Analysis on Secure Triplet Loss

Abstract

Major improvements in biometric authentication have been made in recent years due to the advancements in deep learning. Through the use of a deep learning-based facial recognition model with metric learning, more discriminative facial features can be extracted from faces. A large threat to user privacy could result from the disclosure of more discriminatory feature vectors related to biometric information. Among many biometric template protection (BTP) schemes, there have been studies that have attempted to protect feature vectors from the learning process of facial recognition models, while considering security requirements. One of them is secure triplet loss (STL) based BTP, which is an end-to-end BTP scheme using deep learning model that merges an additional layer on a pre-trained facial recognition model. STL-based BTP takes a pre-defined key and an image as inputs, and it is designed to become closer only when both the identity and the key are matched simultaneously. In this paper, we propose an efficient attack on STL-based BTP and our attack is conducted in a black-box setting using only the similarity scores between a target template and the template from the queried image and key pair. We have succeed in the attack using approximately 329.59 and 256.57 queries for the two types of black-box target systems. Furthermore, we conduct an analysis of our attack along with the implementation code.