隨著生物辨識技術的發展，使用生物特徵作為身份辨識依據的系統，已經廣泛出現在個人裝置及許多身分驗證的應用中。為確保系統不會遭到入侵，其安全性也成為生物辨識技術在實際應用上的重要議題。近年來有研究致力於透過攻擊生物辨識系統，找出系統在安全上的闕漏，藉以建立安全程度更高的系統。基於深度學習的心電辨識技術是近期在心電辨識研究領域中重要的發展方向。深度學習模型是由多個非線性函數組成的神經網路，多數研究認為，由神經網路擷取出的特徵向量上所保留的資訊難以用來重新建構回原始生物特徵。因此，基於開放式的識別系統（open-set identification）及驗證系統（authentication）會在未保護的情況下，把經由深度神經網路所建立出來的模板儲存於資料庫中，作為後續系統驗證身分的依據。本研究透過制定模板重建的攻擊策略來研究基於深度學習心電辨識系統之安全性。實驗假設攻擊方無法取得關於目標辨識系統中所使用的神經網路資訊以及系統註冊者的原始心電訊號。用反卷積網路作為重建模型的主要架構，並分別以對抗式訓練以及傳統監督式學習兩種不同的訓練手段作為模型訓練的方法。最終驗證結果顯示，現存系統將模板存於資料庫中會導致系統安全性受到威脅。本研究以PTB資料庫中的50位受測者作為系統外來者，由該外來者作為攻擊方之資料集所發起的重建攻擊使目標辨識系統的FPIR從2.75%提升至26.13%。

With the advance of biometric technology, biometrics systems for recognition have been widely used in many applications. To ensure the system will not be invaded, the security of biometrics systems has become an important issue. In recent years, efforts have been made to discover the systems' security weaknesses by attacking them, and people expect to build a more secure system based on the findings. A deep learning-based ECG biometric is a significant development direction in the field of ECG recognition. A deep learning model is a neural network composed of multiple nonlinear functions. Most studies believe that the information retained on the feature vector extracted by the neural network is difficult to reconstruct to the original characteristics. Therefore, open-set identification systems may still store the templates for verification in the database without protection. This study concentrates on the template reconstruction attack to a deep learning-based ECG biometric recognition system. The experiments assume that the attacker cannot obtain information about the neural network used in the target recognition system and the ECG of the enrollees. The deconvolution network is used as the main structure of the reconstruction model. Two different training methods, namely adversarial training and traditional supervised learning, are used as the model training strategies. The results demonstrated that storing templates in the database will threaten the security of the system. The reconstruction attack initiated by 50 attackers increased the FPIR of the target recognition system from 2.75% to 26.13%.

[1] A. K. Jain, A. Ross, and S. Prabhakar, "An introduction to biometric recognition," IEEE Transactions on circuits and systems for video technology, vol. 14, no. 1, pp. 4-20, 2004.
[2] P. Komarinski, Automated fingerprint identification systems (AFIS). Elsevier, 2005.
[3] A. Tolba, A. El-Baz, and A. El-Harby, "Face recognition: A literature review," International Journal of Signal Processing, vol. 2, no. 2, pp. 88-103, 2006.
[4] S. Prabhakar, S. Pankanti, and A. K. Jain, "Biometric recognition: Security and privacy concerns," IEEE security & privacy, vol. 1, no. 2, pp. 33-42, 2003.
[5] L. Biel, O. Pettersson, L. Philipson, and P. Wide, "ECG analysis: a new approach in human identification," IEEE Transactions on Instrumentation and Measurement, vol. 50, no. 3, pp. 808-812, 2001.
[6] S. Rane, Y. Wang, S. C. Draper, and P. Ishwar, "Secure biometrics: Concepts, authentication architectures, and challenges," IEEE Signal Processing Magazine, vol. 30, no. 5, pp. 51-64, 2013.
[7] L. Sörnmo and P. Laguna, Bioelectrical signal processing in cardiac and neurological applications. Academic Press, 2005.
[8] M. Merone, P. Soda, M. Sansone, and C. Sansone, "ECG databases for biometric systems: A systematic review," Expert Systems with Applications, vol. 67, pp. 189-202, 2017.
[9] S. A. Israel, J. M. Irvine, A. Cheng, M. D. Wiederhold, and B. K. Wiederhold, "ECG to identify individuals," Pattern recognition, vol. 38, no. 1, pp. 133-142, 2005.
