Ari Juels RSA Laboratories Marty Wattenberg 328 W. 19th Street, NYC A Fuzzy Commitment Scheme.

Slides:



Advertisements
Similar presentations
Error-Tolerant Password Recovery Niklas Frykholm and Ari Juels RSA Laboratories.
Advertisements

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
RPC Mixing: Making Mix-Nets Robust for Electronic Voting Ron Rivest MIT Markus Jakobsson Ari Juels RSA Laboratories.
Hash Function. What are hash functions? Just a method of compressing strings – E.g., H : {0,1}*  {0,1} 160 – Input is called “message”, output is “digest”
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Biometry and Security: Secure Biometric Authentication for Weak Computational Devices Author: Zelenevskiy Vladimir Based on the research by M.J. Atallah.
CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.
Fuzzy Vaults: Toward Secure Client-Side Matching Ari Juels RSA Laboratories 10th CACR Information Security Workshop 8 May 2002 LABORATORIES.
Securing Fingerprint Template - Fuzzy Vault with Helper Data
Fuzzy Stuff Lecture 24, Outline Motivation: Biometric Architectures Motivation: Biometric Architectures New Tool (for us): Error Correcting.
Cryptology Passwords and Authentication Prof. David Singer Dept. of Mathematics Case Western Reserve University.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
Anonymous Biometrics: Privacy Protection of Biometric Templates Pim Tuyls, E. Verbitskiy, D. Denteneer, J.P. Linnartz, J. Goseling, T. Ignatenko
Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science © Matt.
 Secure Authentication Using Biometric Data Karen Cui.
Class on Security Raghu. Current state of Security Cracks appear all the time Band Aid solutions Applications are not designed properly OS designs are.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
Chap 3: Key exchange protocols In most systems, we distinguish the short term keys from the long term ones: –A short term key (session key) is used to.
Fuzzy Commitment Ari Juels RSA Laboratories DIMACS Workshop on Cryptography: Theory Meets Practice 15 October 2004.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.
1 Intro To Encryption Exercise 6. 2 Problem Is every (weak) CRHF also a OWF.
Security-Authentication
1J. M. Kizza - Ethical And Social Issues Module 16: Biometrics Introduction and Definitions Introduction and Definitions The Biometrics Authentication.
Module 14: Biometrics Introduction and Definitions The Biometrics Authentication Process Biometric System Components The Future of Biometrics J. M. Kizza.
Encryption. Introduction Computer security is the prevention of or protection against –access to information by unauthorized recipients –intentional but.
Security systems need to be able to distinguish the “white hats” from the “black hats”. This all begins with identity. What are some common identifiers.
Practical Techniques for Searches on Encrypted Data Yongdae Kim Written by Song, Wagner, Perrig.
Authentication Approaches over Internet Jia Li
Csci5233 Computer Security1 Bishop: Chapter 10 Key Management: Digital Signature.
Csci5233 Computer Security1 Bishop: Chapter 12 Authentication.
Authentication and Authorization Authentication is the process of verifying a principal’s identity (but how to define “identity”?) –Who the person is –Or,
Computer encryption is… Based on the science of cryptography.
 The advancement of science and technology is directly proportional to the advancement of time.  As we are swimming in the current of time we are gradually.
EE515/IS523 Think Like an Adversary Lecture 4 Crypto in a Nutshell Yongdae Kim.
Biometrics Stephen Schmidt Brian Miller Devin Reid.
Lecture 7 Page 1 CS 236, Spring 2008 Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know.
1 Lect. 20. Identification. 2  Entity Authentication (Identification) Over the communication network, one party, Alice, shows to another party, Bob,
Biometrics Authentication Technology
Merkle trees Introduced by Ralph Merkle, 1979 An authentication scheme
Lecture 2: Introduction to Cryptography
Week 4 - Friday.  What did we talk about last time?  Snow day  But you should have read about  Key management.
Authentication Issues and Solutions CSCI 5857: Encoding and Encryption.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
Encryption. Introduction The incredible growth of the Internet has excited businesses and consumers alike with its promise of changing the way we live.
Pertemuan #9 Security in Practice Kuliah Pengaman Jaringan.
Iris Technology Presented By: D.SRIKANTH Biometrics Identifying individuals using their distinct physical or behavior characteristics. Features measured.
Biometric Technologies
Biometrics: A Tool for Information Security 1 Authors: Anil K. Jain, Arun Ross, Sharath Pankanti IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY,
PPP Configuration.
COEN 351 Authentication. Authentication is based on What you know Passwords, Pins, Answers to questions, … What you have (Physical) keys, tokens, smart-card.
Lecture 20 CSE 331 July 30, Longest path problem Given G, does there exist a simple path of length n-1 ?
LEARNING AREA 1 : INFORMATION AND COMMUNICATION TECHNOLOGY PRIVACY AUTHENTICATION VERIFICATION.
Database Laboratory Regular Seminar TaeHoon Kim Article.
 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.
Information Systems Design and Development Security Precautions Computing Science.
An Introduction to Biometrics
Identification (User Authentication). Model Alice wishes to prove to Bob her identity in order to access a resource, obtain a service etc. Bob may ask.
3D Password.
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
Outline The basic authentication problem
Coexistence Among Cryptography and Noisy Data Theory and Applications
Topic 14: Random Oracle Model, Hashing Applications
Biometric technology.
Cryptography Lecture 14.
COEN 351 Authentication.
BY: Michael Etse and Maverick Fermill
Presentation transcript:

