Biometric recognition systems are security systems based on intrinsic properties of their users, usually encoded in high dimension representations called embeddings, which potential theft would represent a greater threat than a temporary password or a replaceable key. To study the threat of embedding theft, we perform spoofing attacks on two behavioral biometric systems (an automatic speaker verification system and a handwritten digit analysis system) using a set of alignment techniques. Biometric recognition systems based on embeddings work in two phases: enrollment - where embeddings are collected and stored - then authentication - when new embeddings are compared to the stored ones -.The threat of stolen enrollment embeddings has been explored by the template reconstruction attack literature: reconstructing the original data to spoof an authentication system is doable with black-box access to their encoder. In this document, we explore the options available to perform template reconstruction attacks without any access to the encoder. To perform those attacks, we suppose general rules over the distribution of embeddings across encoders and use supervised and unsupervised algorithms to align an unlabeled set of embeddings with a set from a known encoder. The use of an alignment algorithm from the unsupervised translation literature gives promising results on spoofing two behavioral biometric systems.

翻译：生物特征识别系统是基于用户固有属性的安全系统，通常以高维表征（称为嵌入向量）进行编码。相较于临时密码或可替换密钥，嵌入向量的潜在窃取将构成更严重的威胁。为研究嵌入向量窃取带来的威胁，我们采用一系列对齐技术对两个行为生物特征系统（自动说话人验证系统与手写数字分析系统）实施欺骗攻击。基于嵌入向量的生物特征识别系统包含两个阶段：注册阶段（收集并存储嵌入向量）和认证阶段（将新嵌入向量与存储向量进行比对）。现有模板重建攻击研究已探讨注册嵌入向量被盗的威胁：在拥有编码器黑盒访问权限的情况下，重建原始数据以欺骗认证系统是可行的。本文旨在探索在完全无法访问编码器的条件下实施模板重建攻击的可行方案。为实现此类攻击，我们假设不同编码器生成的嵌入向量分布存在通用规律，并采用监督与无监督算法将未标注的嵌入向量集与已知编码器的向量集进行对齐。实验表明，采用无监督翻译领域的对齐算法，在两个行为生物特征系统的欺骗攻击中取得了显著效果。