Recently, physiological signal-based biometric systems have received wide attention. Unlike traditional biometric features, physiological signals can not be easily compromised (usually unobservable to human eyes). Photoplethysmography (PPG) signal is easy to measure, making it more attractive than many other physiological signals for biometric authentication. However, with the advent of remote PPG (rPPG), unobservability has been challenged when the attacker can remotely steal the rPPG signals by monitoring the victim's face, subsequently posing a threat to PPG-based biometrics. In PPG-based biometric authentication, current attack approaches mandate the victim's PPG signal, making rPPG-based attacks neglected. In this paper, we firstly analyze the security of PPG-based biometrics, including user authentication and communication protocols. We evaluate the signal waveforms, heart rate and inter-pulse-interval information extracted by five rPPG methods, including four traditional optical computing methods (CHROM, POS, LGI, PCA) and one deep learning method (CL_rPPG). We conducted experiments on five datasets (PURE, UBFC_rPPG, UBFC_Phys, LGI_PPGI, and COHFACE) to collect a comprehensive set of results. Our empirical studies show that rPPG poses a serious threat to the authentication system. The success rate of the rPPG signal spoofing attack in the user authentication system reached 0.35. The bit hit rate is 0.6 in inter-pulse-interval-based security protocols. Further, we propose an active defence strategy to hide the physiological signals of the face to resist the attack. It reduces the success rate of rPPG spoofing attacks in user authentication to 0.05. The bit hit rate was reduced to 0.5, which is at the level of a random guess. Our strategy effectively prevents the exposure of PPG signals to protect users' sensitive physiological data.
翻译:最近,基于生理信号的生物鉴别系统受到了广泛的关注。 与传统的生物鉴别特征不同,生理信号不会轻易受损( 通常不为人类眼睛所见 ) 。 光膜照相仪(PPG) 信号很容易测量,使其比许多其他生理信号更具有生物鉴别认证的吸引力。 然而,随着远程PPPG(rPPG)的出现,当攻击者通过监测受害者的脸来远程窃取 RPPG 信号,随后对基于PPG 的生物鉴别方法构成威胁时,不易破坏。 在基于PPPG 的生物鉴别技术认证中,当前攻击方法授权受害者使用PPPG 信号,使RPPG 袭击被忽略。 在本文中,我们首先分析基于PPG的生物鉴别技术的安全性,包括用户认证和通信协议的安全性信息。 我们通过五种RPPG 的信号波、 POS、 LGPG 和CAPG 系统的成功率, 向我们的安全性评估性战略的RBEG 降低我们的安全性威胁。