=Paper=
{{Paper
|id=Vol-2843/paper2
|storemode=property
|title=Cognitive security modeling of biometric system of neural network cryptography (paper)
|pdfUrl=https://ceur-ws.org/Vol-2843/paper002.pdf
|volume=Vol-2843
|authors=Alexey Vulfin,Vladimir Vasilyev,Anastasia Kirillova,Andrey Nikonov
}}
==Cognitive security modeling of biometric system of neural network cryptography (paper)==
https://ceur-ws.org/Vol-2843/paper002.pdf
Cognitive security modeling of biometric system of neural
network cryptography*
Alexey Vulfin, Vladimir Vasilyev, Anastasia Kirillova and Andrey Nikonov
Ufa State Aviation Technical University, 12, K. Marks st., Ufa, 450008, Russian Federation
kirillova.andm@gmail.com
Abstract. The object of the research is a biometric authentication system based
on neural network transformation of features into a cryptographic key. The
analysis of the security of such systems is carried out using the methods of cog-
nitive modeling. The use of the neural network transformation “biometrics-key”
can significantly reduce the likelihood of a number of attacks by external in-
truders due to the distributed storage of the base of biometric images and allows
the use of a secret cryptographic key generated on the basis of the image as the
output vector of the neural network. To assess the security of the biometric sys-
tem based on the ML model, an analysis of current threats, vulnerabilities and
potential attack vectors was carried out. A fuzzy gray cognitive map is built for
modeling and assessing local relative risks of information security in the event
of an attacker without using and using the architecture of the ML model of the
neural network transformation “biometrics-key”. The indicators of the local
relative risk of a system malfunction and refusal to use it (breach of integrity)
and modification of the base and ML model (breach of confidentiality) de-
creased by 45%.
Keywords: Biometric authentication system, Fuzzy gray cognitive map, Bio-
metrics-key.
1 Introduction
Currently, traditional authentication methods (passwords and IDs) are no longer suffi-
cient to ensure security - they have been replaced by integrated biometric systems
embedded in an increasing number of devices (for example, FaceID and TouchID
technologies in mobile devices). Today, there are two main areas of application of
biometric methods: solving the problem of user authentication and their integration
with cryptographic systems [1-3]. Cryptographic systems are much more secure than
traditional biometric systems. One of their main disadvantages is the problem of en-
suring reliable storage and correct use of secret cryptographic keys [1; 4].
Biometric authentication systems based on the use of artificial intelligence and ma-
chine learning technologies approximate a nonlinear functional display that allows the
*
Copyright © 2021 for this paper by its authors. Use permitted under Creative Commons License Attribu-
tion 4.0 International (CC BY 4.0).
�recognized biometric image to be attributed to one of the predefined classes. The
machine learning models (ML models) used to solve this problem are very sensitive
to changes in input data, which allows an attacker in some cases to influence the re-
sult of the biometric system by modifying the presented biometric images. A signifi-
cant number of services operate on the basis of ML models that process biometric
images, which is an important problem in ensuring information security of the system
as a whole [5].
The purpose of the work is to provide a cognitive analysis of the security of a bio-
metric authentication system based on a neural network transformation of biometric
features into a cryptographic key.
To achieve the purpose, the following tasks were set:
─ analysis of existing biometric cryptographic systems;
─ security assessment of the neural network biometric authentication system based
on cognitive modeling technologies.
2 Analysis of existing biometric cryptographic systems and
methods for processing facial images
Existing biometric cryptographic systems using facial images as primary biometric
features can be divided into three categories according to the nature of the crypto-
graphic key processing (Table 1).
Table 1. Categories of biometric cryptographic systems.
“key release “key binding cryptosystems” “key generation crypto-
cryptosystems” systems”
Features Biometric refer- 1) the cryptographic key and 1) the cryptographic key
ence and key are the biometric reference are is extracted from the
stored separately linked by an algorithm for user's biometric data and
replacing a small number of is not stored in the data-
secret bits with a cryptographic base;
key; 2) large artificial neural
2) correction codes are used; networks;
3) fuzzy vault is the most com- 3) fuzzy extractors.
mon scheme.
