EXTENDED PRIVATE INFORMATION RETRIEVAL (EPIR) AND ITS APPLICATION IN BIOMETRICS AUTHENTICATIONS...
-
Upload
marcus-parrish -
Category
Documents
-
view
217 -
download
0
Transcript of EXTENDED PRIVATE INFORMATION RETRIEVAL (EPIR) AND ITS APPLICATION IN BIOMETRICS AUTHENTICATIONS...
![Page 1: EXTENDED PRIVATE INFORMATION RETRIEVAL (EPIR) AND ITS APPLICATION IN BIOMETRICS AUTHENTICATIONS AUTHOR: SUMUKHI CHANDRASHEKAR.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b78c2e/html5/thumbnails/1.jpg)
EXTENDED PRIVATE INFORMATION RETRIEVAL (EPIR)AND ITS APPLICATIONIN BIOMETRICS AUTHENTICATIONS
AUTHOR: SUMUKHI CHANDRASHEKAR
![Page 2: EXTENDED PRIVATE INFORMATION RETRIEVAL (EPIR) AND ITS APPLICATION IN BIOMETRICS AUTHENTICATIONS AUTHOR: SUMUKHI CHANDRASHEKAR.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b78c2e/html5/thumbnails/2.jpg)
AGENDA Importance of Privacy
Live examples: Bank, Location retrieval by defense Thus, Private Information Retrieval (PIR)
Formal definitions and PIR Models Privacy Properties of PIR PIR Approaches
An example: Almost optimal PIR An example: Helger Lipmaa’s Protocol
Another Generation of PIR EPIR for Biometrics' Authentication Privacy Properties of EIPR
EPIR Protocols Testing Equality Hamming Distance
Authentication Schemes Using Biometrics The first Scheme: with the use of secure sketches Second Scheme: Iris data Comparison between EPIR Equally and EPIR Hamming
distance Conclusions Future Research Questions
![Page 3: EXTENDED PRIVATE INFORMATION RETRIEVAL (EPIR) AND ITS APPLICATION IN BIOMETRICS AUTHENTICATIONS AUTHOR: SUMUKHI CHANDRASHEKAR.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b78c2e/html5/thumbnails/3.jpg)
IMPORTANCE OF PRIVACY: BANK
Account Information
Credit Card Information
![Page 4: EXTENDED PRIVATE INFORMATION RETRIEVAL (EPIR) AND ITS APPLICATION IN BIOMETRICS AUTHENTICATIONS AUTHOR: SUMUKHI CHANDRASHEKAR.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b78c2e/html5/thumbnails/4.jpg)
LOCATION RETRIEVAL FOR DEFENSE
Location1
Location2
![Page 5: EXTENDED PRIVATE INFORMATION RETRIEVAL (EPIR) AND ITS APPLICATION IN BIOMETRICS AUTHENTICATIONS AUTHOR: SUMUKHI CHANDRASHEKAR.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b78c2e/html5/thumbnails/5.jpg)
PRIVATE INFORMATION RETRIEVAL (PIR)FORMAL DEFINITIONS & A MODEL
Private information retrieval (PIR) is a general problem of privately retrieving the ith record from an N-record array stored on the server.
