Inverting Binarizations of Facial Templates Produced by Deep Learning (and Its Implications)

Research output: Contribution to journalArticlepeer-review


We focus on attacks against a biometric authentication system aimed at reconstructing a biometric sample of the subject from the protected template. Such systems include three blocks: feature extraction, binarization, and protection. We propose a new white-box reversing attack on the binarization block that approximates a biometric template given the binary string obtained by the binarization block. The experiments show that the proposed attack reconstructs very accurate approximations that pass the verification threshold when compared to templates produced from the same and different samples of the subject. We then integrate this attack with known attacks on the other two blocks, namely, a variant of a guessing attack to extract the binary string and biometric inversion attack to reconstruct a sample from its template. We instantiate this end-to-end attack on a face authentication system using fuzzy commitments for protection. Facial images reconstructed by the end-to-end attack greatly resemble the original ones. In the simplest attack scenario, more than 83% of these reconstructed templates succeed in unlocking an account (when the system is configured to 0.1% FMR). Even in the 'hardest' settings (in which we take a reconstructed image from one system and use it in a different system, with a different feature extraction process) the reconstructed image offers 170 to 210 times higher success rates than the system's FMR.

Original languageEnglish
Article number9508363
Pages (from-to)4184-4196
Number of pages13
JournalIEEE Transactions on Information Forensics and Security
StatePublished - 2021

Bibliographical note

Funding Information:
Manuscript received December 24, 2020; revised April 27, 2021, June 8, 2021, and July 6, 2021; accepted July 6, 2021. Date of publication August 6, 2021; date of current version August 30, 2021. This work was supported in part by the Israeli Ministry of Science and Technology under Project 3-14659 and in part by the Center for Cyber, Law and Policy at the University of Haifa through the Israeli Cyber Directorate. The associate editor coordinating the review of this manuscript and approving it for publication was Prof. Walter J. Scheirer. (Corresponding author: Margarita Osadchy.) The authors are with the Department of Computer Science, University of Haifa, Haifa 3498838, Israel (e-mail: [email protected]; [email protected]; [email protected]). Digital Object Identifier 10.1109/TIFS.2021.3103056 1Throughout the paper we use subjects to describe people. When the subjects are discussed in the context of an authentication system, we use the term users.

Publisher Copyright:
© 2005-2012 IEEE.


  • Protection of biometric systems
  • deep face recognition
  • entropy
  • privacy

ASJC Scopus subject areas

  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications


Dive into the research topics of 'Inverting Binarizations of Facial Templates Produced by Deep Learning (and Its Implications)'. Together they form a unique fingerprint.

Cite this