Advantages Ease of imple- The security of the method is Cryptographic key is not
mentation due to the secrecy of the key stored in the database
closing and recovery algorithms
Disadvantages 1) biometric 1) deterministic key-closing 1) high complexity of
standards are algorithms can be compro- system implementation;
stored locally; mised; 2) biometric data is
2) requires ac- 2) algorithms are difficult to inaccurately reproduci-
cess to locally implement due to the variability ble, which makes it
stored unsecured of biometric features. difficult to use it as the
� and unencrypted basis for sustainable key
biometric tem- generation.
plates.
Vulnerabilities An attacker has 1) correlation attacks, attacks
and attacks replaced the via record multiplicity – ARM;
image compari- 2) surreptitious key-inversion
son module with attacks – SKI;
malware. 3) blended substitution attacks.
For the subsequent analysis and application of the ML model in solving the prob-
lem of image classification, it is necessary to extract the vector of primary features
from the generated biometric templates [6]. A possible taxonomy of methods for con-
structing vectors of primary formal features with an analysis of advantages and disad-
vantages is presented in Table 2.
Table 2. Features of methods for extracting and matching features.
Method name Advantages Disadvantages Approach to
constructing the
primary feature
vector
Elastic graph identification accuracy computational complexity; approaches based
matching [5; 7] reaches 95-97% even with linear dependence of the on anatomical
a head position deviation running time on the size of features
of 15 degrees and with a the database of data images
change in emotional state
Face recogni- high recognition accuracy; increased requirements for
tion techniques works independently of shooting conditions and
in 3D space [8- natural transformations due system computing re-
10] to facial features sources
Principal identification accuracy up the effectiveness of the a holistic ap-
component to 95%; reduction in the method decreases with proach is the
analysis [11] dimensionality of the fea- varying object illumination processing of the
ture space entire image area
Linear splits images into classes large training sample containing the
discriminant better than principal com- required face as a se-
analysis [11] ponent method quence of lines
Hopfield high speed of work; weak small network capacity without taking
network dependence of conver- into account
gence on network dimen- individual ana-
sion tomical features
Convolutional identification accuracy it requires a very large
neural network 96%; resistance to changes training sample and sig-
[11] in scale, head displacement nificant computational
resources to train a neural
� network
Self-organizing resistance to noisy data; only works with real nu-
two- high learning rate; reduces meric vectors
dimensional the dimension of the input
Kohonen map data
[11]
Multilayer high generalizing ability;
the complexity of the se-
perceptron [11] resistance to noise in the
lection of hyperparameters
training set; high speed of
and network configuration;
work after training the difficulty of creating a
good training sample; the
likelihood of overtraining
and undertraining
Histogram of does not depend on the size sensitive to changes in
oriented of the object (face) object orientation in space
gradients [11]
Support vector high speed of work sensitive to noise in the
machine [11] training set
Algorithm for good generalizing ability; the possibility of retrain-
enhancing the simplicity of software ing; great computational
composition of implementation; high complexity
classifiers recognition accuracy
Methods Using high recognition accuracy; it is necessary to select the
Hidden Markov the possibility of compli- model parameters for each
Models cating the model; database; inability to track
the internal state of the
model
To generate keys based on biometric images, two main tools are used (Table 3)
that meet the requirements of modern cryptography and have an acceptable estimate
of the magnitude of the second type error [12-18]:
─ neural network converter “biometrics-code” (Fig. 1, a);
─ fuzzy extractors (Fig. 1, b).
Table 3. Key generation tools based on biometric images.
Neural network converter “biometrics- “fuzzy extractors” [1, 2, 20]
code” [19, 20]
Features A large artificial neural network of Uniquely recover the secret key from
feedforward propagation with a large the fuzzy biometric image based on
dimension of inputs and outputs and a the helper data that is public.
small number of hidden layers, which
transforms an ambiguous, fuzzy vector
of input biometric parameters “our”
into a unique code of a cryptographic
� key, any other vector (“alien”) into a
random signal.