(Based on: Querying Data Base Privately, Dmitri Asonov,1998)
![Page 6: EXTENDED PRIVATE INFORMATION RETRIEVAL (EPIR) AND ITS APPLICATION IN BIOMETRICS AUTHENTICATIONS AUTHOR: SUMUKHI CHANDRASHEKAR.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b78c2e/html5/thumbnails/6.jpg)
PRIVACY PROPERTIES OF PIR
User-Privacy
i B
query E(Q(i))
reply E(B(i))
![Page 7: EXTENDED PRIVATE INFORMATION RETRIEVAL (EPIR) AND ITS APPLICATION IN BIOMETRICS AUTHENTICATIONS AUTHOR: SUMUKHI CHANDRASHEKAR.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b78c2e/html5/thumbnails/7.jpg)
PIR APPROACHES
Theoretical Private Information Retrieval -Trivial solutions
Hardware – Based Private Information Retrieval,
Using a special Hard ware - SC(Secure Co processor)
PIR with Preprocessing and Offline Communication
Number Theory Based(Computational)
![Page 8: EXTENDED PRIVATE INFORMATION RETRIEVAL (EPIR) AND ITS APPLICATION IN BIOMETRICS AUTHENTICATIONS AUTHOR: SUMUKHI CHANDRASHEKAR.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b78c2e/html5/thumbnails/8.jpg)
PIR APPROACHES - TRIVIAL
![Page 9: EXTENDED PRIVATE INFORMATION RETRIEVAL (EPIR) AND ITS APPLICATION IN BIOMETRICS AUTHENTICATIONS AUTHOR: SUMUKHI CHANDRASHEKAR.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b78c2e/html5/thumbnails/9.jpg)
HARD WARE BASED PROTOCOL
DATABASE
Reads the entire Data Base, But keeps only R i
Secure Co Processor
SERVER
CLIENTSends e(Query i, Pk) and Retrieves i
![Page 10: EXTENDED PRIVATE INFORMATION RETRIEVAL (EPIR) AND ITS APPLICATION IN BIOMETRICS AUTHENTICATIONS AUTHOR: SUMUKHI CHANDRASHEKAR.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b78c2e/html5/thumbnails/10.jpg)
EVALUATION SUMMARY FOR HARD WARE BASED & PRE PROCESSOR
Parameter Protocols Ideal Protocol
[SS00 - SS01] (S C based)
[BDF00 - SJ00] (Pre Processing)
Communication(online)
Optimal Optimal Optimal
Response Time O(N) O(1) O(1)
Communication(offline)
NO O(N) NO
Pre Processing NO YES YES
![Page 11: EXTENDED PRIVATE INFORMATION RETRIEVAL (EPIR) AND ITS APPLICATION IN BIOMETRICS AUTHENTICATIONS AUTHOR: SUMUKHI CHANDRASHEKAR.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b78c2e/html5/thumbnails/11.jpg)
AN EXAMPLE FOR PIR: ALMOST OPTIMAL PIR
Basic Idea of the Protocol Previous approaches that used SC(Secure Co
Processor), O(1) communication complexity but O(N) complexity of Responses
The Pre Processing approaches, O(1) response time but O(N) communication complexity
Combine the 2 above approachesSteps involved in our Protocol
Preprocessing data inside SC Process Query online Protocol for SC and Users
![Page 12: EXTENDED PRIVATE INFORMATION RETRIEVAL (EPIR) AND ITS APPLICATION IN BIOMETRICS AUTHENTICATIONS AUTHOR: SUMUKHI CHANDRASHEKAR.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b78c2e/html5/thumbnails/12.jpg)
BASIC PROTOCOL MODEL
USER
SERVER
The Model is based on the book: Querying Data Base Privately, Asonov
![Page 13: EXTENDED PRIVATE INFORMATION RETRIEVAL (EPIR) AND ITS APPLICATION IN BIOMETRICS AUTHENTICATIONS AUTHOR: SUMUKHI CHANDRASHEKAR.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b78c2e/html5/thumbnails/13.jpg)
STEPS INVOLVED: PREPROCESSING DATA INSIDE SC
The Purpose To generate permutation of the data base
records (N) , transforms DB into DB П , Such that
DB [i] = DB П[П[i]] SC keeps the shuffle index as a secrete Server does not know the Index of shuffling
![Page 14: EXTENDED PRIVATE INFORMATION RETRIEVAL (EPIR) AND ITS APPLICATION IN BIOMETRICS AUTHENTICATIONS AUTHOR: SUMUKHI CHANDRASHEKAR.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b78c2e/html5/thumbnails/14.jpg)
THE PROTOCOL
Protocol between Server and Client to process the query
i
E R(?)
