Bayesian Hill-Climbing Attack and Its Application to Signature Verification Javier Galbally, Julian Fierrez, and Javier Ortega-Garcia Biometric Recognition Group–ATVS, EPS, Universidad Autonoma de Madrid, C/ Francisco Tomas y Valiente 11, 28049 Madrid, Spain {javier.galbally,julian.fierrez,javier.ortega}@uam.es Abstract. A general hill-climbing attack algorithm based on Bayesian adaption is presented. The approach uses the scores provided by the matcher to adapt a global distribution computed from a development set of users, to the local specificities of the client being attacked. The proposed attack is evaluated on a competitive feature-based signature verification system over the 330 users of the MCYT database. The re- sults show a very high efficiency of the hill-climbing algorithm, which successfully bypassed the system for over 95% of the attacks. 1 Introduction Due to the advantages that biometric security systems present over traditional security approaches [1], they are currently being introduced in many applica- tions, including: access control, sensitive data protection, on-line tracking sys- tems, etc. However, in spite of these advantages they are not free from external attacks which can decrease their level of security. Thus, it is of utmost impor- tance to analyze the vulnerabilities of biometric systems, in order to find their limitations and to develop useful countermeasures for foreseeable attacks. Attacks on biometric systems can be broadly divided into: i) direct attacks, which are carried out at the sensor level using synthetic traits (e.g., printed iris images, gummy fingers); and ii) indirect attacks, which are carried out against the inner modules of the application and, therefore, the attacker needs to have some information about the system operation (e.g., matcher used, storage for- mat). Ratha et al. in [2] made a more exhaustive analysis of the vulnerable points of biometric systems, identifying 8 types of possible attacks. The first point corresponded to direct attacks and the remaining seven were included in the indirect attacks group. There are several works that study the robustness of biometric systems, spe- cially finger- and iris-based, against direct attacks, including [3,4,5]. Some efforts have also been made in the study of indirect attacks to biometric systems. Most of these works use some type of variant of the hill-climbing algorithm [6]. Some examples include an indirect attack to a face-based system in [7], and to a PC and Match-on-Card minutiae-based fingerprint verification systems in [8] and [9], respectively. These attacks, which belong to types 2 or 4 of the classification S.-W. Lee and S.Z. Li (Eds.): ICB 2007, LNCS 4642, pp. 386–395, 2007. c  Springer-Verlag Berlin Heidelberg 2007