Cognitive security modeling of biometric system of neural network cryptography* Alexey Vulfin, Vladimir Vasilyev, Anastasia Kirillova and Andrey Nikonov Ufa State Aviation Technical University, 12, K. Marks st., Ufa, 450008, Russian Federation kirillova.andm@gmail.com Abstract. The object of the research is a biometric authentication system based on neural network transformation of features into a cryptographic key. The analysis of the security of such systems is carried out using the methods of cog- nitive modeling. The use of the neural network transformation “biometrics-key” can significantly reduce the likelihood of a number of attacks by external in- truders due to the distributed storage of the base of biometric images and allows the use of a secret cryptographic key generated on the basis of the image as the output vector of the neural network. To assess the security of the biometric sys- tem based on the ML model, an analysis of current threats, vulnerabilities and potential attack vectors was carried out. A fuzzy gray cognitive map is built for modeling and assessing local relative risks of information security in the event of an attacker without using and using the architecture of the ML model of the neural network transformation “biometrics-key”. The indicators of the local relative risk of a system malfunction and refusal to use it (breach of integrity) and modification of the base and ML model (breach of confidentiality) de- creased by 45%. Keywords: Biometric authentication system, Fuzzy gray cognitive map, Bio- metrics-key. 1 Introduction Currently, traditional authentication methods (passwords and IDs) are no longer suffi- cient to ensure security - they have been replaced by integrated biometric systems embedded in an increasing number of devices (for example, FaceID and TouchID technologies in mobile devices). Today, there are two main areas of application of biometric methods: solving the problem of user authentication and their integration with cryptographic systems [1-3]. Cryptographic systems are much more secure than traditional biometric systems. One of their main disadvantages is the problem of en- suring reliable storage and correct use of secret cryptographic keys [1; 4]. Biometric authentication systems based on the use of artificial intelligence and ma- chine learning technologies approximate a nonlinear functional display that allows the * Copyright © 2021 for this paper by its authors. Use permitted under Creative Commons License Attribu- tion 4.0 International (CC BY 4.0). recognized biometric image to be attributed to one of the predefined classes. The machine learning models (ML models) used to solve this problem are very sensitive to changes in input data, which allows an attacker in some cases to influence the re- sult of the biometric system by modifying the presented biometric images. A signifi- cant number of services operate on the basis of ML models that process biometric images, which is an important problem in ensuring information security of the system as a whole [5]. The purpose of the work is to provide a cognitive analysis of the security of a bio- metric authentication system based on a neural network transformation of biometric features into a cryptographic key. To achieve the purpose, the following tasks were set: ─ analysis of existing biometric cryptographic systems; ─ security assessment of the neural network biometric authentication system based on cognitive modeling technologies. 2 Analysis of existing biometric cryptographic systems and methods for processing facial images Existing biometric cryptographic systems using facial images as primary biometric features can be divided into three categories according to the nature of the crypto- graphic key processing (Table 1). Table 1. Categories of biometric cryptographic systems. “key release “key binding cryptosystems” “key generation crypto- cryptosystems” systems” Features Biometric refer- 1) the cryptographic key and 1) the cryptographic key ence and key are the biometric reference are is extracted from the stored separately linked by an algorithm for user's biometric data and replacing a small number of is not stored in the data- secret bits with a cryptographic base; key; 2) large artificial neural 2) correction codes are used; networks; 3) fuzzy vault is the most com- 3) fuzzy extractors. mon scheme. Advantages Ease of imple- The security of the method is Cryptographic key is not mentation due to the secrecy of the key stored in the database closing and recovery algorithms Disadvantages 1) biometric 1) deterministic key-closing 1) high complexity of standards are algorithms can be compro- system implementation; stored locally; mised; 2) biometric data is 2) requires ac- 2) algorithms are difficult to inaccurately reproduci- cess to locally implement due to the variability ble, which makes it stored unsecured of biometric features. difficult to use it as the and unencrypted basis for sustainable key biometric tem- generation. plates. Vulnerabilities An attacker has 1) correlation attacks, attacks and attacks replaced the via record multiplicity – ARM; image compari- 2) surreptitious key-inversion son module with attacks – SKI; malware. 