Skip to navigation Skip to main content Skip to footer

Machine Learning 102: Attacking Facial Authentication with Poisoned Data

03 February 2023

By Eric Schorn

This blog post is the second in a series related to machine learning, and demonstrates exactly how a data poisoning attack might work to insert a backdoor into a facial authentication system. The simplified system has similarities to that which the TSA is running a proof of concept trial at the Detroit and Atlanta airports. As background, the proposed EU Artificial Intelligence Act is seen by some as a ‘GDPR upgrade’ with similar extraterritorial reach and even higher penalties. Remote biometric identification systems feature prominently in the legislation, with law-enforcement uses greatly curtailed and other uses considered high risk. Article 15 notes the importance of cybersecurity and clearly calls out the potential for AI-specific attacks involving data poisoning. The controversial idea that ‘Big Brother is protecting you’ is certainly going to become even more heated moving forward.

Example of poisoned authentiction
Example of poisoned authentication

To demonstrate the attack, this post develops a proof-of-concept Siamese CNN model for a facial authentication system where a reference ID/badge photo might be authenticated against a fresh image captured in real-time. This is an executable blog post that you can run for yourself by loading this Gist .ipynb file into any Jupyter-based notebook system, or you can just continue browsing it below.

<svg style="box-sizing: content-box; color: var(--color-icon-primary);" width="64" height="64" viewbox="0 0 16 16" fill="none" aria-hidden="true" data-view-component="true" class="octospinner mx-auto anim-rotate"> <circle cx="8" cy="8" r="7" stroke="currentColor" stroke-opacity="0.25" stroke-width="2" vector-effect="non-scaling-stroke" fill="none"></circle> <path d="M15 8a7.002 7.002 0 00-7-7" stroke="currentColor" stroke-width="2" stroke-linecap="round" vector-effect="non-scaling-stroke"></path> </svg> <span class="sr-only">Loading</span> <div class="render-viewer-error">Sorry, something went wrong. <a class="Link--inTextBlock" href="https://gist.github.com/eschorn1/d70c483919332eff8e70ba9d544e0429.json">Reload?</a></div> <div class="render-viewer-fatal">Sorry, we cannot display this file.</div> <div class="render-viewer-invalid">Sorry, this file is invalid so it cannot be displayed.</div> <iframe class="render-viewer " src="https://notebooks.githubusercontent.com/view/ipynb?bypass_fastly=true&color_mode=auto&commit=2c572bfc90ea6133f1a4be8410f7320e3e25f89e&docs_host=https%3A%2F%2Fdocs.github.com&enc_url=68747470733a2f2f7261772e67697468756275736572636f6e74656e742e636f6d2f676973742f657363686f726e312f64373063343833393139333332656666386537306261396435343465303432392f7261772f326335373262666339306561363133336631613462653834313066373332306533653235663839652f4e434347726f75705f4d4c3130325f626c6f672e6970796e62&logged_in=false&nwo=eschorn1%2Fd70c483919332eff8e70ba9d544e0429&path=NCCGroup_ML102_blog.ipynb&repository_id=120609340&repository_type=Gist#939d9a8a-46f1-475d-82bd-5b3a5b41f2a3" sandbox="allow-scripts allow-same-origin allow-top-navigation" title="File display" name="939d9a8a-46f1-475d-82bd-5b3a5b41f2a3"> Viewer requires iframe. </iframe>
Eric Schorn

Eric Schorn

Eric Schorn is a Technical Director on NCC Group's Cryptography Services team. He has been programming since 8-bit 6502 assembly was in vogue, designed high-performance CPUs at the the individual transistor level, led the overall marketing function for the $600M/year ARM processor division, and holds 14 US Patents. He co-founded a blockchain-oriented start up and has developed/deployed multiple web applications in the cloud.