[10] J. M. Irvine, S. A. Israel, W. T. Scruggs, and W. J. Worek, "eigenPulse: Robust human identification from cardiovascular function," Pattern Recognition, vol. 41, no. 11, pp. 3427-3435, 2008.
[11] A. D. Chan, M. M. Hamdy, A. Badre, and V. Badee, "Wavelet distance measure for person identification using electrocardiograms," IEEE transactions on instrumentation and measurement, vol. 57, no. 2, pp. 248-253, 2008.
[12] Y. Wang, F. Agrafioti, D. Hatzinakos, and K. N. Plataniotis, "Analysis of human electrocardiogram for biometric recognition," EURASIP journal on Advances in Signal Processing, vol. 2008, pp. 1-11, 2007.
[13] Z. Zhao, Y. Zhang, Y. Deng, and X. Zhang, "ECG authentication system design incorporating a convolutional neural network and generalized S-Transformation," Computers in biology and medicine, vol. 102, pp. 168-179, 2018.
[14] R. D. Labati, E. Muñoz, V. Piuri, R. Sassi, and F. Scotti, "Deep-ECG: Convolutional neural networks for ECG biometric recognition," Pattern Recognition Letters, vol. 126, pp. 78-85, 2019.
[15] B. Biggio, P. Russu, L. Didaci, and F. Roli, "Adversarial biometric recognition: A review on biometric system security from the adversarial machine-learning perspective," IEEE Signal Processing Magazine, vol. 32, no. 5, pp. 31-41, 2015.
[16] E. Maiorana, G. E. Hine, and P. Campisi, "Hill-climbing attacks on multibiometrics recognition systems," IEEE Transactions on Information Forensics and Security, vol. 10, no. 5, pp. 900-915, 2014.
[17] C. Rathgeb and A. Uhl, "A survey on biometric cryptosystems and cancelable biometrics," EURASIP Journal on Information Security, vol. 2011, no. 1, pp. 1-25, 2011.
[18] V. M. Patel, N. K. Ratha, and R. Chellappa, "Cancelable biometrics: A review," IEEE Signal Processing Magazine, vol. 32, no. 5, pp. 54-65, 2015.
[19] Y. Chu, H. Shen, and K. Huang, "ECG authentication method based on parallel multi-scale one-dimensional residual network with center and margin loss," IEEE Access, vol. 7, pp. 51598-51607, 2019.
[20] 魏士穎, "基於深度學習之可擴充開放式心電識別系統," 碩士, 工程與系統科學系, 國立清華大學, 新竹市, 2020. [Online]. Available: https://hdl.handle.net/11296/8jpqvy
[21] M. Gomez-Barrero and J. Galbally, "Reversing the irreversible: A survey on inverse biometrics," Computers & Security, vol. 90, p. 101700, 2020.
[22] S. Eberz, N. Paoletti, M. Roeschlin, M. Kwiatkowska, I. Martinovic, and A. Patané, "Broken hearted: How to attack ECG biometrics," 2017.
[23] S.-C. Wu, P.-T. Chen, and J.-H. Hsieh, "Spatiotemporal features of electrocardiogram for biometric recognition," Multidimensional Systems and Signal Processing, vol. 30, no. 2, pp. 989-1007, 2019.
[24] A. Zhmoginov and M. Sandler, "Inverting face embeddings with convolutional neural networks," arXiv preprint arXiv:1606.04189, 2016.
[25] I. Goodfellow et al., "Generative adversarial nets," Advances in neural information processing systems, vol. 27, 2014.
[26] A. Radford, L. Metz, and S. Chintala, "Unsupervised representation learning with deep convolutional generative adversarial networks," arXiv preprint arXiv:1511.06434, 2015.
[27] S. Ioffe and C. Szegedy, "Batch normalization: Accelerating deep network training by reducing internal covariate shift," in International conference on machine learning, 2015: PMLR, pp. 448-456.
[28] B. Xu, N. Wang, T. Chen, and M. Li, "Empirical evaluation of rectified activations in convolutional network," arXiv preprint arXiv:1505.00853, 2015.
[29] A. M. Delaney, E. Brophy, and T. E. Ward, "Synthesis of realistic ECG using generative adversarial networks," arXiv preprint arXiv:1909.09150, 2019.