E R(?)
INTER NAL
V1 index
![Page 15: EXTENDED PRIVATE INFORMATION RETRIEVAL (EPIR) AND ITS APPLICATION IN BIOMETRICS AUTHENTICATIONS AUTHOR: SUMUKHI CHANDRASHEKAR.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b78c2e/html5/thumbnails/15.jpg)
PROCESSES QUERY ONLINE
Required: DB shuffled & V1 , a copy of the shuffled records and the index of DB shuffled
k: The sequence number of the query being processed
i: The number of DB record requested
Ensured: Answer, R I , the record retrieved without server’s knowledge.
3 steps are involved Read the already accessed records, If found,
Return Read all records in the cache of DB shuffled , if
found, Return Randomly select records from DB and put into
cache
![Page 16: EXTENDED PRIVATE INFORMATION RETRIEVAL (EPIR) AND ITS APPLICATION IN BIOMETRICS AUTHENTICATIONS AUTHOR: SUMUKHI CHANDRASHEKAR.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b78c2e/html5/thumbnails/16.jpg)
AN OBLIVIOUS TRANSFER PROTOCOLAUTHOR: PROF. LIPMAA
CIPR l n Protocol, with log-squared
communication Length flexible additively homomorphic
public key crypto system with additional length parameter involved
LFAH is 3 tuple , [Gen, Encrypt, Decrypt]
Generator Algo
Encrpt(pk,s,m,r) decrpt(sk,s,c)
![Page 17: EXTENDED PRIVATE INFORMATION RETRIEVAL (EPIR) AND ITS APPLICATION IN BIOMETRICS AUTHENTICATIONS AUTHOR: SUMUKHI CHANDRASHEKAR.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b78c2e/html5/thumbnails/17.jpg)
OVER VIEW
A CPIRnl protocol (Query; Transfer; Recover)
Consider S sized DB as an dimensional database
Index every element of S to S[i] ….. S[] Use homomorphic property to create a new
DB S1
With -1 dimension, such that new S1 = Encrypt(S)
Recursively perform this procedure until we get S that is encryption of S[q]
s >=1: encrypts plaintext of sk bits to a cipher text of (s+1)k bits
E s K(m1) . E s K (m2) = E s K (m1+m2) , Thus also E s+1 K(m1) . E s K (m2) = E s+1K (m1 . E s K
(m2) )
![Page 18: EXTENDED PRIVATE INFORMATION RETRIEVAL (EPIR) AND ITS APPLICATION IN BIOMETRICS AUTHENTICATIONS AUTHOR: SUMUKHI CHANDRASHEKAR.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b78c2e/html5/thumbnails/18.jpg)
GENERIC IDEA WHEN THE RANGE = 2
11 = 12 = 13 = 14 =
E s K(0) E s K(0) E s K(0) E s K(0)
(1,1)
(2,1)
(3,1)
(4,1)
(1,2)
(2,2)
(3,2)
(4,2)
(1,3)
(2,3)
(3,3)
(4,3)
(1,4)
(2,4)
(3,4)
(4,4)
w11 = i 1i (1,i) E s K ((1,1 ))
w12 = i 1i (1,i) E s K ((2,1 ))
w13 = i 1i (1,i) E s K ((3,1 ))
w14 = i 1i (1,i) E s K ((4,1 ))
![Page 19: EXTENDED PRIVATE INFORMATION RETRIEVAL (EPIR) AND ITS APPLICATION IN BIOMETRICS AUTHENTICATIONS AUTHOR: SUMUKHI CHANDRASHEKAR.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b78c2e/html5/thumbnails/19.jpg)
ALGORITHM IN DETAIL
Inputs: Alice has query i [n], Bob has D = (D1, .. Dn) where Dj ZN
Alice generates a new public/private key pair (pk, sk) for an additively homomorphic secure public-key cryptosystem E
Alice generates her message a Epk (i ; *) and sends
