370 likes | 648 Views
Design and Implementation for Secure Embedded Biometric Authentication Systems. Shenglin Yang Advisor: Ingrid Verbauwhede Electrical Engineering Department University of California, Los Angeles. Personal Authentication Systems. Select Authenticator. Biometrics. Embedded. Security.
E N D
Design and Implementation for Secure Embedded Biometric Authentication Systems Shenglin Yang Advisor: Ingrid Verbauwhede Electrical Engineering Department University of California, Los Angeles
Personal Authentication Systems Select Authenticator Biometrics Embedded Security Software Optimization Oracle-based Design Memory Management Crypto-Biometrics Hardware Acceleration Micro-coded Coprocessor Secure Embedded Biometric Authentication Device
Outline • Motivation and challenges • Secure biometric matching techniques • Secure partitioning • Cryptographic Biometrics • Fuzzy vault based fingerprint verification • Micro-coded coprocessor implementation • Secure iris verification • Conclusions
Motivation and challenges Biometrics provide a more secure and convenient way for personal authentication Unique No token needed Biometrics No memorize needed • For mobile biometric authentication system, the template is stored on the embedded device. • more resource-constrained • more vulnerable
Security Challenges Mobile devices are more accessible, which means that they are more vulnerable too! • Attacks on communication channels, stack/memory, and bus … • Side Channel Attacks (SCA) on mobile devices Traditional attacks Side channel attacks Protocol Algorithm Channel Timing Architecture (Embedded SW) Stack/Memory Power Micro-Architecture Bus EMI Circuit
Personal Authentication Systems Select Authenticator Biometrics Embedded Security Software Optimization Oracle-based Design Memory Management Crypto-Biometrics Hardware Acceleration Micro-coded Coprocessor Secure Embedded Biometric Authentication Device
SCA based on Differential Power Analysis: 0-1 Transition 1-0 Transition Logic Level Solution • Asymmetric power consumption in standard CMOS • Obtain the secret key of an encryption system using the power variations • Unprotected AES cracked under 3 min. • Solution: special logic (WDDL) • Exactly one charging event per cycle • Charge capacitance is constant for different outputs Tiri, K. and Verbauwhede, I., Security encryption algorithms against DPA at the logic level: next generation smart card technology, Workshop on Cryptographic Hardware and Embedded Systems (Lecture Notes Computer Science Vol.2779), Sept. 2003, pp 125-136, Cologne, Germany.
Matching Algorithm Algorithm Security Partitioning Secret Key Minutiae Extraction Unprotected Load Key Crypto Module Template Load Bogus Protected • Security comes with penalty : larger chip size • Only the sensitive template and the corresponding processes need to be protected.
Secure Matching Input (Unsecure) Template (Secure) For each input minutiae pair I For each template minutiae pair T Unprotected software if (I=T) matching_count++ If matching_count >N return TRUE else return FALSE Query Response Protected oracle Results: 1% FRR and <0.01% FAR
Personal Authentication Systems Select Authenticator Biometrics Embedded Security Software Optimization Oracle-based Design Memory Management Crypto-Biometrics Hardware Acceleration Micro-coded Coprocessor Secure Embedded Biometric Authentication Device
Cryptographic Biometrics • Noninvertible transformed version of template • Fuzzy vault scheme Alice Bob Telephone Num Cipher Text List of favorite movies (KEY) List of favorite movies (KEY’) If KEY and KEY’ are similar enough, Bob can extract the Telephone number of Alice from the cipher text Ref: Juels, A. and Sudan, M., “A fuzzy vault scheme,” Proceedings 2002 IEEE International Symposium on Information Theory, 2002, pp.408. Piscataway, NJ.
p(x) Minutiae Encode (GF) PIN Template Lock set Add Noise ThumbPod Fuzzy Vault Minutiae PIN OK? Matching Input Fingerprint Vault • Biometrics, such as fingerprint, can act as the KEY in the fuzzy vault scheme p(x) Minutiae PIN Template Lock set Add Noise ThumbPod Fuzzy Vault Minutiae PIN OK? Matching Input
Effect of Shifting and Rotation (a) (b) (c) (a) and (b) are two prints from a same finger; (c) is the positions of the features.
