Model Inversion for Impersonation in Behavioral Authentication Systems
Md Islam, Reihaneh Safavi-Naini
2021
Abstract
A Behavioral Authentication (BA) system uses behavioral characteristics of a user that is stored in their behavioral profile, to verify their future identity claims. BA profiles are widely used as a second factor to strengthen password based authentication systems. A BA verification algorithm takes the claimed identity of the user together with their presented verification data, and by comparing the data with the profile of the claimed identity it decides to accept or reject the claim. An efficient and highly accurate verification algorithms can be constructed by training a Deep Neural Network (DNN) on the users’ profiles. The trained DNN classifies the presented verification data and if the classification matches the claimed identity, accepts the claim, else reject it. This is a very attractive approach because it removes the need to maintain the profile database that is security and privacy sensitive. In this paper we show that query access to the DNN verification algorithm allows an attacker to break security of the authentication system by constructing the profile of a user in the original training database and succeed in impersonation attack. We show how to construct an inverse classifier when the attacker has black-box access to the DNN’s output prediction vectors, truncated to a single component (highest probability value). We use a substitute classifier to approximate the unknown components of the prediction vectors, and use the recovered vectors to train the inverse classifier and construct the profile of a user in the database. We implemented our approach on two existing BA systems and achieved the average success probability of 29.89% and 45.0%, respectively. Our approach is general and can be used in other DNN based BA systems.
DownloadPaper Citation
in Harvard Style
Islam M. and Safavi-Naini R. (2021). Model Inversion for Impersonation in Behavioral Authentication Systems. In Proceedings of the 18th International Conference on Security and Cryptography - Volume 1: SECRYPT, ISBN 978-989-758-524-1, pages 271-282. DOI: 10.5220/0010559802710282
in Bibtex Style
@conference{secrypt21,
author={Md Islam and Reihaneh Safavi-Naini},
title={Model Inversion for Impersonation in Behavioral Authentication Systems},
booktitle={Proceedings of the 18th International Conference on Security and Cryptography - Volume 1: SECRYPT,},
year={2021},
pages={271-282},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010559802710282},
isbn={978-989-758-524-1},
}
in EndNote Style
TY - CONF
JO - Proceedings of the 18th International Conference on Security and Cryptography - Volume 1: SECRYPT,
TI - Model Inversion for Impersonation in Behavioral Authentication Systems
SN - 978-989-758-524-1
AU - Islam M.
AU - Safavi-Naini R.
PY - 2021
SP - 271
EP - 282
DO - 10.5220/0010559802710282