Coexistence Among Cryptography and Noisy Data Theory and Applications Alawi A. Al-Saggaf, PhD. King Fahd University of Petroleum and Minerals, alawi@kfupm.edu.sa 28th April, 2014

Motivations for Current Research

Motivations for Current Research The bad news about Password and smart card breaches: Password may be forgotten, easy to guess, difficult to remember. Passwords cracking (such as John the Ripper) easily to defeat the hash value of the password. Smart cad may be lost, stolen, easy to share.

Who Are You?

Motivations for Current Research (Cont’d)

Why Biometrics?

Robustness Security Level Method

Usefulness The Future of Biometrics Market Research Report

Trends in biometric systems' deployment in the United States (2003)* *Frost and Sullivan. U.S. Biometric Network Authentication Markets, 2004.

Biometrics Template Attacks

Biometrics Templates Attacks Replacing Template Tempering Template Stolen Template

Biometrics is a Noisy Data Same Person h(1101111101111111……) h(1110011100111111……)

Mathematical framework For Coexistence among Cryptography and Noisy Data

Select security parameter k∊K Generate crisp PK Fk :g(M)×X→E Encode the committed message m: g(m)=c Witness chosen randomly x∊RX Fuzzy PK F:g(M)×X→Y Fuzzy Encryption y=(Fk(c,x) ,x-c)=(ε,δ) If (t<t3) Apply error correction f(c’)=f(x’- δ) Crisp Encryption ε’ =Fk(f(c’) , (δ + f(c’) )) Cd(ε’ )=1 Yes No Wait Reveal x’ to B B act g-1(f(c’))=m Error message t1 t2 t3 Fd(f(c’))=1 y Comm algorithm Party Ted: Setup phase Party A: Commit phase Setup algorithm Open algorithm Party B: Open phase

Security Analysis

Bound derivation for hiding property Theorem 5.1: Suppose that (witness space) and (error correcting code set) are two independent random variables over the same sample space , and let be a random variable (difference vector) obtained by “exclusive OR” of elements of and . Then the probability that an attacker is able to compute either or from the difference vector is no more than , where is the size of the error correcting code .

Bound derivation for Statistical hiding property Theorem 5.2: For any , let be a fuzzy public key. Then, an the proposed scheme based on is and the value of is always computed as: For and

Bound derivation for computational binding property Theorem 5.3: For any , let be a fuzzy public key. Then, the proposed scheme based on is and the value of is always computed as:

Applications

Crisp encryption algorithm 1. Secure Biometrics System Enrollment Procedure Authentication procedure Iris biometric Choose a codeword c Fuzzy Encryption Crisp encryption algorithm Encryption Concealing algorithm Difference vector δ Retrieve algorithm Iris extraction Iris biometric input B Iris extraction 20

key generation Procedure 2. Retrieve cryptographic key from biometrics template Registration Procedure key generation Procedure Fuzzy Encryption Difference vector Iris code extraction Retrieve Iris code extraction Encoding Encryption Decode Cryptographic key Encryption Yes Is Cryptographic key generated No Error message

PW PW 3. Biometrics based Remote User Authentication using Smart Cards Registration protocol Registration Center PW ♥ Alice Logon protocol Server ♥ Authentication PW

Thank you