Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security with Noisy Data Boris Škorić TU Eindhoven Ei/Ψ anniversary, 24 April 2009 1.

Published byFred Woodin Modified over 9 years ago

Similar presentations

Presentation on theme: "Security with Noisy Data Boris Škorić TU Eindhoven Ei/Ψ anniversary, 24 April 2009 1."— Presentation transcript:

1 Security with Noisy Data Boris Škorić TU Eindhoven Ei/Ψ anniversary, 24 April 2009 1

2 OUTLINE 1.Private biometrics 2.Physical Unclonable Functions (PUFs) PUFs for anti-counterfeiting PUFs for secure key storage 3.Fuzzy extractors 4.General remarks 2

3 Private biometrics: intro What's so private? fingerprints everywhere easily photographed no secrecy! Biometrics database access control identification Insider attacks db encryption not enough! How to abuse the database? impersonation identity theft cross-db linking detectable pathologies... yet undiscovered attacks 3

4 How to preserve privacy? Don't store biometric itself Store a one-way hash (like UNIX password file) Attacker has to invert hash Problem: noise Measurement never the same twice Any bit flip  hash totally changed Need error correction Redundancy data may leak! one-way function 0010110101 1110111001... 4 Private biometrics: noisy biometrics

5 Secure Sketch Recover hash compare Gen [Dodis et al., 2003] "Fuzzy Extractor" Uniform string: Efficient storage Quick db search Efficient processing 5 Helper Data Reproduce "extracted string" compare Gen Private biometrics: secure error correction

6 6 OUTLINE 1.Private biometrics 2.Physical Unclonable Functions (PUFs) PUFs for anti-counterfeiting PUFs for secure key storage 3.Fuzzy extractors 4.General remarks

7 The counterfeiting problem Frightening numbers: 10% of all medication 10% aircraft spare parts Short history of paper money 800 AD: China, first bills 1450 AD: China abolishes paper money 1601 AD: introduction in Sweden 7 Anti-counterfeiting: introduction

8 8 Anti-counterfeiting: think big

9 [Source: Kirovski 2007] Anti-counterfeiting, more voodoo than science Lots of obscurity 9

10 Traditional approach: add authenticity mark to product hard to forge all marks are identical Er,... WTF? 10 Alternative: [Bauder, Simmons < 1991] unique marks -uncontrollable process -even manufacturer cannot clone digitally signed two-step verification -check sig., then check mark forgery ← cloning / fake signature allows "open" approach - product info - expiry date - mark details Digital signature by Authority XYZ - product info - expiry date - mark details Digital signature by Authority XYZ Anti-counterfeiting: a new approach

11 Physical Unclonable Function (PUF) [Pappu et al. 2001] physical object unpredictable challenge-response behaviour hard to scrutinize without damaging hard to model mathematically hard ($) to clone physically, even for manufacturer Use PUF as anti-counterfeiting mark Anti-counterfeiting: PUFs

12 Examples of anti-counterfeiting PUFs Kirovski et al. 2006 Microsoft research Škorić et al. 2008 Philips research Pappu et al. 2001 Buchanan et al. 2005 MIT, Ingenia, Philips research Anti-counterfeiting: PUF types

13 Simplest case: mark is not secret use "distance" between measurements no error correction Just like biometrics. Use fuzzy extractor! Without added mark: mark is part of product mark not really secret but... preserve "privacy" of product noisy measurements Anti-counterfeiting: analogy with biometrics

14 OUTLINE 1.Private biometrics 2.Physical Unclonable Functions (PUFs) PUFs for anti-counterfeiting PUFs for secure key storage 3.Fuzzy extractors 4.General remarks

15 Secure key storage: intro Problem: Many devices need secret keys -authentication -encryption / decryption -signing Digital key storage -0/1 often distinguishable -invasive attacks Alternative approach: Derive key from PUF more opaque than digital memory extract key when needed, then wipe from RAM invasive attack  key destroyed

16 Physical Unclonable Function (PUF) physical object unpredictable challenge-response behaviour hard to scrutinize without damaging hard to model mathematically hard ($) to clone physically, even for manufacturer "Physically Obscured Key" (POK) [Gassend et al. 2003] 16 EEPROM - Helper data - E K [Device secrets] PUF Sensor reproduce K Crypto processor Integrated Secure key storage: PUFs

17 TiN TiO 2 S-RAM PUF [Guajardo et al., Su et al. 2007] Coating PUF [Posch 1998; Tuyls et al. 2006] Integrated optical PUF [Ophey et al. 2006] Silicon PUF [Gassend et al. 2002] FPGA "butterfly" [Kumar et al. 2008] Secure key storage: PUF types

18 OUTLINE 1.Private biometrics 2.Physical Unclonable Functions (PUFs) PUFs for anti-counterfeiting PUFs for secure key storage 3.Fuzzy extractors 4.General remarks

19 Required for e.g. privacy preserving biometrics anti-counterfeiting with "product privacy" PUF-based key storage Properties Secrecy and uniformity: Δ(WS; WU) ≤ ε. "S given W is almost uniform" Correctness: If X' sufficiently close to X, then S'=S. Robustness [Boyen et al. 2005]: Detection of active attack against W noisy Dodis et al. 2003 Juels+Wattenberg 1999 Linnartz+Tuyls 2003 Fuzzy Extractors: intro

