Security with Noisy Data Boris Škorić TU Eindhoven Ei/Ψ anniversary, 24 April 2009 1.

Slides:



Advertisements
Similar presentations
Ari Juels RSA Laboratories Marty Wattenberg 328 W. 19th Street, NYC A Fuzzy Commitment Scheme.
Advertisements

Trusted Design In FPGAs
Detection of Algebraic Manipulation with Applications to Robust Secret Sharing and Fuzzy Extractors Ronald Cramer, Yevgeniy Dodis, Serge Fehr, Carles Padro,
Strong Key Derivation from Biometrics
Novel Reconfigurable Silicon Physical Unclonable Functions Yingjie Lao and Keshab K. Parhi Department of Electrical and Computer Engineering University.
Physical Unclonable Functions and Applications
1 U NIVERSITY OF M ICHIGAN Reliable and Efficient PUF- Based Key Generation Using Pattern Matching Srini Devadas and Zdenek Paral (MIT), HOST 2011 Thomas.
Physical Unclonable Functions
Fuzzy Stuff Lecture 24, Outline Motivation: Biometric Architectures Motivation: Biometric Architectures New Tool (for us): Error Correcting.
CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
NON-MALLEABLE EXTRACTORS AND SYMMETRIC KEY CRYPTOGRAPHY FROM WEAK SECRETS Yevgeniy Dodis and Daniel Wichs (NYU) STOC 2009.
Slender PUF Protocol Authentication by Substring Matching M. Majzoobi, M. Rostami, F. Koushanfar, D. Wallach, and S. Devadas* International Workshop on.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
Fuzzy extractor based on universal hashes
Anonymous Biometrics: Privacy Protection of Biometric Templates Pim Tuyls, E. Verbitskiy, D. Denteneer, J.P. Linnartz, J. Goseling, T. Ignatenko
 Secure Authentication Using Biometric Data Karen Cui.
UCB Security Jean Walrand EECS. UCB Outline Threats Cryptography Basic Mechanisms Secret Key Public Key Hashing Security Systems Integrity Key Management.
CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 7 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.
Cryptography and Network Security Chapter 11. Chapter 11 – Message Authentication and Hash Functions At cats' green on the Sunday he took the message.
1 CIS 5371 Cryptography 9. Data Integrity Techniques.
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
8. Data Integrity Techniques
Chapter 31 Network Security
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
DNSSEC Cryptography Review Track 2 Workshop July 3, 2010 American Samoa Hervey Allen.
Tonga Institute of Higher Education Design and Analysis of Algorithms IT 254 Lecture 9: Cryptography.
Programming Satan’s Computer
14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.
多媒體網路安全實驗室 An Efficient RFID Authentication Protocol for Low-cost Tags Date : Reporter : Hong Ji Wei Authors : Yanfei Liu From : 2008 IEEE/IFIP.
Using ISO tags for Authentication Eddie LaCost Embedded RF.
Doc.: r0 Submission September 17, 2012 René Struik (Intrinsic-Id)Slide 1 Secure Key Storage and True Random Number Generation Date:
Secure storage of cryptographic keys within random volumetric materials Roarke Horstmeyer 1, Benjamin Judkewitz 1, Ivo Vellekoop 2 and Changhuei Yang 1.
Chapter 4: Intermediate Protocols
Bit Error Probability Evaluation of RO PUFs Qinglong Zhang, Zongbin Liu, Cunqing Ma and Jiwu Jing Institute of Information Engineering, CAS, Beijing, China.
1 UCR Hardware Security Primitives with focus on PUFs Slide credit: Srini Devedas and others.
Chapter 21 Distributed System Security Copyright © 2008.
Chapter 16 Security Introduction to CS 1 st Semester, 2012 Sanghyun Park.
Physically Unclonable Function– Based Security and Privacy in RFID Systems Leonid Bolotnyy and Gabriel Robins Dept. of Computer Science University of Virginia.
11.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 11 Message Integrity and Message Authentication.
Dr. Fei Hu { Department of Electrical and Computer Engineering University of Alabama Tuscaloosa, Alabama Introduction to.
14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.
Merkle trees Introduced by Ralph Merkle, 1979 An authentication scheme
Cryptography 1 Crypto Cryptography 2 Crypto  Cryptology  The art and science of making and breaking “secret codes”  Cryptography  making “secret.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Identification Authentication. 2 Authentication Allows an entity (a user or a system) to prove its identity to another entity Typically, the entity whose.
ICOM 5018 Network Security and Cryptography Description This course introduces and provides practical experience in network security issues and cryptographic.
Strong Key Derivation from Noisy Sources Benjamin Fuller December 12, 2014 Based on three works: Computational Fuzzy Extractors [FullerMengReyzin13] When.
1 Leonid Reyzin Boston University Adam Smith Weizmann  IPAM  Penn State Robust Fuzzy Extractors & Authenticated Key Agreement from Close Secrets Yevgeniy.
When is Key Derivation from Noisy Sources Possible?
Design of Physically Unclonable Functions Using FPGAs
International Conference Security in Pervasive Computing(SPC’06) MMC Lab. 임동혁.
Prof. Reuven Aviv, Nov 2013 Public Key Infrastructure1 Prof. Reuven Aviv Tel Hai Academic College Department of Computer Science Public Key Infrastructure.
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
Outline The basic authentication problem
Reusable Fuzzy Extractors for Low-Entropy Distributions
Computer Communication & Networks
Computational Fuzzy Extractors
Cryptographic Hash Function
The Hash Function Dr. Ron Eaglin.
Cryptographic Hash Functions Part I
When are Fuzzy Extractors Possible?
When are Fuzzy Extractors Possible?
Cryptographic Hash Functions Part I
Physical Unclonable Functions and Applications
Presentation transcript:

