Cited 0 time in
Scores Tell Everything about Bob: Non-adaptive Face Reconstruction on Face Recognition Systems
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.author | Kim, Sunpill | - |
| dc.contributor.author | Tan, Yong Kiam | - |
| dc.contributor.author | Jeong, Bora | - |
| dc.contributor.author | Mondal, Soumik | - |
| dc.contributor.author | Mi Aung, Khin Mi | - |
| dc.contributor.author | Seo, Jae Hong | - |
| dc.date.accessioned | 2024-11-28T08:36:02Z | - |
| dc.date.available | 2024-11-28T08:36:02Z | - |
| dc.date.issued | 2024-09 | - |
| dc.identifier.issn | 1081-6011 | - |
| dc.identifier.issn | 2375-1207 | - |
| dc.identifier.uri | https://scholarworks.bwise.kr/hanyang/handle/2021.sw.hanyang/195338 | - |
| dc.description.abstract | Face recognition systems (FRSs) typically store databases of discriminative real-valued template vectors, which are extracted from each enrolled user's facial image(s). Such template databases must be carefully protected for user privacy - indeed, the dangers of template leakages have been widely reported in the literature. In contrast, the similarity scores between queried images and enrolled users is often unprotected and can be readily queried through typical FRS APIs. Such scores provide a potential avenue of adversarial attack on FRSs, but recently proposed score-based attacks remain largely impractical because they essentially rely on trial-and-error strategies that use an enormous number of adaptive queries (>50K) for face reconstruction.We present the first practical score-based face reconstruction and impersonation attack against three commercial FRS APIs: AWS CompareFaces, FACE++, and KAIROS, as well as five commonly used pre-trained open-source FRSs. Our attack is carried out in the black-box FRS model, where the adversary has no knowledge of the FRS (underlying models, parameters, template databases, etc.), except for the ability to make a limited number of similarity score queries. Notably, the attack is straightforward to implement, requires no trial-and-error guessing, and uses a small number of nonadaptive score queries. We motivate the attack by analyzing the topological meaning of similarity scores and then present our novel method using orthogonal face sets: a precomputed approximate basis set of human-like face images that enables us to get meaningful similarity scores from a small number of non-adaptive queries. Our approach successfully reconstructs human-like impersonation images with >20% (resp. >96%) success rates across three test datasets when directly attacking the AWS CompareFaces API (resp. open-source CosFace FRS) using only 100 queries - up to two orders of magnitude fewer queries than previous approaches. We provide evidence that personally identifiable biometric features are captured in our reconstructions by evaluating our approach in transfer-like attack settings and through other image similarity metrics. | - |
| dc.format.extent | 19 | - |
| dc.language | 영어 | - |
| dc.language.iso | ENG | - |
| dc.title | Scores Tell Everything about Bob: Non-adaptive Face Reconstruction on Face Recognition Systems | - |
| dc.type | Article | - |
| dc.identifier.doi | 10.1109/SP54263.2024.00161 | - |
| dc.identifier.scopusid | 2-s2.0-85204055673 | - |
| dc.identifier.wosid | 001310833901040 | - |
| dc.identifier.bibliographicCitation | Proceedings - IEEE Symposium on Security and Privacy, pp 1684 - 1702 | - |
| dc.citation.title | Proceedings - IEEE Symposium on Security and Privacy | - |
| dc.citation.startPage | 1684 | - |
| dc.citation.endPage | 1702 | - |
| dc.type.docType | Proceedings Paper | - |
| dc.description.isOpenAccess | N | - |
| dc.description.journalRegisteredClass | scopus | - |
| dc.relation.journalResearchArea | Computer Science | - |
| dc.relation.journalWebOfScienceCategory | Computer Science, Information Systems | - |
| dc.relation.journalWebOfScienceCategory | Computer Science, Theory & Methods | - |
| dc.subject.keywordAuthor | Adversarial Attack | - |
| dc.subject.keywordAuthor | Biometric Authentication | - |
| dc.subject.keywordAuthor | Face Recognition | - |
| dc.subject.keywordAuthor | Face Reconstruction Attack | - |
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.
222, Wangsimni-ro, Seongdong-gu, Seoul, 04763, Korea+82-2-2220-1366
COPYRIGHT © 2024 HANYANG UNIVERSITY.
Certain data included herein are derived from the © Web of Science of Clarivate Analytics. All rights reserved.
You may not copy or re-distribute this material in whole or in part without the prior written consent of Clarivate Analytics.
