SUMMARYAttacks using hill-climbing methods have been reported as a vulnerability of biometric authentication systems. In this paper, we propose a robust online signature verification algorithm against such attacks. Specifically, the attack considered in this paper is a hill-climbing forged data attack. Artificial forgeries are generated offline by using the hill-climbing method, and the forgeries are input to a target system to be attacked. In this paper, we analyze the menace of hill-climbing forged data attacks using six types of hill-climbing forged data and propose a robust algorithm by incorporating the hill-climbing method into an online signature verification algorithm. Experiments to evaluate the proposed system were performed using a public online signature database. The proposed algorithm showed improved performance against this kind of attack. key words: hill-climbing attack, online signature verification, biometrics, vulnerability, offline attack
IntroductionBiometric person authentication technologies are becoming more important in the drive to ensure security. These technologies are being actively studied, and some of them are being used in real situations. However, several vulnerabilities have been reported [1], [2], including a hill-climbing attack [3]. Hill-climbing attacks against biometric systems of several modalities, such as face [4]- [7], fingerprints [8], [9], and online signatures [10], [11] have been reported.There are two types of hill-climbing attack: 1. Online hill-climbing attack: Attackers access the targeted biometric system directly and attack it repeatedly [4]- [11]. 2. Offline hill-climbing attack (hill-climbing forged data attack): Attackers repeatedly access a physically different biometric system from the targeted biometric system and generate hill-climbing forged data. Then, the forged data is input to the targeted biometric system. Several countermeasures against online attacks have been reported, for example, limiting the number of sequential attempts [3], score transformation [12], and so on. Also, a parameter-updating method [13], [14] is one possible solution. However, these measures are not useful against an offline attack because attackers do not need to access the targeted biometric system repeatedly; rather, they input forged data to the targeted biometric system only once. Thus, different countermeasures are necessary against an offline at- tack. However, no useful countermeasures for any type of modality have been proposed. In this paper, we propose a countermeasure against offline hill-climbing attacks for online signature verification. A robust online signature verification algorithm against such attacks was implemented by incorporating a hill-climbing algorithm into a verification algorithm.Experiments were performed using a public online signature database, SVC2004 [15]. Experimental results show that the proposed algorithm had improved performance against hill-climbing forged data attacks.We first describe a basic online signature verification algorithm in S...