Ari Juels RSA Laboratories Marty Wattenberg 328 W. 19th Street, NYC A Fuzzy Commitment Scheme

Biometrics

Biometric authentication: Computer Authentication through Measurement of Biological Characteristics

u Fingerprint scanning u Iris scanning u Voice recognition Types of biometric authentication u Many others... u Face recognition u Body odor Authenticating...

Enrollment / Registration Template t Alice

Enrollment / Registration Alice Server

Authentication Server

Authentication Alice Server

Server verifies against template ?

The Problem...

Template theft

Limited password changes First password Second password

Templates represent intrinsic information about you Alice Theft of template is theft of identity

Towards a solution

password UNIX protection of passwords password h(password) Password

Template protection? h( )

Fingerprint is variable u Differing angles of presentation u Differing amounts of pressure u Chapped skin Don t have exact key!

We need fuzzy commitment ( )

Seems counterintuitive u Cryptographic (hash) function scrambles bits to produce random- looking structure, but uFuzziness or error resistance means high degree of local structure

Error Correcting Codes

Noisy channel Alice Bob Alice, I love… crypto s

Error correcting codes Alice Bob 110

g Function g adds redundancy Bob M 3 bits C 9 bits c Message space Codeword space g

Error correcting codes Alice Bob

f c C Function f corrects errors Alice f

Alice uses g -1 to retrieve message 9 bits C M 3 bits Alice g-1g-1 c Alice gets original, uncorrupted message 110

Constructing C

Idea: Treat template like message W g C(t) = h(g(t))

What do we get? uFuzziness of error-correcting code u Security of hash function-based commitment

Problems Davida, Frankel, and Matt (97) u Results in very large error-correcting code u Do not get good fuzziness u Cannot prove security easily u Dont really have access to message!

Our (counterintuitive) idea: Express template as corrupted codeword u Never use message space!

Express template as corrupted codeword W t w t = w +

t = w + h(w) Idea: hash most significant part for security Idea: leave some local information in clear for fuzziness

How we use fuzzy commitment...

Computing fuzzy hash of template t u Choose w at random u Compute = t - w u Store (h(w), ) as commitment (h(w), )

Verification of fingerprint t u Retrieve C(t) = (h(w), ) u Try to decommit using t: –Compute w = f(t - ) –Is h(w) = h(w)? ?

Characteristics of u Good fuzziness (say, 17%) u Simplicity u Provably strong security –I.e., nothing to steal

Open problems u What do template and error distributions really look like? u What other uses are there for fuzzy commitment? –Graphical passwords

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.