A(i) (pk, a) to Bob, He stops if Public is not valid Bob does for every j {1, . . . , n}, he
Sets bj (a/Epk (j ; 1))* · Epk (Dj ; *) Bob sends (b1, . . . , bn) to Alice, Alice decrypts bi
and obtains Thus Di = Dsk (bi )
![Page 20: EXTENDED PRIVATE INFORMATION RETRIEVAL (EPIR) AND ITS APPLICATION IN BIOMETRICS AUTHENTICATIONS AUTHOR: SUMUKHI CHANDRASHEKAR.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b78c2e/html5/thumbnails/20.jpg)
CORRECTNESS AND SECURITY Bob does for every j{1, . . . , n}
Sets bj (a/Epk (j ; 1))* · Epk (Dj ; *) Since a = Epk (i ; * ),
bj = (Epk (i ; * )/Epk (j ; 1)) · Epk (Dj ; *) Because E is additively homomorphic,bj = (Epk (i − j ;* ))* · Epk (Dj;*) = (Epk (*· (i − j );
r )) · Epk (Dj;*)for some rIf i = j thenbj = Epk (0; r ) · Epk (Dj ; *) = Epk (Dj ; * )and thus Dsk (bj ) = Dj Thus Alice obtains Di
![Page 21: EXTENDED PRIVATE INFORMATION RETRIEVAL (EPIR) AND ITS APPLICATION IN BIOMETRICS AUTHENTICATIONS AUTHOR: SUMUKHI CHANDRASHEKAR.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b78c2e/html5/thumbnails/21.jpg)
COMPLEXITY & PROTOCOL ANALYSIS
Suitable for sending integers from Zd User sends (s+( +1/2)) n1/ k bits Sk = log (d) => ( log(d)+ ( +1/2)k) n1/
bits Optimal if = O(log2n)
![Page 22: EXTENDED PRIVATE INFORMATION RETRIEVAL (EPIR) AND ITS APPLICATION IN BIOMETRICS AUTHENTICATIONS AUTHOR: SUMUKHI CHANDRASHEKAR.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b78c2e/html5/thumbnails/22.jpg)
GENERALIZATION OF PIR – EPIR FOR BIOMETRIC DATA
Motivation Processing sensitive information such as
biometrics. Biometric data can be represented as
Strings.
![Page 23: EXTENDED PRIVATE INFORMATION RETRIEVAL (EPIR) AND ITS APPLICATION IN BIOMETRICS AUTHENTICATIONS AUTHOR: SUMUKHI CHANDRASHEKAR.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b78c2e/html5/thumbnails/23.jpg)
FORMAL DEFINITION OF EPIR
Generalized concept of PIR The concept of SC Shuffling of Database
EIPR protocol enables user to retrieve a block data as a function of (Block of Database, Input)
This is an extension to PIR: with f (Ri , x) = Ri
![Page 24: EXTENDED PRIVATE INFORMATION RETRIEVAL (EPIR) AND ITS APPLICATION IN BIOMETRICS AUTHENTICATIONS AUTHOR: SUMUKHI CHANDRASHEKAR.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b78c2e/html5/thumbnails/24.jpg)
PRIVACY PROPERTIES OF EPIR
User Privacy Database Privacy
![Page 25: EXTENDED PRIVATE INFORMATION RETRIEVAL (EPIR) AND ITS APPLICATION IN BIOMETRICS AUTHENTICATIONS AUTHOR: SUMUKHI CHANDRASHEKAR.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b78c2e/html5/thumbnails/25.jpg)
USER PRIVACY – ATTACK GAME
Assume , adversary A plays the role of the database, and tries to learn some information from the user. The function f is fixed:
Definition First instance of A, generates the database:
(R1,R2, · · · ,RN) , N records in Database A outputs (i0, i1, x0, x1) : The Part of
database & input String The user randomly chooses b in {0, 1} and
issues a retrieve-query on input (ib, xb) with A
A outputs a guess b1.
