Poisoning adaptive biometric systems

Adaptive biometric recognition systems have been proposed to deal with natural changes of the clients' biometric traits due to multiple factors, like aging. However, their adaptability to changes may be exploited by an attacker to compromise the stored templates, either to impersonate a specific client, or to deny access to him. In this paper we show how a carefully designed attack may gradually poison the template gallery of some users, and successfully mislead a simple PCA-based face verification system that performs self-update.