3) blended substitution attacks. For the subsequent analysis and application of the ML model in solving the prob- lem of image classification, it is necessary to extract the vector of primary features from the generated biometric templates [6]. A possible taxonomy of methods for con- structing vectors of primary formal features with an analysis of advantages and disad- vantages is presented in Table 2. Table 2. Features of methods for extracting and matching features. Method name Advantages Disadvantages Approach to constructing the primary feature vector Elastic graph identification accuracy computational complexity; approaches based matching [5; 7] reaches 95-97% even with linear dependence of the on anatomical a head position deviation running time on the size of features of 15 degrees and with a the database of data images change in emotional state Face recogni- high recognition accuracy; increased requirements for tion techniques works independently of shooting conditions and in 3D space [8- natural transformations due system computing re- 10] to facial features sources Principal identification accuracy up the effectiveness of the a holistic ap- component to 95%; reduction in the method decreases with proach is the analysis [11] dimensionality of the fea- varying object illumination processing of the ture space entire image area Linear splits images into classes large training sample containing the discriminant better than principal com- required face as a se- analysis [11] ponent method quence of lines Hopfield high speed of work; weak small network capacity without taking network dependence of conver- into account gence on network dimen- individual ana- sion tomical features Convolutional identification accuracy it requires a very large neural network 96%; resistance to changes training sample and sig- [11] in scale, head displacement nificant computational resources to train a neural network Self-organizing resistance to noisy data; only works with real nu- two- high learning rate; reduces meric vectors dimensional the dimension of the input Kohonen map data [11] Multilayer high generalizing ability; the complexity of the se- perceptron [11] resistance to noise in the lection of hyperparameters training set; high speed of and network configuration; work after training the difficulty of creating a good training sample; the likelihood of overtraining and undertraining Histogram of does not depend on the size sensitive to changes in oriented of the object (face) object orientation in space gradients [11] Support vector high speed of work sensitive to noise in the machine [11] training set Algorithm for good generalizing ability; the possibility of retrain- enhancing the simplicity of software ing; great computational composition of implementation; high complexity classifiers recognition accuracy Methods Using high recognition accuracy; it is necessary to select the Hidden Markov the possibility of compli- model parameters for each Models cating the model; database; inability to track the internal state of the model To generate keys based on biometric images, two main tools are used (Table 3) that meet the requirements of modern cryptography and have an acceptable estimate of the magnitude of the second type error [12-18]: ─ neural network converter “biometrics-code” (Fig. 1, a); ─ fuzzy extractors (Fig. 1, b). Table 3. Key generation tools based on biometric images. Neural network converter “biometrics- “fuzzy extractors” [1, 2, 20] code” [19, 20] Features A large artificial neural network of Uniquely recover the secret key from feedforward propagation with a large the fuzzy biometric image based on dimension of inputs and outputs and a the helper data that is public. small number of hidden layers, which transforms an ambiguous, fuzzy vector of input biometric parameters “our” into a unique code of a cryptographic key, any other vector (“alien”) into a random signal. Advantages GOST R 52633-2006†: protection the length of the generated key is against attacks on the “last bit” of the specified as an algorithm parameter; decision rule. no need to store a private key, but storage of auxiliary data is required; allows to get a single key from one set of biometric data Disadvantages Training requires significant comput- the quality of work corresponds to ing resources and makes high demands the quality of the applied error cor- on the quality of the training sample. rection codes; fuzzy extractors are susceptible to the same classes of attacks as fuzzy containers a) b) Fig. 1. The scheme of the neural network converter “biometrics-code” (a) and the fuzzy extractor (b). † GOST R 52633-2006 З Information protection. Information protection technology. Requirements for the means of high-reliability biometric authentication, http://docs.cntd.ru/document/1200048922, last accessed 2021/01/10. X – the biometric template used during registration, F – the quantization function, R – the random noise introduced into the construction of the secure sketch, P – the gener- ated secure sketch, Y – the biometric template used in the user authentication process. A generalized scheme of the neural network system of biometric identification and authentication (NSBIA) of a person is shown in Fig. 2 and reflects the main stages of processing biometric information. Fig. 2. Generalized scheme of a neural network system of biometric identification. To store the database of biometric formed, the parameters of the neural network connection weights are used, which makes it possible to ensure the confidentiality of the biometric network system, since even a compromise of the neural network con- nection weights will not give the