A Negative Number Vulnerability for Histogram-based Face Recognition Systems

Abstract

A popular method of face identification is the use of local binary pattern (LBP) histograms. In this method, a face image is partitioned into regions, and a histogram of features is produced for each region; faces are compared by measuring the similarity of their histograms through statistics such as chi-square score or K-L divergence. Comparison of histograms, however, is particularly prone to exploitation via a negative-number bug if coded naively. This allows a surprisingly precise and powerful attack: if an adversary can alter a histogram to change a single zero to a negative number of appropriate magnitude, the change will induce a negligible difference in matching under ordinary use, but match an attacker to an intended victim if the attacker briefly displays a printed striped pattern to a camera. This tampering is minor and can be inflicted long before the attack, allowing the insertion of a back door in a face recognition system that will behave normally until the moment of exploitation. We exhibit an example of this bug in the wild, in the OpenCV computer vision library, and illustrate the effectiveness of this attack in impersonating multiple victims.