Security with Noisy Data Boris Škorić TU Eindhoven Ei/Ψ anniversary, 24 April

OUTLINE 1.Private biometrics 2.Physical Unclonable Functions (PUFs) PUFs for anti-counterfeiting PUFs for secure key storage 3.Fuzzy extractors 4.General remarks 2

Private biometrics: intro What's so private? fingerprints everywhere easily photographed no secrecy! Biometrics database access control identification Insider attacks db encryption not enough! How to abuse the database? impersonation identity theft cross-db linking detectable pathologies... yet undiscovered attacks 3

How to preserve privacy? Don't store biometric itself Store a one-way hash (like UNIX password file) Attacker has to invert hash Problem: noise Measurement never the same twice Any bit flip  hash totally changed Need error correction Redundancy data may leak! one-way function Private biometrics: noisy biometrics

Secure Sketch Recover hash compare Gen [Dodis et al., 2003] "Fuzzy Extractor" Uniform string: Efficient storage Quick db search Efficient processing 5 Helper Data Reproduce "extracted string" compare Gen Private biometrics: secure error correction

6 OUTLINE 1.Private biometrics 2.Physical Unclonable Functions (PUFs) PUFs for anti-counterfeiting PUFs for secure key storage 3.Fuzzy extractors 4.General remarks

The counterfeiting problem Frightening numbers: 10% of all medication 10% aircraft spare parts Short history of paper money 800 AD: China, first bills 1450 AD: China abolishes paper money 1601 AD: introduction in Sweden 7 Anti-counterfeiting: introduction

8 Anti-counterfeiting: think big

[Source: Kirovski 2007] Anti-counterfeiting, more voodoo than science Lots of obscurity 9

Traditional approach: add authenticity mark to product hard to forge all marks are identical Er,... WTF? 10 Alternative: [Bauder, Simmons < 1991] unique marks -uncontrollable process -even manufacturer cannot clone digitally signed two-step verification -check sig., then check mark forgery ← cloning / fake signature allows "open" approach - product info - expiry date - mark details Digital signature by Authority XYZ - product info - expiry date - mark details Digital signature by Authority XYZ Anti-counterfeiting: a new approach

Physical Unclonable Function (PUF) [Pappu et al. 2001] physical object unpredictable challenge-response behaviour hard to scrutinize without damaging hard to model mathematically hard ($) to clone physically, even for manufacturer Use PUF as anti-counterfeiting mark Anti-counterfeiting: PUFs

Examples of anti-counterfeiting PUFs Kirovski et al Microsoft research Škorić et al Philips research Pappu et al Buchanan et al MIT, Ingenia, Philips research Anti-counterfeiting: PUF types

