Download presentation
Presentation is loading. Please wait.
Published byChristopher Lynch Modified over 11 years ago
1
Ari Juels RSA Laboratories Marty Wattenberg 328 W. 19th Street, NYC A Fuzzy Commitment Scheme
2
Biometrics
3
Biometric authentication: Computer Authentication through Measurement of Biological Characteristics
4
u Fingerprint scanning u Iris scanning u Voice recognition Types of biometric authentication u Many others... u Face recognition u Body odor Authenticating...
5
Enrollment / Registration Template t Alice
6
Enrollment / Registration Alice Server
7
Authentication Server
8
Authentication Alice Server
9
Server verifies against template ?
10
The Problem...
11
Template theft
12
Limited password changes First password Second password
13
Templates represent intrinsic information about you Alice Theft of template is theft of identity
14
Towards a solution
15
password UNIX protection of passwords password h(password) Password
16
Template protection? h( )
17
Fingerprint is variable u Differing angles of presentation u Differing amounts of pressure u Chapped skin Don t have exact key!
18
We need fuzzy commitment ( )
19
Seems counterintuitive u Cryptographic (hash) function scrambles bits to produce random- looking structure, but uFuzziness or error resistance means high degree of local structure
20
Error Correcting Codes
21
Noisy channel Alice Bob Alice, I love… crypto s
22
Error correcting codes Alice Bob 110
23
g 111 111 000 Function g adds redundancy Bob M 3 bits C 9 bits c Message space Codeword space g
24
Error correcting codes Alice Bob 111 111 000 0 1
25
101 111 100 111 111 000 f c C Function f corrects errors Alice f
26
Alice uses g -1 to retrieve message 9 bits C M 3 bits Alice g-1g-1 c Alice gets original, uncorrupted message 110
27
Constructing C
28
Idea: Treat template like message W g C(t) = h(g(t))
29
What do we get? uFuzziness of error-correcting code u Security of hash function-based commitment
30
Problems Davida, Frankel, and Matt (97) u Results in very large error-correcting code u Do not get good fuzziness u Cannot prove security easily u Dont really have access to message!
31
Our (counterintuitive) idea: Express template as corrupted codeword u Never use message space!
32
Express template as corrupted codeword W t w t = w +
33
t = w + h(w) Idea: hash most significant part for security Idea: leave some local information in clear for fuzziness
34
How we use fuzzy commitment...
35
Computing fuzzy hash of template t u Choose w at random u Compute = t - w u Store (h(w), ) as commitment (h(w), )
36
Verification of fingerprint t u Retrieve C(t) = (h(w), ) u Try to decommit using t: –Compute w = f(t - ) –Is h(w) = h(w)? ?
37
Characteristics of u Good fuzziness (say, 17%) u Simplicity u Provably strong security –I.e., nothing to steal
38
Open problems u What do template and error distributions really look like? u What other uses are there for fuzzy commitment? –Graphical passwords
39
Questions?
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.