Advantages GOST R 52633-2006†: protection the length of the generated key is
against attacks on the “last bit” of the
specified as an algorithm parameter;
decision rule. no need to store a private key, but
storage of auxiliary data is required;
allows to get a single key from one
set of biometric data
Disadvantages Training requires significant comput- the quality of work corresponds to
ing resources and makes high demands the quality of the applied error cor-
on the quality of the training sample. rection codes; fuzzy extractors are
susceptible to the same classes of
attacks as fuzzy containers
a)
b)
Fig. 1. The scheme of the neural network converter “biometrics-code” (a) and the fuzzy
extractor (b).
†
GOST R 52633-2006 З Information protection. Information protection technology.
Requirements for the means of high-reliability biometric authentication,
http://docs.cntd.ru/document/1200048922, last accessed 2021/01/10.
�X – the biometric template used during registration, F – the quantization function, R –
the random noise introduced into the construction of the secure sketch, P – the gener-
ated secure sketch, Y – the biometric template used in the user authentication process.
A generalized scheme of the neural network system of biometric identification and
authentication (NSBIA) of a person is shown in Fig. 2 and reflects the main stages of
processing biometric information.
Fig. 2. Generalized scheme of a neural network system of biometric identification.
To store the database of biometric formed, the parameters of the neural network
connection weights are used, which makes it possible to ensure the confidentiality of
the biometric network system, since even a compromise of the neural network con-
nection weights will not give the intruder information either about the users of the
system, or the system itself. The only vulnerable element of the system is the output
vector generated by the neural network, which makes it possible to assign the pre-
sented biometric image to one of the known classes. This type of attack on a biomet-
ric system is called an attack on the “last bit” of the decision rule [19], when an at-
tacker presents an output vector to the information system, in which a unit in a spe-
cific line position indicates the class of a legitimate user of the system registered in
the NSBIA. An attacker will gain access to the system under the guise of an existing
user. A diagram of such an attack is shown in Fig. 3.
Consequently, the use of biometric systems based on this class of neural networks
and other ML models with an open vector encoding the belonging of the input image
to a certain class becomes problematic in open and weakly protected information
systems.
� Fig. 3. Fragment of the attack scheme on the “last bit” of the decision rule.
The key for biometric identification and authentication systems are falsification of
biometric data presented through the user interface and leakage from the database of
biometric images‡. Vulnerabilities in the implementations of biometric identification
and authentication systems can be divided into:
─ vulnerabilities in used libraries and plug-ins;
─ vulnerabilities in the program code;
─ architectural vulnerabilities.
─ Attacks on biometric images presented through the system user interface can be
divided into two groups:
─ non-targeted attack (a general type of attack when the main target is an incorrect
classification result);
─ targeted attack (the goal is to obtain a label of the required class for a given input
image§).
─ For systems using machine learning methods and technologies, there are two types
of AML attacks (adversarial machine learning)**:
─ evasion – an attacker causes the model to behave incorrectly. The system is viewed
by the attacker as a black box. This type of attack is considered the most common
‡
How vulnerable are biometric Big Data systems: causes of errors and their meas-
urement metrics, https://www.bigdataschool.ru/blog/biometrics-vulnerabilities-big-
data-ml.html
§
Attacks on biometric systems, https://www.itsec.ru/articles/ataka-na-
biometricheskie-sistemy
**
How to deceive a neural network or what is an Adversarial attack,
https://chernobrovov.ru/articles/kak-obmanut-nejroset-ili-chto-takoe-adversarial-
attack.html
� and includes spoofing attacks on biometric systems, when an attacker tries to dis-
guise himself as another person.
─ poisoning – an attacker seeks to gain access to the data and learning process of the
ML model in order to disrupt the learning process. Poisoning can be thought of as
malicious infection of training data. The attacker possesses information about the
system (Adversarial Knowledge, AK): sources and algorithms for processing data
for training, training algorithms and resulting parameters.
3 Security assessment of the authentication system with neural
network conversion of biometric parameters into a
cryptographic “private” key
The final structure of the identification and authentication system with neural network
conversion of biometric parameters into a cryptographic "private" key is shown in
Fig. 4.
Fig. 4. The structure of a neural network biometric authentication system with a neural
network transformation of biometric parameters into a cryptographic “private” key.