![Page 26: EXTENDED PRIVATE INFORMATION RETRIEVAL (EPIR) AND ITS APPLICATION IN BIOMETRICS AUTHENTICATIONS AUTHOR: SUMUKHI CHANDRASHEKAR.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b78c2e/html5/thumbnails/26.jpg)
DATA BASE PRIVACY – ATTACK GAME
Assume A plays the role of the user, and tries to distinguish between the execution with an actual database, from the execution with a simulator. The function f is fixed:
Definition The challenger, Data Base randomly chooses b
in {0, 1}.If b = 0 then A will interact with an actual database.If b = 1 then A will interact with a simulator S that,
for a retrieve-query on input (i, x), only knows f (Ri , x).
User A generates the database: (R1,R2, · · · ,RN) , N record Data Base
User A issues retrieve-queries , May query the Data base or the Simulators
Then, A outputs a guess b1.
![Page 27: EXTENDED PRIVATE INFORMATION RETRIEVAL (EPIR) AND ITS APPLICATION IN BIOMETRICS AUTHENTICATIONS AUTHOR: SUMUKHI CHANDRASHEKAR.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b78c2e/html5/thumbnails/27.jpg)
SECURE EPIR
An EPIR protocol must satisfy User-Privacy: The attacker must have
negligible advantages of guessing b1 Database-Privacy: The attacker (User) must
have minimum knowledge while guessing b1.
![Page 28: EXTENDED PRIVATE INFORMATION RETRIEVAL (EPIR) AND ITS APPLICATION IN BIOMETRICS AUTHENTICATIONS AUTHOR: SUMUKHI CHANDRASHEKAR.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b78c2e/html5/thumbnails/28.jpg)
EPIR PROTOCOLS
Equality : ElGamal Variant Hamming Distance :BGN
![Page 29: EXTENDED PRIVATE INFORMATION RETRIEVAL (EPIR) AND ITS APPLICATION IN BIOMETRICS AUTHENTICATIONS AUTHOR: SUMUKHI CHANDRASHEKAR.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b78c2e/html5/thumbnails/29.jpg)
EQUALITY EPIR PROTOCOL
I B
Compare information form User U and a Block B from the DB
f(R b , i) == 1 , if they are equal Else 0.
![Page 30: EXTENDED PRIVATE INFORMATION RETRIEVAL (EPIR) AND ITS APPLICATION IN BIOMETRICS AUTHENTICATIONS AUTHOR: SUMUKHI CHANDRASHEKAR.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b78c2e/html5/thumbnails/30.jpg)
EQUALITY EPIR PROTOCOL
Variant of ElGamal:sk = x pk = y = gx ξ(m) = ξ(m, r ) = (gr , yrgm). User U wants to retrieve the value f (R i ,m) U generates an ElGamal key pair (pk (Public
Key), sk (Private Key)) U first sends pk and c = ξ(i & m) to the DB DB generates a randomized database:Cj = (c/ ξ(j & Rj )) rj = ξ ((i& m − j & Rj ) × rj) U and DB run a PIR protocol to retrieve Ci : U then decrypts Ci . It decrypts to 0 iff m = Ri
.
![Page 31: EXTENDED PRIVATE INFORMATION RETRIEVAL (EPIR) AND ITS APPLICATION IN BIOMETRICS AUTHENTICATIONS AUTHOR: SUMUKHI CHANDRASHEKAR.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b78c2e/html5/thumbnails/31.jpg)
SECURITY OF EPIR EQUALITY
User-Privacy: PIR user-privacy + DDH , Therefore, EPIR achieves better user-privacy
Database-Privacy: EPIR unconditionally achieves database-privacy.
