Cross-database attack of different coding-based palmprint templates

Abstract

A cross-database attack in biometric systems is a security attack where attackers attempt to leverage a compromised target user’s template in one database and infer their templates in other databases. The biometric community largely ignores cross-database attack although they pose poses potential severe risks to the security of the biometric systems. This paper presents a comprehensive study on cross-database attacks in palmprint recognition systems. We specifically focus on the coding-based palmprint templates due to their popularity. Coding-based methods for palmprint feature representation are designed differently to improve performance accuracy and reduce complexity, where the coded templates look completely diverse; thus, it is difficult to correlate them in a meaningful way. However, we demonstrate that the latent correlation of coding-based palmprint templates can indeed be established. Specifically, we analyze six coding-based palmprint representations, and by exploiting the latent statistical correlations among them, we devise an effective cross-database attack algorithm. The attack enables the target users’ palmprint templates to be exploited to infer their templates stored in other databases despite different coding methods. Our cross-database attack even yields a 100% success rate in some scenarios on the public datasets. This suggests high risks of cross-database attacks and privacy invasion of palmprint recognition systems that adopt coding-based representation.