Abstract
Video-based eye trackers capture the iris biometric and enable authentication to secure user identity. However, biometric authentication is susceptible to spoofing another user's identity through physical or digital manipulation. The current standard to identify physical spoofing attacks on eye-tracking sensors uses liveness detection. Liveness detection classifies gaze data as real or fake, which is sufficient to detect physical presentation attacks. However, such defenses cannot detect a spoofing attack when real eye image inputs are digitally manipulated to swap the iris pattern of another person. We propose IrisSwap as a novel attack on gaze-based liveness detection. IrisSwap allows attackers to segment and digitally swap in a victim's iris pattern to fool iris authentication. Both offline and online attacks produce gaze data that deceives the current state-of-the-art defense models at rates up to 58% and motivates the need to develop more advanced authentication methods for eye trackers.
Abstract (translated)
基于视频的眼跟踪器可以捕获眼部生物特征并实现用户身份验证,但生物特征身份验证容易被通过物理或数字操纵伪造另一个用户的身份。目前对识别眼跟踪器上的物理伪造攻击的标准是使用活力检测。活力检测将目光数据分为真实或伪造,这足以检测物理展示攻击。然而,这种防御无法检测到当真实眼睛图像被数字操纵以交换另一个人眼睛图案时产生的伪造攻击。我们提出IrisSwap作为一种新颖的攻击方式。IrisSwap允许攻击者在其受害者的眼部图案上进行分割和数字交换,以欺骗眼部认证。离线和在线攻击都会产生使最先进的防御模型误判率为58%的 gaze数据,并促使开发更先进的眼跟踪器身份验证方法。
URL
https://arxiv.org/abs/2404.13827