intruder information either about the users of the system, or the system itself. The only vulnerable element of the system is the output vector generated by the neural network, which makes it possible to assign the pre- sented biometric image to one of the known classes. This type of attack on a biomet- ric system is called an attack on the “last bit” of the decision rule [19], when an at- tacker presents an output vector to the information system, in which a unit in a spe- cific line position indicates the class of a legitimate user of the system registered in the NSBIA. An attacker will gain access to the system under the guise of an existing user. A diagram of such an attack is shown in Fig. 3. Consequently, the use of biometric systems based on this class of neural networks and other ML models with an open vector encoding the belonging of the input image to a certain class becomes problematic in open and weakly protected information systems. Fig. 3. Fragment of the attack scheme on the “last bit” of the decision rule. The key for biometric identification and authentication systems are falsification of biometric data presented through the user interface and leakage from the database of biometric images‡. Vulnerabilities in the implementations of biometric identification and authentication systems can be divided into: ─ vulnerabilities in used libraries and plug-ins; ─ vulnerabilities in the program code; ─ architectural vulnerabilities. ─ Attacks on biometric images presented through the system user interface can be divided into two groups: ─ non-targeted attack (a general type of attack when the main target is an incorrect classification result); ─ targeted attack (the goal is to obtain a label of the required class for a given input image§). ─ For systems using machine learning methods and technologies, there are two types of AML attacks (adversarial machine learning)**: ─ evasion – an attacker causes the model to behave incorrectly. The system is viewed by the attacker as a black box. This type of attack is considered the most common ‡ How vulnerable are biometric Big Data systems: causes of errors and their meas- urement metrics, https://www.bigdataschool.ru/blog/biometrics-vulnerabilities-big- data-ml.html § Attacks on biometric systems, https://www.itsec.ru/articles/ataka-na- biometricheskie-sistemy ** How to deceive a neural network or what is an Adversarial attack, https://chernobrovov.ru/articles/kak-obmanut-nejroset-ili-chto-takoe-adversarial- attack.html and includes spoofing attacks on biometric systems, when an attacker tries to dis- guise himself as another person. ─ poisoning – an attacker seeks to gain access to the data and learning process of the ML model in order to disrupt the learning process. Poisoning can be thought of as malicious infection of training data. The attacker possesses information about the system (Adversarial Knowledge, AK): sources and algorithms for processing data for training, training algorithms and resulting parameters. 3 Security assessment of the authentication system with neural network conversion of biometric parameters into a cryptographic “private” key The final structure of the identification and authentication system with neural network conversion of biometric parameters into a cryptographic "private" key is shown in Fig. 4. Fig. 4. The structure of a neural network biometric authentication system with a neural network transformation of biometric parameters into a cryptographic “private” key. To assess the security of the system shall use the methodology for analyzing in- formation security and cybersecurity based on fuzzy gray cognitive maps, detailed in [21]. Fuzzy gray cognitive map (FGCM) is a directed graph defined using a tuple of sets [21]: FGCM = 〈C, F, W〉, (1) Where C – a set of concepts, which are significant factors (graph vertices), F – a set of connections between concepts (directed arcs), and W – a set of weights of FGCM connections, which can be both positive and negative for “strengthening” and “weakening” the influence of the concept, respectively. The use of the algebra of “gray” numbers when specifying the set W allows the use of a fuzzy linguistic scale, considering the degree of confidence of the expert in the current assessment (Table 4). The state of concepts X will also be defined as a “gray” number at an arbitrary discrete moment in time t  N  0 :  n  X i  t  1  f X i  t    W ji X j  t   ,  (2)  j 1   ( j i)  Where X i  t  and X i  t  1 – the values of the concept state variable at times t and t  1 , n – number of concepts in FGCM, f () – nonlinear concept function (hy- perbolic tangent). Table 4. Fuzzy linguistic scale for assessing the relationship between concepts (assessment of mutual influence). Linguistic meaning Range Term designation Not affect 0 Z Very low (0; 0,15] VL Low (0,15; 0,35] L Middle (0,35; 0,6] M High (0,6; 0,85] H Very high (0,85; 1] VH Potential threats†† to information security and cybersecurity breaches and potential vulnerabilities of the neural network biometric authentication system are highlighted in Table 5. †† Database of information security threats FSTEC, https://bdu.fstec.ru/threat, last accessed 2021/01/10. Table 5. Threats to information security and cybersecurity of a neural network biometric au- thentication system. Threats from BDU FSTEC Description Prerequisites and implementation UBI.218 Machine learning Disclosure by the violator It is caused by the