Authentication With a Guessing Adversary

In this paper, we consider the authentication problem where a candidate measurement presented by an unidentified user is compared to a previously stored measurement of the legitimate user, the enrollment, with respect to a certain distortion criteria for authentication. An adversary wishes to impersonate the legitimate user by guessing the enrollment until the system authenticates him. For this setting, we study the minimum number of required guesses (on average) by the adversary for a successful impersonation attack and find the complete characterization of the asymptotic exponent of this metric, referred to as the deception exponent. Our result is a direct application of the results of the Guessing problem by Arikan and Merhav [19]. Paralleling the work in [19] we also extend this result to the case where the adversary may have access to additional side information correlated to the enrollment data. The paper is a revised version of a submission to IEEE WIFS 2015, with the referencing to the paper [19] clarified compared with the conference version.