Feature Alignment Overlap of four minutiae feature sets aligned based on a well-selected reference point
Experimental Results (1) • Unlock complexity varies according to the degree of polynomial for different size of impostor set. Log complexity (log2) Size of unlock set / Degree of polynomial
verification accuracy varies along with polynomial degrees for difference size of the impostor set. Experimental Results (2) Error rate Size of unlock set / Degree of polynomial
Experimental Results (3) • The influence of the polynomial degree and the chaff set size on the system performance (Complexity-Accuracy Factor) Complexity-Accuracy Factor Size of unlock set / polynomial degree
Personal Authentication Systems Select Authenticator Biometrics Embedded Security Software Optimization Oracle-based Design Memory Management Crypto-Biometrics Hardware Acceleration Micro-coded Coprocessor Secure Embedded Biometric Authentication Device
Implementation Approaches Embedded Application
Architecture A 16-bit microcoded coprocessor, FV16, is design to implement the fuzzy vault algorithm RNG RF ALU RAM DAG GFM TRI TRI Controller Z PC DECODER IR IO MICROCODE ROM ARM MEM
Performance Comparison • Taking advantage of the special function blocks, the execution time is significantly reduced • GFM: 14 times • RNG: 162 times • TRI: 82 times
Human Iris Sclera Iris Pupil • iris forms during gestation and remains the same for the rest of one’s life • iris is unique for individuals • it is well protected and extremely difficult to be modified
Iris Feature Extraction Segmentation Detect iris boundary Detect pupil boundary Isolate eyelid & eyelash Normalization (Daugman’s rubber sheet model) r r Feature Coding
Feature Coding Feature Coding 1D signal 2D signal Intensity r Position 1D Gabor filter Real response Imaginary response Iris template Phase quantization
Template-Protect Verification Iris feature (1023,46,219) BCH C Secret data generation S ENC Enrollment Hash W Storage W Recovering the random bit stream Input iris feature S’ Verification Comparing Hash Result
Two-Segment Algorithm Feature extraction Reliable bits selection Select flag Reliable bits (Z) Division F RNG Z Z 1 2 Storage S W C 1 ENC W2 Hash F Input Hs Reliable bits selection W2 W1 Storage Hs Z1 (Hs)1 S1 R1 Hash DEC Division Y/N Decision Compare Z2 S2 (Hs)2 DEC Hash R2
Verification Performance (a) (b) Reliable feature bits are used for verification All feature bits are used for verification
1 0.8 0.6 0.4 Desired verification threshold 0.2 0 0 0.1 0.2 0.3 Performance vs Reliable Bits Sizes(1) 1460 reliable bits Error rate FRR FAR 0.4 0.5 0.6 0.7 0.8 0.9 1 Threshold
Performance vs Reliable Bits Sizes(2) 1096 reliable bits Desired verification threshold 1 0.8 Error rate 0.6 0.4 0.2 FRR FAR 0 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 Threshold
Desired verification threshold Performance vs Reliable Bits Sizes(3) 974 reliable bits 1 0.8 Error rate 0.6 0.4 FRR 0.2 FAR 0 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 Threshold
Performance Comparison The iris verification system based on 1096 reliable bits achieves the best performance
Conclusions • An efficient secure embedded fingerprint authentication system is designed and implemented. • System security for biometric authentication systems is addressed from two levels: Logic level and algorithm level. • Security partitioning based fingerprint matching algorithm is proposed • Fuzzy vault based fingerprint matching is designed and implemented using microcoded coprocessor • Template-protected iris verification is proposed
Selected Publications Yang, S., Sakiyama, K., and Verbauwhede, I., “Efficient and Secure Fingerprint Verification for Embedded Devices,” EURASIP Journal on Applied Signal Processing, vol.2006, no.3, pp. 11, 2006. Yang, S., Schaumont, P., and Verbauwhede, I., “Microcoded Coprocessor for Embedded Secure Biometric Authentication Systems,” Proc. IEEE/ACM/IFIP International Conference on Hardware - Software Codesign and System Synthesis, pp. 130-135, September. 2005. Yang, S. and Verbauwhede, I., “Automatic Secure Fingerprint Verification System Based on Fuzzy Vault Scheme,” Proc. IEEE International Conference on Acoustics, Speech, and Signal Processing, pp. 609-612, March 2005. Yang, S. and Verbauwhede, I., “Secure Fuzzy Vault Based Fingerprint Verification System,” Proc. 38th IEEE Asilomar Conference on Signals, Systems, and Computers, Vol. 1, pp. 577-581, November 2004. Yang, S. and Verbauwhede, I., “Methodology for Memory Analysis and Optimization in Embedded Systems,” Proc. GSPx Embedded Signal Processing Conference, pp. 1-6, September 2004. Yang, S. and Verbauwhede, I., “A Realtime, Memory Efficient Fingerprint Verification System,” Proc. IEEE International Conference on Acoustics, Speech, and Signal Processing, pp. 189-192, May 2004. Yang, S. and Verbauwhede, I., “A Secure Fingerprint Matching Technique,” Proc. ACM Workshop on Biometrics: Methods and Applications, pp.89-94, November 2003. Yang, S., Sakiyama, K., and Verbauwhede, I., “A Compact and Efficient Fingerprint Verification System for Secure Embedded Systems,” Proc. 37th IEEE Asilomar Conference on Signals, Systems, and Computers, pp. 2058-2062, November 2003.