weaknesses of model information disclo- of information about the access differentiation in informa- sure threat (breach of confi- machine learning model tion (automated) systems using dentiality) used in the information machine learning. (automated) system. Implementation is possible if the attacker has direct access to the machine learning model. UBI.219 Training data theft Possibility of theft by the It is caused by weaknesses in the threat (breach of confiden- violator of training data differentiation of access to training tiality) used in an information data used in the information (auto- (automated) system that mated) system. implements artificial intel- Implementation is possible if the ligence technologies. violator has direct access to the training data. UBI.220 Threat of disrupt- Violation of the function- Due to the following reasons: ing the functioning (“by- ing (“bypass”) by the vio- – lack of necessary data in the pass”) of means that im- lator of the means that training sample; plement artificial intelli- implement artificial intelli- – the presence of weaknesses in the gence technologies (breach gence technologies. ML model. of confidentiality) UBI.221 Threat of modify- The possibility of modify- Due to the following reasons: ing a machine learning ing (distorting) a machine – disadvantages of the machine model by distorting (“poi- learning model used in an learning process implementation; soning”) training data information (automated) – disadvantages of machine learn- (breach of integrity) system that implements ing algorithms. artificial intelligence tech- Implementation is possible if the nologies. attacker has the ability to influence the machine learning process. UBI.222 Threat of substitu- The possibility of an in- It is caused by weaknesses in the tion of a machine learning truder replacing a machine differentiation of access in infor- model (breach of integrity, learning model used in an mation (automated) systems that confidentiality) information (automated) use machine learning. system that implements Implementation is possible if the artificial intelligence tech- attacker has direct access to the nologies. ML model. In Table 6, the main vulnerabilities correspond to the C7 – C9 FGCM concepts. Threats C2 – C6 correspond to scenarios of exposure to an external attacker in the course of exploiting one or more system vulnerabilities. The assessment of local rela- tive risks of violation of information security and cybersecurity of the NSBIA system was carried out for the most likely attack vectors. The corresponding FGCM is shown in Fig. 5. Fig. 5. Fuzzy cognitive map for assessing local relative risks of information security and cybersecurity breach NSBIA. Table 6. Description of FGCM concepts. Concept Name Concept type ExtAt1 External attacker Concept driver C2 ML model disclosure threat (UBI.218) Threats C3 Training data theft threat (UBI.219) C4 Threat of malfunctioning ML model (UBI.220) С5 ML model modification threat (UBI.221) С6 Threat of substitution of the ML model (UBI.222) C7 Vulnerability of libraries and models (plugins) Vulnerabilities C8 Vulnerability of the software implementation of the model C9 Architectural vulnerabilities C10 Base of biometric images Target system C11 ML model resources C12 Countermeasure based on the implementation of the neural Concept driver network transformation “biometrics-key” C13 Violation of the system's performance and refusal to use it Effects (breach of integrity) C14 Modification of the base and ML model (breach of confi- dentiality) Let us consider the scenario of an attacker's impact with and without using a coun- termeasure based on a neural network transformation “biometrics-key” to ensure in- formation security and cybersecurity of the NSBIA. Fig. 6 andFig. 7 below show the process of changing the state of FGCM concepts in the event of an attacker without using and using the implementation of the neural network transformation “biometrics-key” to ensure information security and cyberse- curity of NSBIA as a defensive countermeasure. a) b) Fig. 6. Change in time of the state of (a) “grayness” – the spread of the assessment, (b) “bleached” – the central meaning of the gray assessment) of concepts under the influence of an attacker without using the implementation of the neural network transformation “biometrics-key”. a) b) Fig. 7. Change in time of the state of (a) “grayness” – the spread of the assessment, (b) “bleached” – the central meaning of the gray assessment) of concepts under the influence of an attacker and the application of a protective countermeasure based on the neural net- work transformation “biometrics-key”. Local relative risk indicators for target concepts C13, C14 are shown in Table 7. Table 7. Results of risk analysis based on FGCM. Concept without the use of neu- after applying the neural ral network transforma- network transformation tion “biometrics-key” “biometrics-key” Violation of the system's performance [0.0162; 0.4156] [0.0442; 0.2560] and refusal to use it (breach of integrity) Modification of the base and ML model [0.0199; 0.4694] [0.0527; 0.2846] (breach of confidentiality) 4 Discussion The use of cognitive analysis in the task of assessing information security and cyber- security risks allows us to consider the range of opinions of experts, as well as the inaccuracy and incompleteness of the data collected during the audit on the state and properties of the information