Fuzzy Commitment Ari Juels RSA Laboratories [email protected] DIMACS Workshop on Cryptography:...
-
date post
20-Dec-2015 -
Category
Documents
-
view
213 -
download
1
Transcript of Fuzzy Commitment Ari Juels RSA Laboratories [email protected] DIMACS Workshop on Cryptography:...
![Page 1: Fuzzy Commitment Ari Juels RSA Laboratories ajuels@rsasecurity.com DIMACS Workshop on Cryptography: Theory Meets Practice 15 October 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032801/56649d535503460f94a2fa86/html5/thumbnails/1.jpg)
Fuzzy Commitment
Ari JuelsRSA Laboratories
DIMACS Workshop on Cryptography: Theory Meets Practice15 October 2004
![Page 2: Fuzzy Commitment Ari Juels RSA Laboratories ajuels@rsasecurity.com DIMACS Workshop on Cryptography: Theory Meets Practice 15 October 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032801/56649d535503460f94a2fa86/html5/thumbnails/2.jpg)
Part I:Data secrecy in biometric authentication systems
![Page 3: Fuzzy Commitment Ari Juels RSA Laboratories ajuels@rsasecurity.com DIMACS Workshop on Cryptography: Theory Meets Practice 15 October 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032801/56649d535503460f94a2fa86/html5/thumbnails/3.jpg)
The Classical View of Biometric Authentication
Is it Woody? Yes, it’s Woody!
![Page 4: Fuzzy Commitment Ari Juels RSA Laboratories ajuels@rsasecurity.com DIMACS Workshop on Cryptography: Theory Meets Practice 15 October 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032801/56649d535503460f94a2fa86/html5/thumbnails/4.jpg)
The Classical View of Biometric Authentication
Is it Woody? Yes, it’s Woody!
WoodyAllen
=?
![Page 5: Fuzzy Commitment Ari Juels RSA Laboratories ajuels@rsasecurity.com DIMACS Workshop on Cryptography: Theory Meets Practice 15 October 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032801/56649d535503460f94a2fa86/html5/thumbnails/5.jpg)
The Classical View of Biometric Authentication
WoodyAllen
=?
Hello,Mr. Woody Allen
![Page 6: Fuzzy Commitment Ari Juels RSA Laboratories ajuels@rsasecurity.com DIMACS Workshop on Cryptography: Theory Meets Practice 15 October 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032801/56649d535503460f94a2fa86/html5/thumbnails/6.jpg)
In these scenarios, biometric data need not be kept secret
• Spoofing is difficult with human oversight
• Indeed, your face is public anyway • (Assuming, of course, that passport
is not a forgery)
But what happens when…
![Page 7: Fuzzy Commitment Ari Juels RSA Laboratories ajuels@rsasecurity.com DIMACS Workshop on Cryptography: Theory Meets Practice 15 October 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032801/56649d535503460f94a2fa86/html5/thumbnails/7.jpg)
A human-guided process
WoodyAllen
=?
![Page 8: Fuzzy Commitment Ari Juels RSA Laboratories ajuels@rsasecurity.com DIMACS Workshop on Cryptography: Theory Meets Practice 15 October 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032801/56649d535503460f94a2fa86/html5/thumbnails/8.jpg)
Becomes automated?
WoodyAllen
=?
![Page 9: Fuzzy Commitment Ari Juels RSA Laboratories ajuels@rsasecurity.com DIMACS Workshop on Cryptography: Theory Meets Practice 15 October 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032801/56649d535503460f94a2fa86/html5/thumbnails/9.jpg)
Secrecy of biometric data is now more important to
security• Reason 1:
Automation will mean relaxation of human oversight– More opportunity for
spoofing– Spoofing iris / face
readers with printed images, “gummy” fingers, etc.
Schiphol airport: Iris scanning
![Page 10: Fuzzy Commitment Ari Juels RSA Laboratories ajuels@rsasecurity.com DIMACS Workshop on Cryptography: Theory Meets Practice 15 October 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032801/56649d535503460f94a2fa86/html5/thumbnails/10.jpg)
Secrecy of biometric data is now more important to
security• Reason 2: Spillover
into remote / home authentication!
WoodyAllen
Woody’s PC
Server
![Page 11: Fuzzy Commitment Ari Juels RSA Laboratories ajuels@rsasecurity.com DIMACS Workshop on Cryptography: Theory Meets Practice 15 October 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032801/56649d535503460f94a2fa86/html5/thumbnails/11.jpg)
And revocation is hard!
First password
Second password
![Page 12: Fuzzy Commitment Ari Juels RSA Laboratories ajuels@rsasecurity.com DIMACS Workshop on Cryptography: Theory Meets Practice 15 October 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032801/56649d535503460f94a2fa86/html5/thumbnails/12.jpg)
Yet passports will transmit biometrics via RFID to any
standard reader…
WoodyAllen
Clandestine scanning
10cm range under legal conditions
How much with a rogue reader? One meter?
How much from eavesdropping on legitimate reader?
Optical keys / Faraday cages?
ICAO (International CivilAviation Organization) standard –imminent adoption through DHS effort
![Page 13: Fuzzy Commitment Ari Juels RSA Laboratories ajuels@rsasecurity.com DIMACS Workshop on Cryptography: Theory Meets Practice 15 October 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032801/56649d535503460f94a2fa86/html5/thumbnails/13.jpg)
But isn’t my face public anyway?