� To assess the security of the system shall use the methodology for analyzing in-
formation security and cybersecurity based on fuzzy gray cognitive maps, detailed in
[21].
Fuzzy gray cognitive map (FGCM) is a directed graph defined using a tuple of sets
[21]:
FGCM = 〈C, F, W〉, (1)
Where C – a set of concepts, which are significant factors (graph vertices), F – a
set of connections between concepts (directed arcs), and W – a set of weights of
FGCM connections, which can be both positive and negative for “strengthening” and
“weakening” the influence of the concept, respectively.
The use of the algebra of “gray” numbers when specifying the set W allows the use
of a fuzzy linguistic scale, considering the degree of confidence of the expert in the
current assessment (Table 4). The state of concepts X will also be defined as a “gray”
number at an arbitrary discrete moment in time t N 0 :
n
X i t 1 f X i t W ji X j t ,
(2)
j 1
( j i)
Where X i t and X i t 1 – the values of the concept state variable at times t
and t 1 , n – number of concepts in FGCM, f () – nonlinear concept function (hy-
perbolic tangent).
Table 4. Fuzzy linguistic scale for assessing the relationship between concepts (assessment of
mutual influence).
Linguistic meaning Range Term designation
Not affect 0 Z
Very low (0; 0,15] VL
Low (0,15; 0,35] L
Middle (0,35; 0,6] M
High (0,6; 0,85] H
Very high (0,85; 1] VH
Potential threats†† to information security and cybersecurity breaches and potential
vulnerabilities of the neural network biometric authentication system are highlighted
in Table 5.
††
Database of information security threats FSTEC, https://bdu.fstec.ru/threat, last
accessed 2021/01/10.
� Table 5. Threats to information security and cybersecurity of a neural network biometric au-
thentication system.
Threats from BDU FSTEC Description Prerequisites and implementation
UBI.218 Machine learning Disclosure by the violator It is caused by the weaknesses of
model information disclo- of information about the access differentiation in informa-
sure threat (breach of confi- machine learning model tion (automated) systems using
dentiality) used in the information machine learning.
(automated) system. Implementation is possible if the
attacker has direct access to the
machine learning model.
UBI.219 Training data theft Possibility of theft by the It is caused by weaknesses in the
threat (breach of confiden- violator of training data differentiation of access to training
tiality) used in an information data used in the information (auto-
(automated) system that mated) system.
implements artificial intel- Implementation is possible if the
ligence technologies. violator has direct access to the
training data.
UBI.220 Threat of disrupt- Violation of the function- Due to the following reasons:
ing the functioning (“by- ing (“bypass”) by the vio- – lack of necessary data in the
pass”) of means that im- lator of the means that training sample;
plement artificial intelli- implement artificial intelli- – the presence of weaknesses in the
gence technologies (breach gence technologies. ML model.
of confidentiality)
UBI.221 Threat of modify- The possibility of modify- Due to the following reasons:
ing a machine learning ing (distorting) a machine – disadvantages of the machine
model by distorting (“poi- learning model used in an learning process implementation;
soning”) training data information (automated) – disadvantages of machine learn-
(breach of integrity) system that implements ing algorithms.
artificial intelligence tech- Implementation is possible if the
nologies. attacker has the ability to influence
the machine learning process.
UBI.222 Threat of substitu- The possibility of an in- It is caused by weaknesses in the
tion of a machine learning truder replacing a machine differentiation of access in infor-
model (breach of integrity, learning model used in an mation (automated) systems that
confidentiality) information (automated) use machine learning.
system that implements Implementation is possible if the
artificial intelligence tech- attacker has direct access to the
nologies. ML model.
In Table 6, the main vulnerabilities correspond to the C7 – C9 FGCM concepts.
Threats C2 – C6 correspond to scenarios of exposure to an external attacker in the
course of exploiting one or more system vulnerabilities. The assessment of local rela-
tive risks of violation of information security and cybersecurity of the NSBIA system
�was carried out for the most likely attack vectors. The corresponding FGCM is shown
in Fig. 5.