Simplest case: mark is not secret use "distance" between measurements no error correction Just like biometrics. Use fuzzy extractor! Without added mark: mark is part of product mark not really secret but... preserve "privacy" of product noisy measurements Anti-counterfeiting: analogy with biometrics

OUTLINE 1.Private biometrics 2.Physical Unclonable Functions (PUFs) PUFs for anti-counterfeiting PUFs for secure key storage 3.Fuzzy extractors 4.General remarks

Secure key storage: intro Problem: Many devices need secret keys -authentication -encryption / decryption -signing Digital key storage -0/1 often distinguishable -invasive attacks Alternative approach: Derive key from PUF more opaque than digital memory extract key when needed, then wipe from RAM invasive attack  key destroyed

Physical Unclonable Function (PUF) physical object unpredictable challenge-response behaviour hard to scrutinize without damaging hard to model mathematically hard ($) to clone physically, even for manufacturer "Physically Obscured Key" (POK) [Gassend et al. 2003] 16 EEPROM - Helper data - E K [Device secrets] PUF Sensor reproduce K Crypto processor Integrated Secure key storage: PUFs

TiN TiO 2 S-RAM PUF [Guajardo et al., Su et al. 2007] Coating PUF [Posch 1998; Tuyls et al. 2006] Integrated optical PUF [Ophey et al. 2006] Silicon PUF [Gassend et al. 2002] FPGA "butterfly" [Kumar et al. 2008] Secure key storage: PUF types

OUTLINE 1.Private biometrics 2.Physical Unclonable Functions (PUFs) PUFs for anti-counterfeiting PUFs for secure key storage 3.Fuzzy extractors 4.General remarks

Required for e.g. privacy preserving biometrics anti-counterfeiting with "product privacy" PUF-based key storage Properties Secrecy and uniformity: Δ(WS; WU) ≤ ε. "S given W is almost uniform" Correctness: If X' sufficiently close to X, then S'=S. Robustness [Boyen et al. 2005]: Detection of active attack against W noisy Dodis et al Juels+Wattenberg 1999 Linnartz+Tuyls 2003 Fuzzy Extractors: intro

Fuzzy Extractors: high-level look at helper data X W Enrolment phase X: measurementW: helper dataS: region index (extracted secret) S Gen(X) = {S, W} X sufficiently "smooth"  W reveals little or nothing about S

Fuzzy Extractors: high-level look at helper data X' Reproduction phase W S Rep(X',W) = S

You need helper data. You really do. Fuzzy Extractors: necessity of helper data Enrolments happen after fixing grid Some X inevitably on boundary -noise can go either way Helper data removes the ambiguity

Fuzzy Extractors: active attacks Active Attack: Modify W  accept wrong X'  accept key S' ≠ S Defense: 1.TTP's signature on W. 2.But... what if there's no PKI? Use secret S itself to authenticate W ! a.hash(W||S). [Boyen 2005] random oracle assumption b.Sacrifice part of S as authentication key. S = S 1 || S 2. MAC(S 1, W) (sort of) [Dodis et al. 2006] information-theoretic security if X has sufficient entropy rate

24 Fuzzy Extractors & PUFs: variety of disciplines FUZZY EXTRACTION FROM PUF physics information theory crypto error-correcting codes security engineering

OUTLINE 1.Private biometrics 2.Physical Unclonable Functions (PUFs) PUFs for anti-counterfeiting PUFs for secure key storage 3.Fuzzy extractors 4.General remarks

General remarks: PUF proliferation optical PUF coating PUF Silicon PUF optical fiber PUF RF COA LC-PUF S-RAM PUF Arbiter PUF fluorescent PUF Delay PUF Butterfly PUF diode breakdown PUF reconfigurable PUF acoustic PUF controlled PUF phosphor PUF...

General remarks: PUF family tree MvD

General remarks: after years of preaching the PUF gospel...

29 General remarks: ¥€££$ Making money from security with noisy data Philips spin-off MIT spin-off Imperial College London spin-off

Noisy sources of key material -privacy preserving storage of biometric data -anti-counterfeiting -secure key storage with PUFs Fuzzy extractors -extract key from noisy source -reproducibility -secrecy of output -resilience against attacks on helper data Subject becoming more popular Not just theory, also $$$ Summary

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.