1 / 23

Fuzzy Commitment

Fuzzy Commitment. DIMACS Workshop on Cryptography: Theory Meets Practice 15 October 2004. Ari Juels RSA Laboratories ajuels@rsasecurity.com. Part I: Data secrecy in biometric authentication systems. The Classical View of Biometric Authentication. Is it Woody? Yes, it’s Woody!. Woody.

anevay
Download Presentation

Fuzzy Commitment

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Fuzzy Commitment DIMACS Workshop on Cryptography: Theory Meets Practice 15 October 2004 Ari Juels RSA Laboratories ajuels@rsasecurity.com

  2. Part I:Data secrecy in biometric authentication systems

  3. The Classical View of Biometric Authentication Is it Woody? Yes, it’s Woody!

  4. Woody Allen ? = The Classical View of Biometric Authentication Is it Woody? Yes, it’s Woody!

  5. ? = Hello, Mr. Woody Allen The Classical View of Biometric Authentication Woody Allen

  6. In these scenarios, biometric data need not be kept secret • Spoofing is difficult with human oversight • Indeed, your face is public anyway • (Assuming, of course, that passport is not a forgery) But what happens when…

  7. ? = A human-guided process Woody Allen

  8. ? = Becomes automated? Woody Allen

  9. Schiphol airport: Iris scanning Secrecy of biometric data is now more important to security • Reason 1: Automation will mean relaxation of human oversight • More opportunity for spoofing • Spoofing iris / face readers with printed images, “gummy” fingers, etc.

  10. Server Woody Allen Woody’s PC Secrecy of biometric data is now more important to security • Reason 2: Spillover into remote / home authentication!

  11. First password Second password And revocation is hard!

  12. 10cm range under legal conditions How much with a rogue reader? One meter? How much from eavesdropping on legitimate reader? Yet passports will transmit biometrics via RFID to any standard reader… ICAO (International Civil Aviation Organization) standard – imminent adoption through DHS effort Clandestine scanning Woody Allen Optical keys / Faraday cages?

  13. Suppose you want to copy a painting… snapshot professional photo But isn’t my face public anyway? • Facial images require special conditions for matching to work. In U.K., you’re not allowed to smile in passport photos any longer! • Best for forger to have target image, i.e., one in passport serving as basis for authentication • Iris and fingerprint are harder to capture than face Copying a biometric is somewhat like copying a painting…

  14. Part II:Towards secrecy in biometric authentication systems

  15. Cryptographic tools for password secrecy password

  16. h (password, salt) Epassword[key] Password-based key agreement Cryptographic tools for password secrecy password

  17. h ( , salt) E[key] Finger-based key agreement? Cryptographic tools for biometric secrecy ?

  18. ! Woody Allen Problem: Biometrics are variable,i.e., error-prone… • Differing angles of presentation • Differing amounts of pressure • Chapped skin  and standard crypto does not tolerate errors!

  19. We want “fuzzy” cryptography • Error-tolerant crypto primitives • E.g., Ek[m] Dk’ [ ] = m if k≈ k’ • Body of “fuzzy” crypto literature: • Davida, Frankel, & Matt ’98 • “Biometric encryption” (breakable) • Juels & Wattenberg ’99 (“fuzzy commitment”) Application of FJ ‘01 to “life questions” now in RSA product… • Monrose, Reiter, & Wetzel ’99 + follow-on • Juels & Sudan ’01 • Dodis, Rezyin, & Smith ’04 • Boyen in ten minutes… But no rigorous application to real biometrics yet!

  20. Why everybody has nice eyes • An iriscode has an estimated 250 bits of entropy! • Contrast 1/10,000 false acceptance for fingerprints… • Most people have two eyes! • Hamming distance is the metric for iriscode similarity • E. g. , fuzzy commitment applies directly… iriscode iris

  21. Why it’s not so easy… • An iriscode can be as long as 4096 bits • Where are those 250 bits of entropy hidden? • Bits are not independent… • Signal processing data folded into iriscode • Eyelids, eyelashes, and reflections can occlude much of iris • We could get only 37 pairs of eyes for experiments…

  22. A first attempt • Tricks: • Use staggered samples: yields up to 75 independent bits • Use multiple scans to reduce error rate • Play some ad-hoc tricks with signal-processing data Result: Able to extract a 60-bit or so key from a pair of irises, but how much were methods fitted to data?

  23. Conclusion • Ongoing work (joint with Mike Szydlo & Brent Waters) • Trying to understand iriscode distribution • Need programming help! • Other groups trying to apply fuzzy crypto to fingerprints • Natural place where theory (crypto) meets practice (the human being) • … and error-prone devices too, e.g., POWFs, PUFs… • With biometrics on the march, imminent surge of interest in these techniques?

More Related