Fig. 5. Fuzzy cognitive map for assessing local relative risks of information security and
cybersecurity breach NSBIA.
Table 6. Description of FGCM concepts.
Concept Name Concept type
ExtAt1 External attacker Concept driver
C2 ML model disclosure threat (UBI.218) Threats
C3 Training data theft threat (UBI.219)
C4 Threat of malfunctioning ML model (UBI.220)
С5 ML model modification threat (UBI.221)
С6 Threat of substitution of the ML model (UBI.222)
C7 Vulnerability of libraries and models (plugins) Vulnerabilities
C8 Vulnerability of the software implementation of the model
C9 Architectural vulnerabilities
C10 Base of biometric images Target system
C11 ML model resources
C12 Countermeasure based on the implementation of the neural Concept driver
network transformation “biometrics-key”
C13 Violation of the system's performance and refusal to use it Effects
(breach of integrity)
C14 Modification of the base and ML model (breach of confi-
dentiality)
� Let us consider the scenario of an attacker's impact with and without using a coun-
termeasure based on a neural network transformation “biometrics-key” to ensure in-
formation security and cybersecurity of the NSBIA.
Fig. 6 andFig. 7 below show the process of changing the state of FGCM concepts
in the event of an attacker without using and using the implementation of the neural
network transformation “biometrics-key” to ensure information security and cyberse-
curity of NSBIA as a defensive countermeasure.
a)
b)
Fig. 6. Change in time of the state of (a) “grayness” – the spread of the assessment, (b)
“bleached” – the central meaning of the gray assessment) of concepts under the influence
of an attacker without using the implementation of the neural network transformation
“biometrics-key”.
� a)
b)
Fig. 7. Change in time of the state of (a) “grayness” – the spread of the assessment, (b)
“bleached” – the central meaning of the gray assessment) of concepts under the influence
of an attacker and the application of a protective countermeasure based on the neural net-
work transformation “biometrics-key”.
Local relative risk indicators for target concepts C13, C14 are shown in Table 7.
Table 7. Results of risk analysis based on FGCM.
Concept without the use of neu- after applying the neural
ral network transforma- network transformation
tion “biometrics-key” “biometrics-key”
Violation of the system's performance [0.0162; 0.4156] [0.0442; 0.2560]
and refusal to use it (breach of integrity)
Modification of the base and ML model [0.0199; 0.4694] [0.0527; 0.2846]
(breach of confidentiality)
�4 Discussion
The use of cognitive analysis in the task of assessing information security and cyber-
security risks allows us to consider the range of opinions of experts, as well as the
inaccuracy and incompleteness of the data collected during the audit on the state and
properties of the information system. Cognitive models allow one to formalize the
mutual influence of system elements and the destabilizing effects of internal and ex-
ternal abusers who exploit vulnerabilities of software and hardware components,
which are a significant decision-making tool in the process of qualitative and quanti-
tative assessments. Scenarios for modeling the impact of an attacker using a gray
fuzzy cognitive map built based on expert data make it possible to assess the effec-
tiveness of the applied protection tools and select the optimal combination of applied
solutions, considering the identified threats and potential attack vectors on NSBIA,
including ML models for processing biometric data.
5 Conclusion
The paper proposes an approach to the analysis of the security of integrated biometric
authentication and identification systems based on gray fuzzy cognitive maps. A fea-
ture of the biometric system is the use of a neural network transformation “biomet-
rics-key”, which provides distributed storage of the base of biometric images and
allows the use of a secret cryptographic key generated based on the image as an out-
put of the neural network.
To assess the security of biometric authentication and identification systems using
ML models, an analysis of current threats, vulnerabilities and potential attack vectors
was carried out, on the basis of which a fuzzy gray cognitive map was built to assess
local relative risks of ensuring information security and cybersecurity in the event of
an attacker without using and using neural network transformation “biometrics-key”.
Local relative risk indicators for key information resources decreased by 45%.
6 Acknowledgments
The reported study was funded by Ministry of Science and Higher Education of the
Russian Federation (information security) as part of research project № 1/2020.
References
1. Vasilyev, V.I.: Intelligent information security systems. 2nd edn. M.:Mashinostroenie, 199
(2012).