![Page 32: EXTENDED PRIVATE INFORMATION RETRIEVAL (EPIR) AND ITS APPLICATION IN BIOMETRICS AUTHENTICATIONS AUTHOR: SUMUKHI CHANDRASHEKAR.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b78c2e/html5/thumbnails/32.jpg)
BIOMETRIC APPLICATION FOR EPIR EQUALITY
User U has to be authenticated by Server S through Client C and DB is the database which stores the relevant information
The two phases in Biometric AuthenticationEnrollment
Registration with DB Enc(ID I, Ri)
Registration, ID i
(m,m1,)
![Page 33: EXTENDED PRIVATE INFORMATION RETRIEVAL (EPIR) AND ITS APPLICATION IN BIOMETRICS AUTHENTICATIONS AUTHOR: SUMUKHI CHANDRASHEKAR.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b78c2e/html5/thumbnails/33.jpg)
Authentication
Client C will extract the Biometric template of U C sends ID I to server and X to DB (Encg(g ID i/ b I ,
pk) DB generates a Randomized database Server runs PIR to retrieve c I Dec(ci, sk) == 1, then Equal strings and thus
accepts the request
Biometrics adjusted
ID I & (Encg(g ID i/ b I , pk)
![Page 34: EXTENDED PRIVATE INFORMATION RETRIEVAL (EPIR) AND ITS APPLICATION IN BIOMETRICS AUTHENTICATIONS AUTHOR: SUMUKHI CHANDRASHEKAR.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b78c2e/html5/thumbnails/34.jpg)
TO VERIFY IMPERSONATION
![Page 35: EXTENDED PRIVATE INFORMATION RETRIEVAL (EPIR) AND ITS APPLICATION IN BIOMETRICS AUTHENTICATIONS AUTHOR: SUMUKHI CHANDRASHEKAR.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b78c2e/html5/thumbnails/35.jpg)
HAMMING DISTANCE PROTOCOL WITH BGN
U wants to compute the Weighted Hamming distance between a string S chosen by itself and a block Ri from DB:
Notation: for an l-bit string S, S(k) is the k-th bit of S.
Weights: the weight vector is (w1,w2, · · · ,w), where wk are integers (1<=k<=l).
Function:f (Ri ,S) =∑k=1
l1 wk × (Rki (+) Sk)
![Page 36: EXTENDED PRIVATE INFORMATION RETRIEVAL (EPIR) AND ITS APPLICATION IN BIOMETRICS AUTHENTICATIONS AUTHOR: SUMUKHI CHANDRASHEKAR.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b78c2e/html5/thumbnails/36.jpg)
BGN BASED HAMMING DISTANCE PROTOCOL U wants to retrieve f (Ri ,X): U generates a pk(public key) = (n, G, G1,ê ,g,
h) and sk=q1 To retrieve f (Ri ,X), User has to send (c, ck)
to the server where c=gI hr & ck = gX(k)
hsk ,where 1<=k<=l 1 & 1<=i<=n Once the server receives (c, ck), the server
would compute mj,k , where
mj,k = ˆe(g, g)X(k)⊕R(k)j ˆe(h, g)sk (1−2 R(k)j )
Compute Cj, where rj, rj are randomly chosen from Zn (Partion the DB)
And, finally U runs PIR to retrieve Ci
![Page 37: EXTENDED PRIVATE INFORMATION RETRIEVAL (EPIR) AND ITS APPLICATION IN BIOMETRICS AUTHENTICATIONS AUTHOR: SUMUKHI CHANDRASHEKAR.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b78c2e/html5/thumbnails/37.jpg)
SECURITY OF EPIR HAMMING DISTANCE
User privacy: If the PIR protocol achieves user privacy, the EPIR protocol for computing Hamming distance achieves user privacy based on the subgroup decision assumption.
Database privacy: The EPIR protocol for computing Hamming distance achieves database privacy (unconditionally).
