Transcript Biometrics Template: Security and Privacy Problems and Solutions

Coexistence Among
Cryptography and Noisy Data
Theory and Applications
Alawi A. Al-Saggaf, PhD.
King Fahd University of Petroleum and Minerals,
[email protected]
28th April, 2014
Motivations for Current Research
2
Motivations for Current Research
The bad news about Password and smart card breaches:
-
Password may be forgotten, easy to guess, difficult to remember.
Passwords cracking (such as John the Ripper) easily to defeat the hash value of the
password.
Smart cad may be lost, stolen, easy to share.
Who Are You?
Motivations for Current Research (Cont’d)
Motivations for Current Research
5
Why Biometrics?
Security Level
Robustness
Method
7
Usefulness
The Future of Biometrics Market Research Report
8
Trends in biometric systems' deployment in the United
States (2003)*
*Frost and Sullivan. U.S. Biometric Network Authentication Markets, 2004.
9
Biometrics Template Attacks
Biometrics Templates Attacks
Replacing
Template
Tempering
Template
Stolen
Template
11
Biometrics is a Noisy Data
Same
Person
h(1101111101111111……)

h(1110011100111111……)
12
Mathematical framework
For
Coexistence among Cryptography and
Noisy Data
Party Ted: Setup phase
Party A: Commit phase
Party B: Open phase
Setup algorithm
Comm algorithm
Open algorithm
y
Encode the committed
message m: g(m)=c
Apply error correction
f(c’)=f(x’- δ)
Select security parameter k∊K
Witness chosen randomly
x∊RX
No
Error
message
Fd(f(c’))=1
Generate crisp PK
Yes
Fuzzy Encryption
y=(Fk(c,x) ,x-c)=(ε,δ)
Fk :g(M)×X→E
Yes
Fuzzy PK
If (t<t3)
Crisp Encryption
ε’ =Fk(f(c’) , (δ + f(c’) ))
No
Yes
F:g(M)×X→Y
Wait
No
Cd(ε’ )=1
Reveal x’ to B
B act g-1(f(c’))=m
Error message
Security Analysis
Bound derivation for hiding property
Theorem 5.1: Suppose that X (witness space) and C (error correcting code
set) are two independent random variables over the same sample space{0,1}n,
and let Z    x  c : x  X, c  C be a random variable (difference vector)
obtained by “exclusive OR” of elements of X and C . Then the probability
that an attacker is able to compute either c or x from the difference vector
is no more than 2- k, where k is the size of the error correcting code C .
16
Bound derivation for Statistical hiding property
Theorem 5.2: For anyk  K , let F : C  X  Y be a fuzzy public key. Then, an
the proposed scheme based on F is   hiding and the value of  is always
computed as: For c1  g (m1 ) and c2  g (m2 )  C
Sdist ( D(c1 ), D(c2 ))  2
2 n
| 


E
,c1
  ,c2 |  
where  ,m is the size of the pre - image set (m)  x : Fk c, x    
17
Bound derivation for computational binding property
Theorem 5.3: For anyk  K , let F : C  X  Y be a fuzzy public key. Then, the
proposed scheme based on F is   hiding and the value of  is always
computed as:
Prob[c ', Hdist (c ', c)  tsh : Fk (c ', x ')   , x '  X]  22n  ,c '  
18
Applications
1. Secure Biometrics System
Enrollment Procedure
Authentication procedure
B
Iris biometric
Choose a
codeword c
Fuzzy Encryption
Crisp
encryption
algorithm
Concealing
algorithm
Iris biometric input B
xref
Encryption
  Fk (c, xref )
 '  Fk  f (c ),(  f (c )) 
f (c )  f ( xtest  )
Difference
vector δ
Retrieve algorithm
xtest
Iris
extraction
Iris
extraction
20
2. Retrieve cryptographic key from biometrics template
key generation Procedure
Registration Procedure
Fuzzy Encryption
Iris code
extraction
x
Difference vector

x'
Retrieve
c
Encoding
c'
Encryption
  Fk (c, x)
Cryptographic
key 
Iris code
extraction
Decode
f  c '
Encryption
 '  Fk ( f (c '), x ')
Yes
Is
'  
No
Error message
Cryptographic key
generated
  g 1  f (c ') 
3. Biometrics based Remote User Authentication using Smart Cards
Registration protocol
Registration Center
♥
Alice
Logon protocol
♥
Server
Authentication
22
Thank you