Copying a biometric is somewhat like copying a painting…
•Facial images require special conditions for matching to work. In U.K., you’re not allowed to smile in passport photos any longer!•Best for forger to have target image, i.e., one in passport serving as basis for authentication•Iris and fingerprint are harder to capture than face
Suppose you want to copy a painting…
snapshot professional photo
![Page 14: Fuzzy Commitment Ari Juels RSA Laboratories ajuels@rsasecurity.com DIMACS Workshop on Cryptography: Theory Meets Practice 15 October 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032801/56649d535503460f94a2fa86/html5/thumbnails/14.jpg)
Part II:Towards secrecy in biometric
authentication systems
![Page 15: Fuzzy Commitment Ari Juels RSA Laboratories ajuels@rsasecurity.com DIMACS Workshop on Cryptography: Theory Meets Practice 15 October 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032801/56649d535503460f94a2fa86/html5/thumbnails/15.jpg)
password
Cryptographic tools for password secrecy
![Page 16: Fuzzy Commitment Ari Juels RSA Laboratories ajuels@rsasecurity.com DIMACS Workshop on Cryptography: Theory Meets Practice 15 October 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032801/56649d535503460f94a2fa86/html5/thumbnails/16.jpg)
password
Cryptographic tools for password secrecy
h (password, salt)
Epassword[key]
Password-based key agreement
![Page 17: Fuzzy Commitment Ari Juels RSA Laboratories ajuels@rsasecurity.com DIMACS Workshop on Cryptography: Theory Meets Practice 15 October 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032801/56649d535503460f94a2fa86/html5/thumbnails/17.jpg)
Cryptographic tools for biometric secrecy
h ( , salt)
E [key]
Finger-based key agreement?
?
![Page 18: Fuzzy Commitment Ari Juels RSA Laboratories ajuels@rsasecurity.com DIMACS Workshop on Cryptography: Theory Meets Practice 15 October 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032801/56649d535503460f94a2fa86/html5/thumbnails/18.jpg)
Problem: Biometrics are variable,
i.e., error-prone…
• Differing angles of presentation• Differing amounts of pressure• Chapped skin
and standard crypto does not tolerate errors!
WoodyAllen
!
![Page 19: Fuzzy Commitment Ari Juels RSA Laboratories ajuels@rsasecurity.com DIMACS Workshop on Cryptography: Theory Meets Practice 15 October 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032801/56649d535503460f94a2fa86/html5/thumbnails/19.jpg)
We want “fuzzy” cryptography
• Error-tolerant crypto primitives– E.g., Ek[m]Dk’ [ ]= m if k ≈ k’
• Body of “fuzzy” crypto literature:– Davida, Frankel, & Matt ’98– “Biometric encryption” (breakable)– Juels & Wattenberg ’99 (“fuzzy commitment”)
Application of FJ ‘01 to “life questions” now in RSA product…
– Monrose, Reiter, & Wetzel ’99 + follow-on– Juels & Sudan ’01– Dodis, Rezyin, & Smith ’04– Boyen in ten minutes…
But no rigorous application to real biometrics yet!
![Page 20: Fuzzy Commitment Ari Juels RSA Laboratories ajuels@rsasecurity.com DIMACS Workshop on Cryptography: Theory Meets Practice 15 October 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032801/56649d535503460f94a2fa86/html5/thumbnails/20.jpg)
Why everybody has nice eyes
• An iriscode has an estimated 250 bits of entropy! – Contrast 1/10,000 false
acceptance for fingerprints…
– Most people have two eyes!
• Hamming distance is the metric for iriscode similarity– E. g. , fuzzy commitment
applies directly…
iris
iriscode
![Page 21: Fuzzy Commitment Ari Juels RSA Laboratories ajuels@rsasecurity.com DIMACS Workshop on Cryptography: Theory Meets Practice 15 October 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032801/56649d535503460f94a2fa86/html5/thumbnails/21.jpg)
Why it’s not so easy…
• An iriscode can be as long as 4096 bits– Where are those 250 bits of entropy hidden?– Bits are not independent…
• Signal processing data folded into iriscode• Eyelids, eyelashes, and reflections can
occlude much of iris• We could get only 37 pairs of eyes for
experiments…
![Page 22: Fuzzy Commitment Ari Juels RSA Laboratories ajuels@rsasecurity.com DIMACS Workshop on Cryptography: Theory Meets Practice 15 October 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032801/56649d535503460f94a2fa86/html5/thumbnails/22.jpg)
A first attempt
Tricks:1. Use staggered samples: yields up to 75 independent bits2. Use multiple scans to reduce error rate3. Play some ad-hoc tricks with signal-processing data
Result: Able to extract a 60-bit or so key from a pair of irises, but how much were methods fitted to data?
![Page 23: Fuzzy Commitment Ari Juels RSA Laboratories ajuels@rsasecurity.com DIMACS Workshop on Cryptography: Theory Meets Practice 15 October 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032801/56649d535503460f94a2fa86/html5/thumbnails/23.jpg)
Conclusion
• Ongoing work (joint with Mike Szydlo & Brent Waters)– Trying to understand iriscode distribution– Need programming help!
• Other groups trying to apply fuzzy crypto to fingerprints
• Natural place where theory (crypto) meets practice (the human being)– … and error-prone devices too, e.g., POWFs,
PUFs…• With biometrics on the march, imminent
surge of interest in these techniques?