基于脆弱指纹的深度神经网络模型完整性验证框架

预训练模型容易受到外部敌手实施的模型微调和模型剪枝等攻击,导致它的完整性被破坏。针对这一问题,提出一种针对黑盒模型的脆弱指纹框架FFWAS(Fragile Fingerprint With Adversarial Samples)。首先,提出一种无先验知识的模型复制框架,而FFWAS为每一位用户创建独立的模型副本;其次,利用黑盒方法在模型边界放置脆弱指纹触发集,若模型发生修改,边界发生变化,触发集将被错误分类;最后,用户借助模型副本上的脆弱指纹触发集对模型的完整性进行验证,若触发集的识别率低于预设阈值,则意味着模型完整性已被破坏。基于2种公开数据集MNIST和CIFAR-10对FFWAS的有效性和脆弱性进行实验分析,结果表明,在模型微调和剪枝攻击下,FFWAS的指纹识别率相较于完整模型均明显下降并低于设定阈值;与基于模型唯一性和脆弱签名的深度神经网络认证框架(DeepAuth)相比,FFWAS的触发集与原始样本在2个数据集上的相似性分别提高了约22%和16%,表明FFWAS具有更好的隐蔽性。

基于自适应流特征的半脆弱流指纹编码方案

针对流交换中网络抖动和流变换导致的流指纹不可用、不可信问题,提出了基于自适应流特征的半脆弱流指纹编码方案(ACSF)。首先,采用流特征参数作为生成哈希消息验证码(HMAC)密钥、确定HMAC置乱方式以及选择伪噪声(PN)码初始相位的依据,将密钥空间提高到O((k+1)·(S·O(KEN))),增加了敌手穷举的计算复杂度;同时,增加流指纹自适应性,将解码计算复杂度降低到O(k2·l·nf),提高了解码效率。其次,采用直接序列扩频(DSSS)技术,在多流互扰强度达到66.7%时,解码正确率可以达到90%以上,实现了过滤非恶意处理;而且,采用HMAC技术,使得篡改定位准确率为98.3%以上,使指纹具有半脆弱性。最后,对ACSF的安全性、篡改定位能力和抗干扰能力进行了理论分析和实验验证。

Auto-Aligned Sharing Fuzzy Fingerprint Vault

Recently, a cryptographic construct,called fuzzy vault, has been proposed for crypto-biometric systems, and some implementations for fingerprint have been reported to protect the stored fingerprint template by hiding the fingerprint features. However, all previous studies assumed that fingerprint features were pre-aligned, and automatic alignment in the fuzzy vault domain is a challenging issue.In this paper, an auto-aligned sharing fuzzy fingerprint vault based on a geometric hashing technique is proposed to address automatic alignment in the multiple-control fuzzy vault with a compartmented structure. The vulnerability analysis and experimental results indicate that, compared with original multiplecontrol fuzzy vault, the auto-aligned sharing fuzzy fingerprint vault can improve the security of the system.