection of biometric templates is a critical and urgent area of focus. IronMask demonstrates outstanding recognition performance while protecting facial templates against existing known attacks. In high-level, IronMask can be conceptualized as a fuzzy commitment scheme building on the hypersphere directly. We devise an attack on IronMask targeting on the security notion of renewability. Our attack, termed as Probabilistic Linear Regression Attack, utilizes the linearity of underlying used error correcting code. This attack is the first algorithm to successfully recover the original template when getting multiple protected templates in acceptable time and requirement of storage. We implement experiments on IronMask applied to protect ArcFace that well verify the validity of our attacks. Furthermore, we carry out experiments in noisy environments and confirm that our attacks are still applicable. Finally, we put forward two strategies to mitigate this type of attacks.

Hypersphere Secure Sketch Revisited: Probabilistic Linear Regression Attack on IronMask in Multiple Usage

TL;DR

This attack is the first algorithm to successfully recover the original template when getting multiple protected templates in acceptable time and requirement of storage and is the first algorithm to successfully recover the original template when getting multiple protected templates in acceptable time and requirement of storage.

Abstract

Protection of biometric templates is a critical and urgent area of focus. IronMask demonstrates outstanding recognition performance while protecting facial templates against existing known attacks. In high-level, IronMask can be conceptualized as a fuzzy commitment scheme building on the hypersphere directly. We devise an attack on IronMask targeting on the security notion of renewability. Our attack, termed as Probabilistic Linear Regression Attack, utilizes the linearity of underlying used error correcting code. This attack is the first algorithm to successfully recover the original template when getting multiple protected templates in acceptable time and requirement of storage. We implement experiments on IronMask applied to protect ArcFace that well verify the validity of our attacks. Furthermore, we carry out experiments in noisy environments and confirm that our attacks are still applicable. Finally, we put forward two strategies to mitigate this type of attacks.
Paper Structure (34 sections, 2 theorems, 10 equations, 4 figures, 4 tables, 5 algorithms)

This paper contains 34 sections, 2 theorems, 10 equations, 4 figures, 4 tables, 5 algorithms.

Table of Contents

  1. Introduction
  2. Our Contributions.
  3. Related Works
  4. Face Recognition on Hypersphere
  5. Fuzzy-based BTP on Face Recognition
  6. Attack on Fuzzy-based Scheme
  7. Revisit HyperSphere ECC and Secure Sketch
  8. Notations
  9. HyperSphere Error Correct Code
  10. HyperSphere Secure Sketch and IronMask Scheme
  11. Tradeoff of Correctness and Security
  12. Usage in Fuzzy Commitment and IronMask Scheme.
  13. Threat Model
  14. Probabilistic Linear Regression Attack
  15. Core Idea
  16. ...and 19 more sections

Key Result

theorem 1

kimIronMaskModularArchitecture2021a The designed distance $\theta$ for $\mathcal{C}_\alpha$ is $\frac{1}{2}\arccos(1-\frac{1}{\alpha})$.

Figures (4)

  • Figure 1: Overview of probabilistic linear regression attack based on SVD on two matrices $\mathbf{M}_1$ and $\mathbf{M}_2$. The blue solid box indicates that the row vector is orthogonal to template $\mathbf{w}$ while the red dashed box is not. By randomly selecting $(n-1)$ row vectors, we finally get matrix $\mathbf{M}^{k}$ that $\mathbf{w}$ is in null space of $\mathbf{M}^{k}$. As $\mathbf{M}^{k}$ is full of rank, the only one null vector is parallel to $\mathbf{w}$.
  • Figure 2: $Log_2$ of the number of most time-consuming operations(complexity) of each algorithm according to different $\alpha$ with $n=512$. The complexity is $\mathcal{O}(n^3 e^{\alpha})$ for Algorithm \ref{['alg:linear-solver-svd']} and $\mathcal{O}(n^3 e^{2\alpha})$ for optimized SVD-based solver given $2$ sketch in Section \ref{['ch:linear-svd-solver-optimized']}. Here we take the constant number in the complexity of SVD algorithm as 1. However, for concrete algorithms, the constant number might be 8 or more. As this number is constant and small, we argue that it does not influence our conclusions.
  • Figure 3: $Log_2(r_k * t_k), Log_2(\frac{1}{ps}), Log_2(t_{all})$ of different $k$ using LSA-based attack algorithm when getting $k+1$ sketches in noiseless environments. The local minimum of $t_{all}$ is reached as $k\approx280$.
  • Figure 4: The relationship of initial noise $\theta_i$ and secure sketch parameter $\alpha(n=512)$ with different recovery probability $p_r$.

Theorems & Definitions (9)

  • definition 1: HyperSphere-ECC kimIronMaskModularArchitecture2021a
  • definition 2
  • theorem 1
  • definition 3: Secure Sketch
  • definition 4: HyperSphere Secure Sketch
  • definition 5
  • definition 6
  • theorem 2
  • definition 7: naive isometry rotation