system. Cognitive models allow one to formalize the mutual influence of system elements and the destabilizing effects of internal and ex- ternal abusers who exploit vulnerabilities of software and hardware components, which are a significant decision-making tool in the process of qualitative and quanti- tative assessments. Scenarios for modeling the impact of an attacker using a gray fuzzy cognitive map built based on expert data make it possible to assess the effec- tiveness of the applied protection tools and select the optimal combination of applied solutions, considering the identified threats and potential attack vectors on NSBIA, including ML models for processing biometric data. 5 Conclusion The paper proposes an approach to the analysis of the security of integrated biometric authentication and identification systems based on gray fuzzy cognitive maps. A fea- ture of the biometric system is the use of a neural network transformation “biomet- rics-key”, which provides distributed storage of the base of biometric images and allows the use of a secret cryptographic key generated based on the image as an out- put of the neural network. To assess the security of biometric authentication and identification systems using ML models, an analysis of current threats, vulnerabilities and potential attack vectors was carried out, on the basis of which a fuzzy gray cognitive map was built to assess local relative risks of ensuring information security and cybersecurity in the event of an attacker without using and using neural network transformation “biometrics-key”. Local relative risk indicators for key information resources decreased by 45%. 6 Acknowledgments The reported study was funded by Ministry of Science and Higher Education of the Russian Federation (information security) as part of research project № 1/2020. References 1. Vasilyev, V.I.: Intelligent information security systems. 2nd edn. M.:Mashinostroenie, 199 (2012). 2. Kulikova, O.V.: Biometric cryptographic systems and their applications. Bezopasnost' in- formacionnyh tehnologij, 16(3), 53–58 (2009). 3. Merkushev, O. Yu., Sidorkina, I.G.: Use of biometric cryptography in a control system of access. Software & System, 4, 172–175 (2012). 4. Abu Elreesh, J.Y., Abu-Naser, S.S. Cloud Network Security Based on Biometrics Cryp- tography Intelligent Tutoring System. International Journal of Academic Information Sys- tems Research (IJAISR), 3(3), 37–70 (2019). 5. Barreno, M. et al.: The security of machine learning. Machine Learning, 81(2), 121–148 (2010). 6. Turk, M., Pentland, A.: Face recognition using eigenfaces. In Journal of Cognitive Neuro- science, 3, 7286 (2001). 7. Wiskott, L. et al.: Face recognition by elastic bunch graph matching. IEEE Transactions on pattern analysis and machine intelligence, 19(7), 775–779 (1997). 8. Wagner, A. et al.: Toward a practical face recognition system: Robust alignment and illu- mination by sparse representation. IEEE transactions on pattern analysis and machine in- telligence, 34(2), 372–386 (2011). 9. Paul, L.C., Al Sumam A.: Face recognition using principal component analysis method. International Journal of Advanced Research in Computer Engineering & Technology (IJARCET), 1(9), 135–139 (2012). 10. Bhele, S.G., Mankar, V.H.: A review paper on face recognition techniques. International Journal of Advanced Research in Computer Engineering & Technology (IJARCET), 1(8), 339–346 (2012). 11. Ding, S. et al.: Evolutionary artificial neural networks: a review. Artificial Intelligence Re- view, 39(3), 251–260 (2013). 12. Dodis, Y. et al.: Robust fuzzy extractors and authenticated key agreement from close se- crets. In: Dwork C. (Ed.) Annual International Cryptology Conference CRYPTO 2006, LNCS 4117, 232–250. Springer, Berlin, Heidelberg, (2006). 13. Boyen, X. et al.: Secure remote authentication using biometric data. In: Cramer, R. (Ed.) Annual International Conference on the Theory and Applications of Cryptographic Tech- niques EUROCRYPT 2005, LNCS 3494, 147–163, Springer, Berlin, Heidelberg (2005). 14. Sahai A., Waters B.: Fuzzy identity-based encryption. In: Cramer, R. (Ed.) Annual Interna- tional Conference on the Theory and Applications of Cryptographic Techniques EUROCRYPT 2005, LNCS 3494, 457–473, Springer, Berlin, Heidelberg (2005). 15. Baek, J., Susilo, W., Zhou, J.: New constructions of fuzzy identity-based encryption. In: Proceedings of the 2nd ACM symposium on Information, computer and communications security, 368–370, ACM New York. NY, USA (2007). 16. Fang, L. et al.: Chosen-Ciphertext Secure Fuzzy Identity-Based Key Encapsulation with- out ROM. IACR Cryptology ePrint Archive 2008, 139–151 (2008). 17. Fang, L., Xia, J.: Full Security: Fuzzy Identity Based Encryption. IACR Cryptology ePrint Archive, 307 (2008). 18. Yang, P., Cao, Z., Dong, X.: Fuzzy Identity Based Signature. IACR Cryptology EPrint Ar- chive, 2 (2008). 19. Vasilyev, V.I. et al.: Analysis of confidential data protection in critical information infra- structure and the use of biometric, neural network and cryptographic algorithms (standards review and perspectives). Informacionnye tehnologii i sistemy, 193–197 (2019). 20. Juels, A., Sudan, M.: A fuzzy vault scheme. Designs, Codes and Cryptography, 38(2), 237–257 (2006). 21. Salmeron, J.L.: A Fuzzy Grey Cognitive Maps-based intelligent security system. 2015 IEEE International Conference on Grey Systems and Intelligent Services (GSIS). IEEE, 29–32 (2015).