Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Framework of Remote Biometric Authentication on the Open Network

Published byAnton Bråten Modified over 5 years ago

Similar presentations

Presentation on theme: "A Framework of Remote Biometric Authentication on the Open Network"— Presentation transcript:

1 A Framework of Remote Biometric Authentication on the Open Network
Yoshifumi Ueshige ISIT 2nd Laboratory Copyright © 2005,2006 Institute of System & Information Technologies/ KYUSHU All rights reserved.

2 Institute of Systems & Information Technologies/ KYUSHU
Agenda Background Our Goal Certificate based framework of biometric authentication One-time Biometrics Conclusion 1/11/2019 Institute of Systems & Information Technologies/ KYUSHU

3 Institute of Systems & Information Technologies/ KYUSHU
Background Biometric authentication is remarkable! Based on Physical and behavioral Characteristics Fingerprint, Iris, Facial image, Voice, Pattern of vein Etc 1/11/2019 Institute of Systems & Information Technologies/ KYUSHU

4 Institute of Systems & Information Technologies/ KYUSHU
Background Biometric authentication is remarkable! Biometric systems are applied to many services. E-passports Bank Monitoring entrance Etc. 1/11/2019 Institute of Systems & Information Technologies/ KYUSHU

5 Background SERIOUS PRIVACY ISSUES On the other hands,
We need secure and reliable authentication systems for many E-Services! Biometrics is one of the candidates. However, if we apply biometrics to E-services, Biometrics has some weak points! Easy to obtain Secondary information Sex, History of illness, etc. Irreplaceable When enrolled data is compromised, We are not able to re-enroll spare data. SERIOUS PRIVACY ISSUES 1/11/2019 Institute of Systems & Information Technologies/ KYUSHU

6 Institute of Systems & Information Technologies/ KYUSHU
Our Goal Reliable authentication on the open networks by using Biometrics Viewpoints: Certificate based framework What do we require framework for reliable biometric authentication system? One-time biometrics How do we construct secure remote biometric authentication systems? even though biometric authentication data is compromised. 1/11/2019 Institute of Systems & Information Technologies/ KYUSHU

7 Certificate-based framework
Public Key Infrastructure (PKI) with Biometrics Currently, this area aims to International Standardization Ikeda et al.’s (Toshiba Solution) proposal ISO/IEC JTC1/SC27/WG2 Verification of Biometric Authentication Environment Isobe et al.’s (Hitachi) proposal ITU-T SG17/Q8 Bio-PKI with Template Format The above proposals have privacy issues: It is easy for anyone to get relationship between the biometric data and its ownership…… 1/11/2019 Institute of Systems & Information Technologies/ KYUSHU 7

8 Certificate-based framework
Assurance of anonymity in the Biometric Authentication by using Personal Repository Legitimate user or legitimate server can verify these relationships so that Adversaries obtain no information of above. Owner (User) Personal Repository Enrolled Templates RELATION RELATION Ownership Certificate Certificate Authority for User’s Personal Repository Template Certificate Certificate Authority for Template Data 1/11/2019 Institute of Systems & Information Technologies/ KYUSHU 8

9 Certificate-based framework
A Framework of verification of ownership of PR by VA Assumption: CA issuing ownership certificate of PR, Trusted VA Certificate Authority for User’s Personal Repository Verification Authority for User’s Personal Repository Internet Personal Repository Client (User) Application Server Biometrics Device Certificate Authority for Public Key Certificate Authority for Template Data Certificate Authority for Authentication Environment 1/11/2019 Institute of Systems & Information Technologies/ KYUSHU 9

10 Certificate-based framework
Argument of Security Abovementioned framework Biometric Authentication verifies personal repository is used by legitimate user. In application server, user is anonymity. Identity of User and holder ⇒ Only VA can verifies it. Application Server receives only information of the identity as verification result from VA. ⇒ If user colludes with VA, this framework will not be secure. Personal Repository requires following assumptions. Anti-tampered resistance Calculation power for generation and verification of digital signature 1/11/2019 Institute of Systems & Information Technologies/ KYUSHU 10

11 Institute of Systems & Information Technologies/ KYUSHU
One-time Biometrics Now, I am investigating. But, I presented this topic at Symposium of Cryptography & Information Security 2006 in Japan Today, I will talk only basic idea. On the internet, communication data can be obtained! Whenever authentication data is compromised, the authentication system must react to the compromise. In order to achieve the above concept, the authentication system can generate data which has one-time characteristics like one-time password. 1/11/2019 Institute of Systems & Information Technologies/ KYUSHU

12 Institute of Systems & Information Technologies/ KYUSHU
One-time Biometrics We propose One-Time Transform (OTT): OTT: Different transform every authentication session OTT is shared by a client and a storage of template OTT is applied to extracted features and corresponding enrolled templates Transformed data is used in matching process. 1/11/2019 Institute of Systems & Information Technologies/ KYUSHU 12

13 Institute of Systems & Information Technologies/ KYUSHU
One-time Biometrics An illustration of One-Time Transform: Candidate of OTT: Recursive non-linear transform Chaos transforms, Iterated Function Systems : transformed points by OTT on time t1, and session number a1 : transformed points by OTT on time t2, and session number a2 (t1≠t2) Y axis ・私,かつてフラクタル画像処理の研究をやっていたもので,そこから着想を得たわけです. the feature or the template in matching process the feature or the template in matching process Coordinate of one of the features or the templates X axis 1/11/2019 O Institute of Systems & Information Technologies/ KYUSHU

