The effectiveness of generative attacks on an online handwriting biometric

Abstract

The traditional approach to evaluating the performance of a behavioral biometric such as handwriting or speech is to conduct a study involving human subjects (naïve and/or skilled "forgers") and report the system's False Reject Rate (FRR) and False Accept Rate (FAR). In this paper, we examine a different and perhaps more ominous threat: the possibility that the attacker has access to a generative model for the behavior in question, along with information gleaned about the targeted user, and can employ this in a methodical search of the space of possible inputs to the system in an attempt to break the biometric. We present preliminary experimental results examining the effectiveness of this line of attack against a published technique for constructing a biometric hash based on online handwriting data. Using a concatenative approach followed by a feature space search, our attack succeeded 49% of the time. © Springer-Verlag Berlin Heidelberg 2005.