[30] C.-c. Yeh, P.-c. Hsu, J.-c. Chou, H.-y. Lee, and L.-s. Lee, "Rhythm-flexible voice conversion without parallel data using cycle-gan over phoneme posteriorgram sequences," in 2018 IEEE Spoken Language Technology Workshop (SLT), 2018: IEEE, pp. 274-281.
[31] I. I. ‐37, "Information technology—Vocabulary—Part 37: Biometrics," 2017.
[32] S. J. Pan and Q. Yang, "A survey on transfer learning," IEEE Transactions on knowledge and data engineering, vol. 22, no. 10, pp. 1345-1359, 2009.
[33] G. Mai, K. Cao, P. C. Yuen, and A. K. Jain, "On the reconstruction of face images from deep face templates," IEEE transactions on pattern analysis and machine intelligence, vol. 41, no. 5, pp. 1188-1202, 2018.
[34] F. P. Karegar, A. Fallah, and S. Rashidi, "Using recurrence quantification analysis and generalized Hurst exponents of ECG for human authentication," in 2017 2nd Conference on Swarm Intelligence and Evolutionary Computation (CSIEC), 2017: IEEE, pp. 66-71.
[35] Y. Gao, W. Wang, B. Li, O. R. Patil, and Z. Jin, "Replicating your heart: Exploring presentation attacks on ECG biometrics," in Proceedings of the IEEE Conference on Communications and Network Security (CNS), 2018, pp. 1-9.
[36] M. D. Zeiler, D. Krishnan, G. W. Taylor, and R. Fergus, "Deconvolutional networks," in 2010 IEEE Computer Society Conference on computer vision and pattern recognition, 2010: IEEE, pp. 2528-2535.
[37] M. D. Zeiler, G. W. Taylor, and R. Fergus, "Adaptive deconvolutional networks for mid and high level feature learning," in 2011 International Conference on Computer Vision, 2011: IEEE, pp. 2018-2025.
[38] M. Mirza and S. Osindero, "Conditional generative adversarial nets," arXiv preprint arXiv:1411.1784, 2014.
[39] S. Reed, Z. Akata, X. Yan, L. Logeswaran, B. Schiele, and H. Lee, "Generative adversarial text to image synthesis," in International Conference on Machine Learning, 2016: PMLR, pp. 1060-1069.
[40] P. Isola, J.-Y. Zhu, T. Zhou, and A. A. Efros, "Image-to-image translation with conditional adversarial networks," in Proceedings of the IEEE conference on computer vision and pattern recognition, 2017, pp. 1125-1134.
[41] A. L. Goldberger et al., "PhysioBank, PhysioToolkit, and PhysioNet: components of a new research resource for complex physiologic signals," circulation, vol. 101, no. 23, pp. e215-e220, 2000.
[42] R. Bousseljot, D. Kreiseler, and A. Schnabel, "Nutzung der EKG-Signaldatenbank CARDIODAT der PTB über das Internet," 1995.
[43] P. De Chazal, C. Heneghan, E. Sheridan, R. Reilly, P. Nolan, and M. O'Malley, "Automated processing of the single-lead electrocardiogram for the detection of obstructive sleep apnoea," IEEE transactions on biomedical engineering, vol. 50, no. 6, pp. 686-696, 2003.
[44] S.-C. Wu, P.-T. Chen, A. L. Swindlehurst, and P.-L. Hung, "Cancelable biometric recognition with ECGs: subspace-based approaches," IEEE Transactions on Information Forensics and Security, vol. 14, no. 5, pp. 1323-1336, 2018.
[45] J. Pan and W. J. Tompkins, "A real-time QRS detection algorithm," IEEE transactions on biomedical engineering, no. 3, pp. 230-236, 1985.
[46] R. Caruana, S. Lawrence, and L. Giles, "Overfitting in neural nets: Backpropagation, conjugate gradient, and early stopping," Advances in neural information processing systems, pp. 402-408, 2001.
[47] R. M. Bolle, J. H. Connell, S. Pankanti, N. K. Ratha, and A. W. Senior, "The relation between the ROC curve and the CMC," in Fourth IEEE workshop on automatic identification advanced technologies (AutoID'05), 2005: IEEE, pp. 15-20.