14 Institute of Systems & Information Technologies/ KYUSHU
One-time Biometrics We propose One-Time Transform (OTT): OTT: Different transform every authentication session OTT is shared by a client and a storage of template OTT is applied to extracted features and corresponding enrolled templates Transformed data is used in matching process. Requirements of the OTTs It is difficult for any adversaries to calculate the original features and templates from the transformed ones. There are optimal distance functions for evaluating matching score from the transformed data. No adversary extracts the original features & templates from OTTs used in past authentication. ・本当に出来たらいいなぁと思います. ・今回はこの点だけが言いたかったんですね. 1/11/2019 Institute of Systems & Information Technologies/ KYUSHU 14

15 Institute of Systems & Information Technologies/ KYUSHU
One-time Biometrics Framework of biometrics with One-Time Transforms Including “Function Generator” which constructs OTTs Expectation: It is easy to implement One-Time Biometrics by UPDATING SOFTWARE from conventional systems. Storage of Templates Time Stamp Server Function Generator Construction of OTTs ・実現可能ならば,こういうフレームワークで運用可能だと思います. ・ファンクションジェネレータとテンプレートのDBを一つのエンティティとして実装する手もあるでしょう. Time Stamping Application of OTT Client Authentication Server Acquisition Matching Feature Extraction Decision Application of OTT 1/11/2019 Institute of Systems & Information Technologies/ KYUSHU

16 Institute of Systems & Information Technologies/ KYUSHU
One-time Biometrics Argument of Security Assumption: assurance of security of OTT Hill-climbing attack: DIFFICULT According to OTT, distance function and threshold are varied. Replay attack: DIFFICULT Case 1: Adversaries listen communication between Client and Server Transformed data is changeable in every authentication. Case 2: Adversaries listen communication form Function Generator. When the adversaries use past OTT, Client and Storage can easily detect it. Collusion attack: FEASIBLE? Case 1: Client colludes with Function Generator. Case 2: Server colludes with Function Generator 1/11/2019 Institute of Systems & Information Technologies/ KYUSHU

17 Institute of Systems & Information Technologies/ KYUSHU
Conclusion Certificate-based Framework: We propose the Framework of Biometric authentication on Open networks Establishment of Verification Authority Assurance of user’s anonymity against Application Server Reduce of possibility of compromising personal information One-Time Biometrics: We propose the One-Time Transform which is different every authentication session. Resistance against Hill-Climbing Attack, Replay Attack. Future Works In fact, there are too many points… 1/11/2019 Institute of Systems & Information Technologies/ KYUSHU

18 Thank you for your attention
1/11/2019 Institute of Systems & Information Technologies/ KYUSHU

Download ppt "A Framework of Remote Biometric Authentication on the Open Network"

Similar presentations

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Security of eGovernment, European Parliament, Brussels 2013 Max Snijder, Linda Kool, Geert Munnichs L Kool | 1 19 February 2013 Findings from the ePassport.

Security of eGovernment, European Parliament, Brussels 2013 Max Snijder, Linda Kool, Geert Munnichs L Kool | 1 19 February 2013 Findings from the ePassport.
Dr. Sarbari Gupta Electrosoft Services Tel: (703)757-9096 Security Characteristics of Cryptographic.

Dr. Sarbari Gupta Electrosoft Services Tel: (703) Security Characteristics of Cryptographic.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.
FIT3105 Biometric based authentication and identity management

FIT3105 Biometric based authentication and identity management
GUIDE TO BIOMETRICS CHAPTER I & II September 7 th 2005 Presentation by Tamer Uz.

GUIDE TO BIOMETRICS CHAPTER I & II September 7 th 2005 Presentation by Tamer Uz.
Copyright © 1995-2003 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.
Biometrics and Authentication Shivani Kirubanandan.

Biometrics and Authentication Shivani Kirubanandan.
Karthiknathan Srinivasan Sanchit Aggarwal

Karthiknathan Srinivasan Sanchit Aggarwal
Chapter 10: Authentication Guide to Computer Network Security.

Chapter 10: Authentication Guide to Computer Network Security.
Towards A User-Centric Identity-Usage Monitoring System - ICIMP 2008 - Daisuke Mashima and Mustaque Ahamad College of Computing Georgia Institute of Technology.

Towards A User-Centric Identity-Usage Monitoring System - ICIMP Daisuke Mashima and Mustaque Ahamad College of Computing Georgia Institute of Technology.
B IOMETRIC STANDARDS A N OVERVIEW OF BIOMETRICS AND IDENTITY MANAGEMENT Supervisor : Ahmed Abu Mosameh Prepared by samaher el nbahen 120070494 UNIVERSITY.

B IOMETRIC STANDARDS A N OVERVIEW OF BIOMETRICS AND IDENTITY MANAGEMENT Supervisor : Ahmed Abu Mosameh Prepared by samaher el nbahen UNIVERSITY.
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
Lecture 7 Page 1 CS 236 Online Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know The.

Lecture 7 Page 1 CS 236 Online Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know The.
Lecture 7 Page 1 CS 236, Spring 2008 Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know.

Lecture 7 Page 1 CS 236, Spring 2008 Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know.
28 th International Traffic Records Forum Biometrics/SmartCard Workshop 28 th International Traffic Records Forum August 4, 2002 Orlando, Florida.

28 th International Traffic Records Forum Biometrics/SmartCard Workshop 28 th International Traffic Records Forum August 4, 2002 Orlando, Florida.
Biometrics Authentication Technology

Biometrics Authentication Technology
By: Kirti Chawla. Definition Biometrics utilize ”something you are” to authenticate identification. This might include fingerprints, retina pattern, iris,

By: Kirti Chawla. Definition Biometrics utilize ”something you are” to authenticate identification. This might include fingerprints, retina pattern, iris,
Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.

Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.

Similar presentations

Ads by Google