![Page 38: EXTENDED PRIVATE INFORMATION RETRIEVAL (EPIR) AND ITS APPLICATION IN BIOMETRICS AUTHENTICATIONS AUTHOR: SUMUKHI CHANDRASHEKAR.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b78c2e/html5/thumbnails/38.jpg)
BIOMETRIC APPLICATION FOR EPIR HAMMING DISTANCE PROTOCOL The server S makes the decision based on
the exact matching of the biometric pattern The two phases in Biometric Authentication
Enrollment
Registration, ID i
Registration with DB Enc(ID I, i k)
![Page 39: EXTENDED PRIVATE INFORMATION RETRIEVAL (EPIR) AND ITS APPLICATION IN BIOMETRICS AUTHENTICATIONS AUTHOR: SUMUKHI CHANDRASHEKAR.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b78c2e/html5/thumbnails/39.jpg)
Authentication Client C extras the biometric pattern ,sends c
and ck to the DB and sends ID I to the server The DB computes the hamming distance
(typically runs EPRI Hamming distance) S runs EPIR protocol to retrieve Ci and
computes d, Such that Cq1i = ˆe(gq1, g)d
If d is less than the threshold value, it accepts
![Page 40: EXTENDED PRIVATE INFORMATION RETRIEVAL (EPIR) AND ITS APPLICATION IN BIOMETRICS AUTHENTICATIONS AUTHOR: SUMUKHI CHANDRASHEKAR.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b78c2e/html5/thumbnails/40.jpg)
COMPARISON BETWEEN THE 2 ABOVE BIOMETRICS AUTHENTICATION
Hamming distance biometrics is better for the following reasons No need for storing Sketch by Client U (user) need not store any information It works for noisy sketch also
![Page 41: EXTENDED PRIVATE INFORMATION RETRIEVAL (EPIR) AND ITS APPLICATION IN BIOMETRICS AUTHENTICATIONS AUTHOR: SUMUKHI CHANDRASHEKAR.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b78c2e/html5/thumbnails/41.jpg)
FURTHER RESEARCH AREAS
Further optimize the on-line computation and communication, and gain a full use of such real-world assumptions, as preprocessing and off-line communication.
Similarity Comparison implementation.
![Page 42: EXTENDED PRIVATE INFORMATION RETRIEVAL (EPIR) AND ITS APPLICATION IN BIOMETRICS AUTHENTICATIONS AUTHOR: SUMUKHI CHANDRASHEKAR.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b78c2e/html5/thumbnails/42.jpg)
CONCLUSIONS
This Presentation has discussed a new Generalization of PRI and two of its Protocol Types
The randomizations of the database are been provided in both protocols in order to achieve Privacy of Information.
We also have seen how to construct strong privacy using these protocols on biometrics data
![Page 43: EXTENDED PRIVATE INFORMATION RETRIEVAL (EPIR) AND ITS APPLICATION IN BIOMETRICS AUTHENTICATIONS AUTHOR: SUMUKHI CHANDRASHEKAR.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b78c2e/html5/thumbnails/43.jpg)
REFERENCES
6th International Conference, CANS 2007 Singapore, December 8-10, 2007 Proceedings
Dmitri Asonov ,Querying Data Bases Privately Atallah, M.J., Frikken, K.B., Goodrich, M.T.,
Tamassia, R., Secure biometric authentication for weak computational devices. Financial Cryptography, 357–371 (2005)
Ostrovsky, R., Skeith III, W.E.: A survey of single database PIR, Techniques and applications. Cryptology ePrint Archive: Report 2007/059 (2007)
![Page 44: EXTENDED PRIVATE INFORMATION RETRIEVAL (EPIR) AND ITS APPLICATION IN BIOMETRICS AUTHENTICATIONS AUTHOR: SUMUKHI CHANDRASHEKAR.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b78c2e/html5/thumbnails/44.jpg)
THANK YOU
Questions?