2. Kulikova, O.V.: Biometric cryptographic systems and their applications. Bezopasnost' in-
formacionnyh tehnologij, 16(3), 53–58 (2009).
3. Merkushev, O. Yu., Sidorkina, I.G.: Use of biometric cryptography in a control system of
access. Software & System, 4, 172–175 (2012).
� 4. Abu Elreesh, J.Y., Abu-Naser, S.S. Cloud Network Security Based on Biometrics Cryp-
tography Intelligent Tutoring System. International Journal of Academic Information Sys-
tems Research (IJAISR), 3(3), 37–70 (2019).
5. Barreno, M. et al.: The security of machine learning. Machine Learning, 81(2), 121–148
(2010).
6. Turk, M., Pentland, A.: Face recognition using eigenfaces. In Journal of Cognitive Neuro-
science, 3, 7286 (2001).
7. Wiskott, L. et al.: Face recognition by elastic bunch graph matching. IEEE Transactions on
pattern analysis and machine intelligence, 19(7), 775–779 (1997).
8. Wagner, A. et al.: Toward a practical face recognition system: Robust alignment and illu-
mination by sparse representation. IEEE transactions on pattern analysis and machine in-
telligence, 34(2), 372–386 (2011).
9. Paul, L.C., Al Sumam A.: Face recognition using principal component analysis method.
International Journal of Advanced Research in Computer Engineering & Technology
(IJARCET), 1(9), 135–139 (2012).
10. Bhele, S.G., Mankar, V.H.: A review paper on face recognition techniques. International
Journal of Advanced Research in Computer Engineering & Technology (IJARCET), 1(8),
339–346 (2012).
11. Ding, S. et al.: Evolutionary artificial neural networks: a review. Artificial Intelligence Re-
view, 39(3), 251–260 (2013).
12. Dodis, Y. et al.: Robust fuzzy extractors and authenticated key agreement from close se-
crets. In: Dwork C. (Ed.) Annual International Cryptology Conference CRYPTO 2006,
LNCS 4117, 232–250. Springer, Berlin, Heidelberg, (2006).
13. Boyen, X. et al.: Secure remote authentication using biometric data. In: Cramer, R. (Ed.)
Annual International Conference on the Theory and Applications of Cryptographic Tech-
niques EUROCRYPT 2005, LNCS 3494, 147–163, Springer, Berlin, Heidelberg (2005).
14. Sahai A., Waters B.: Fuzzy identity-based encryption. In: Cramer, R. (Ed.) Annual Interna-
tional Conference on the Theory and Applications of Cryptographic Techniques
EUROCRYPT 2005, LNCS 3494, 457–473, Springer, Berlin, Heidelberg (2005).
15. Baek, J., Susilo, W., Zhou, J.: New constructions of fuzzy identity-based encryption. In:
Proceedings of the 2nd ACM symposium on Information, computer and communications
security, 368–370, ACM New York. NY, USA (2007).
16. Fang, L. et al.: Chosen-Ciphertext Secure Fuzzy Identity-Based Key Encapsulation with-
out ROM. IACR Cryptology ePrint Archive 2008, 139–151 (2008).
17. Fang, L., Xia, J.: Full Security: Fuzzy Identity Based Encryption. IACR Cryptology ePrint
Archive, 307 (2008).
18. Yang, P., Cao, Z., Dong, X.: Fuzzy Identity Based Signature. IACR Cryptology EPrint Ar-
chive, 2 (2008).
19. Vasilyev, V.I. et al.: Analysis of confidential data protection in critical information infra-
structure and the use of biometric, neural network and cryptographic algorithms (standards
review and perspectives). Informacionnye tehnologii i sistemy, 193–197 (2019).
20. Juels, A., Sudan, M.: A fuzzy vault scheme. Designs, Codes and Cryptography, 38(2),
237–257 (2006).
21. Salmeron, J.L.: A Fuzzy Grey Cognitive Maps-based intelligent security system. 2015
IEEE International Conference on Grey Systems and Intelligent Services (GSIS). IEEE,
29–32 (2015).
