Hill-Climbing Attack Based on the Uphill Simplex Algorithm and Its Application to Signature Verification

  • Marta Gomez-Barrero
  • Javier Galbally
  • Julian Fierrez
  • Javier Ortega-Garcia
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6583)


A general hill-climbing attack to biometric systems based on a modification of the downhill simplex algorithm is presented. The scores provided by the matcher are used in this approach to adapt iteratively an initial estimate of the attacked template to the specificities of the client being attacked. The proposed attack is evaluated on a competitive feature-based signature verification system over both the MCYT and the BiosecurID databases (comprising 330 and 400 users, respectively). The results show a very high efficiency of the hill-climbing algorithm, which successfully bypassed the system for over 90% of the attacks with a remarkably low number of scores needed.


Simplex Algorithm Biometric System False Rejection Signature Verification Biometric Trait 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Jain, A.K., Ross, A., Pankanti, S.: Biometrics: a tool for information security. IEEE Trans. on Information Forensics and Security 1, 125–143 (2006)CrossRefGoogle Scholar
  2. 2.
    Van der Putte, T., Keuning, J.: Biometrical fingerprint recognition: don’t get your fingers burned. In: Proc. Conference on Smart Card Research and Advanced Applications (CARDIS), pp. 289–303 (2000)Google Scholar
  3. 3.
    Pacut, A., Czajka, A.: Aliveness detection for iris biometrics. In: Proc. IEEE Int. Carnahan Conf. on Security Technology (ICCST), vol. 1, pp. 122–129 (2006)Google Scholar
  4. 4.
    Soutar, C., Gilroy, R., Stoianov, A.: Biometric system performance and security. In: Proc. IEEE Automatic Identification Advanced Technologies, AIAT (1999)Google Scholar
  5. 5.
    Ratha, N.K., Connell, J.H., Bolle, R.M.: An analysis of minutiae matching strength. In: Bigun, J., Smeraldi, F. (eds.) AVBPA 2001. LNCS, vol. 2091, pp. 223–228. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  6. 6.
    Galbally, J., Fierrez, J., Rodriguez-Gonzalez, J., Alonso-Fernandez, F., Ortega-Garcia, J., Tapiador, M.: On the vulnerability of fingerprint verification systems to fake fingerprint attacks. In: Proc. IEEE Int. Carnahan Conf. on Security Technology (ICCST), pp. 130–136 (2006)Google Scholar
  7. 7.
    Adler, A.: Sample images can be independently restored from face recognition templates. In: Proc. Canadian Conference on Electrical and Computer Engineering (CCECE), vol. 2, pp. 1163–1166 (2003)Google Scholar
  8. 8.
    Uludag, U., Jain, A.: Attacks on biometric systems: a case study in fingerprints. In: Proc. SPIE Seganography and Watermarking of Multimedia Contents VI, vol. 5306, pp. 622–633 (2004)Google Scholar
  9. 9.
    Martinez-Diaz, M., Fierrez, J., Alonso-Fernandez, F., Ortega-Garcia, J., Siguenza, J.A.: Hill-climbing and brute force attacks on biometric systems: a case study in match-on-card fingerprint verification. In: Proc. IEEE Int. Carnahan Conf. on Security Technology (ICCST), vol. 1, pp. 151–159 (2006)Google Scholar
  10. 10.
    Galbally, J., Fierrez, J., Ortega-Garcia, J.: Bayesian hill-climbing attack and its application to signature verification. In: Lee, S.-W., Li, S.Z. (eds.) ICB 2007. LNCS, vol. 4642, pp. 386–395. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  11. 11.
    Nelder, J.A., Mead, R.: A simplex method for function minimization. Computer Journal 7, 313–368 (1965)MathSciNetCrossRefzbMATHGoogle Scholar
  12. 12.
    Ortega-Garcia, J., Fierrez-Aguilar, J., et al.: MCYT baseline corpus: a bimodal biometric database. IEE Proc. Vis. Image Signal Process. 150, 395–401 (2003)CrossRefGoogle Scholar
  13. 13.
    Fierrez, J., Galbally, J., Ortega-Garcia, J., Freire, M.R., Alonso-Fernandez, F., Ramos, D., Toledano, D.T., Gonzalez-Rodriguez, J., Siguenza, J.A., Garrido-Salas, J., Anguiano, E., de Rivera, G.G., Ribalda, R., Faundez-Zanuy, M., Ortega, J.A., Cardeoso-Payo, V., Viloria, A., Vivaracho, C.E., Moro, Q.I., Igarza, J.J., Sanchez, J., Hernaez, I., Orrite-Uruuela, C., Martinez-Contreras, F., Gracia-Roche, J.J.: BiosecurID: a multimodal biometric database. Pattern Analysis and Applications 13, 235–246 (2009)MathSciNetCrossRefGoogle Scholar
  14. 14.
    Fierrez-Aguilar, J., Nanni, L., et al.: An On-Line Signature Verification System Based on Fusion of Local and Global Information. In: Kanade, T., Jain, A., Ratha, N.K. (eds.) AVBPA 2005. LNCS, vol. 3546, pp. 523–532. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  15. 15.
    Jain, A.K., Nandakumar, K., Ross, A.: Score normalization in multimodal biometric systems. Pattern Recognition 38, 2270–2285 (2005)CrossRefGoogle Scholar
  16. 16.
    Galbally, J.: Vulnerabilities and Attack Protection in Security Systems Based on Biometric Recognition. PhD thesis (2009)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Marta Gomez-Barrero
    • 1
  • Javier Galbally
    • 1
  • Julian Fierrez
    • 1
  • Javier Ortega-Garcia
    • 1
  1. 1.Biometric Recognition Group–ATVS, EPSUniversidad Autonoma de MadridMadridSpain

Personalised recommendations