260 likes | 458 Views
Fuzzy Commitment. DIMACS Workshop on Cryptography: Theory Meets Practice 15 October 2004. Ari Juels RSA Laboratories ajuels@rsasecurity.com. Part I: Data secrecy in biometric authentication systems. The Classical View of Biometric Authentication. Is it Woody? Yes, it’s Woody!. Woody.
E N D
Fuzzy Commitment DIMACS Workshop on Cryptography: Theory Meets Practice 15 October 2004 Ari Juels RSA Laboratories ajuels@rsasecurity.com
The Classical View of Biometric Authentication Is it Woody? Yes, it’s Woody!
Woody Allen ? = The Classical View of Biometric Authentication Is it Woody? Yes, it’s Woody!
? = Hello, Mr. Woody Allen The Classical View of Biometric Authentication Woody Allen
In these scenarios, biometric data need not be kept secret • Spoofing is difficult with human oversight • Indeed, your face is public anyway • (Assuming, of course, that passport is not a forgery) But what happens when…
? = A human-guided process Woody Allen
? = Becomes automated? Woody Allen
Schiphol airport: Iris scanning Secrecy of biometric data is now more important to security • Reason 1: Automation will mean relaxation of human oversight • More opportunity for spoofing • Spoofing iris / face readers with printed images, “gummy” fingers, etc.
Server Woody Allen Woody’s PC Secrecy of biometric data is now more important to security • Reason 2: Spillover into remote / home authentication!
First password Second password And revocation is hard!
10cm range under legal conditions How much with a rogue reader? One meter? How much from eavesdropping on legitimate reader? Yet passports will transmit biometrics via RFID to any standard reader… ICAO (International Civil Aviation Organization) standard – imminent adoption through DHS effort Clandestine scanning Woody Allen Optical keys / Faraday cages?
Suppose you want to copy a painting… snapshot professional photo But isn’t my face public anyway? • Facial images require special conditions for matching to work. In U.K., you’re not allowed to smile in passport photos any longer! • Best for forger to have target image, i.e., one in passport serving as basis for authentication • Iris and fingerprint are harder to capture than face Copying a biometric is somewhat like copying a painting…
h (password, salt) Epassword[key] Password-based key agreement Cryptographic tools for password secrecy password
h ( , salt) E[key] Finger-based key agreement? Cryptographic tools for biometric secrecy ?
! Woody Allen Problem: Biometrics are variable,i.e., error-prone… • Differing angles of presentation • Differing amounts of pressure • Chapped skin and standard crypto does not tolerate errors!
We want “fuzzy” cryptography • Error-tolerant crypto primitives • E.g., Ek[m] Dk’ [ ] = m if k≈ k’ • Body of “fuzzy” crypto literature: • Davida, Frankel, & Matt ’98 • “Biometric encryption” (breakable) • Juels & Wattenberg ’99 (“fuzzy commitment”) Application of FJ ‘01 to “life questions” now in RSA product… • Monrose, Reiter, & Wetzel ’99 + follow-on • Juels & Sudan ’01 • Dodis, Rezyin, & Smith ’04 • Boyen in ten minutes… But no rigorous application to real biometrics yet!
Why everybody has nice eyes • An iriscode has an estimated 250 bits of entropy! • Contrast 1/10,000 false acceptance for fingerprints… • Most people have two eyes! • Hamming distance is the metric for iriscode similarity • E. g. , fuzzy commitment applies directly… iriscode iris
Why it’s not so easy… • An iriscode can be as long as 4096 bits • Where are those 250 bits of entropy hidden? • Bits are not independent… • Signal processing data folded into iriscode • Eyelids, eyelashes, and reflections can occlude much of iris • We could get only 37 pairs of eyes for experiments…
A first attempt • Tricks: • Use staggered samples: yields up to 75 independent bits • Use multiple scans to reduce error rate • Play some ad-hoc tricks with signal-processing data Result: Able to extract a 60-bit or so key from a pair of irises, but how much were methods fitted to data?
Conclusion • Ongoing work (joint with Mike Szydlo & Brent Waters) • Trying to understand iriscode distribution • Need programming help! • Other groups trying to apply fuzzy crypto to fingerprints • Natural place where theory (crypto) meets practice (the human being) • … and error-prone devices too, e.g., POWFs, PUFs… • With biometrics on the march, imminent surge of interest in these techniques?