Morph-a-Dope: Using Pupil Manipulation to Spoof Eye Movement Biometrics
| Autor: | Zakery Fyke, Mushfique Ahmed, Abdul Serwadda, Isaac Griswold-Steiner |
|---|---|
| Rok vydání: | 2018 |
| Předmět: |
021110 strategic
defence & security studies education.field_of_study Authentication Spoofing attack Biometrics Computer science Population 0211 other engineering and technologies Eye movement 02 engineering and technology Computer security computer.software_genre Pupil 0202 electrical engineering electronic engineering information engineering Identity (object-oriented programming) Eye tracking 020201 artificial intelligence & image processing education computer |
| Zdroj: | UEMCON |
| Popis: | Eye Tracking Authentication — a mechanism where eye movement patterns are used to verify a user’s identity — is increasingly being explored for use as a layer of security in computing systems. Despite being widely studied, there is barely any research investigating how these systems could be attacked by a determined attacker. In particular, the relationship between pupil characteristics and lighting is one that could lead to vulnerabilities in improperly secured systems.This paper presents Morph-a-Dope, an attack that leverages lighting manipulations to defeat eye tracking authentication systems that heavily rely on features derived from pupil sizes. Across 20 attacker-victim pairs, the attack increased the EER by an average of over 50% as compared to the zero-effort attack by the overall population, and as much as 500% for individual victims. Our research calls for a greater emphasis on manipulation-resistant pupil size features or system designs that otherwise avoid such vulnerabilities. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|