20 Fuzzy Extractors: high-level look at helper data X W Enrolment phase X: measurementW: helper dataS: region index (extracted secret) S Gen(X) = {S, W} X sufficiently "smooth"  W reveals little or nothing about S

21 Fuzzy Extractors: high-level look at helper data X' Reproduction phase W S Rep(X',W) = S

22 You need helper data. You really do. Fuzzy Extractors: necessity of helper data Enrolments happen after fixing grid Some X inevitably on boundary -noise can go either way Helper data removes the ambiguity

23 Fuzzy Extractors: active attacks Active Attack: Modify W  accept wrong X'  accept key S' ≠ S Defense: 1.TTP's signature on W. 2.But... what if there's no PKI? Use secret S itself to authenticate W ! a.hash(W||S). [Boyen 2005] random oracle assumption b.Sacrifice part of S as authentication key. S = S 1 || S 2. MAC(S 1, W) (sort of) [Dodis et al. 2006] information-theoretic security if X has sufficient entropy rate

24 24 Fuzzy Extractors & PUFs: variety of disciplines FUZZY EXTRACTION FROM PUF physics information theory crypto error-correcting codes security engineering

25 OUTLINE 1.Private biometrics 2.Physical Unclonable Functions (PUFs) PUFs for anti-counterfeiting PUFs for secure key storage 3.Fuzzy extractors 4.General remarks

26 General remarks: PUF proliferation optical PUF coating PUF Silicon PUF optical fiber PUF RF COA LC-PUF S-RAM PUF Arbiter PUF fluorescent PUF Delay PUF Butterfly PUF diode breakdown PUF reconfigurable PUF acoustic PUF controlled PUF phosphor PUF...

27 General remarks: PUF family tree MvD

28 General remarks: after years of preaching the PUF gospel...

29 29 General remarks: ¥€££$ Making money from security with noisy data Philips spin-off MIT spin-off Imperial College London spin-off

30 Noisy sources of key material -privacy preserving storage of biometric data -anti-counterfeiting -secure key storage with PUFs Fuzzy extractors -extract key from noisy source -reproducibility -secrecy of output -resilience against attacks on helper data Subject becoming more popular Not just theory, also $$$ Summary

Download ppt "Security with Noisy Data Boris Škorić TU Eindhoven Ei/Ψ anniversary, 24 April 2009 1."

Similar presentations

Ari Juels RSA Laboratories Marty Wattenberg 328 W. 19th Street, NYC A Fuzzy Commitment Scheme.

Ari Juels RSA Laboratories Marty Wattenberg 328 W. 19th Street, NYC A Fuzzy Commitment Scheme.
Trusted Design In FPGAs

Trusted Design In FPGAs
Detection of Algebraic Manipulation with Applications to Robust Secret Sharing and Fuzzy Extractors Ronald Cramer, Yevgeniy Dodis, Serge Fehr, Carles Padro,

Detection of Algebraic Manipulation with Applications to Robust Secret Sharing and Fuzzy Extractors Ronald Cramer, Yevgeniy Dodis, Serge Fehr, Carles Padro,
Strong Key Derivation from Biometrics

Strong Key Derivation from Biometrics
Novel Reconfigurable Silicon Physical Unclonable Functions Yingjie Lao and Keshab K. Parhi Department of Electrical and Computer Engineering University.

Novel Reconfigurable Silicon Physical Unclonable Functions Yingjie Lao and Keshab K. Parhi Department of Electrical and Computer Engineering University.
Physical Unclonable Functions and Applications

Physical Unclonable Functions and Applications
1 U NIVERSITY OF M ICHIGAN Reliable and Efficient PUF- Based Key Generation Using Pattern Matching Srini Devadas and Zdenek Paral (MIT), HOST 2011 Thomas.

1 U NIVERSITY OF M ICHIGAN Reliable and Efficient PUF- Based Key Generation Using Pattern Matching Srini Devadas and Zdenek Paral (MIT), HOST 2011 Thomas.
Physical Unclonable Functions

Physical Unclonable Functions
Fuzzy Stuff 6.857 Lecture 24, 2006. Outline Motivation: Biometric Architectures Motivation: Biometric Architectures New Tool (for us): Error Correcting.

Fuzzy Stuff Lecture 24, Outline Motivation: Biometric Architectures Motivation: Biometric Architectures New Tool (for us): Error Correcting.
CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.

CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
NON-MALLEABLE EXTRACTORS AND SYMMETRIC KEY CRYPTOGRAPHY FROM WEAK SECRETS Yevgeniy Dodis and Daniel Wichs (NYU) STOC 2009.

NON-MALLEABLE EXTRACTORS AND SYMMETRIC KEY CRYPTOGRAPHY FROM WEAK SECRETS Yevgeniy Dodis and Daniel Wichs (NYU) STOC 2009.
Slender PUF Protocol Authentication by Substring Matching M. Majzoobi, M. Rostami, F. Koushanfar, D. Wallach, and S. Devadas* International Workshop on.

Slender PUF Protocol Authentication by Substring Matching M. Majzoobi, M. Rostami, F. Koushanfar, D. Wallach, and S. Devadas* International Workshop on.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
Fuzzy extractor based on universal hashes

Fuzzy extractor based on universal hashes
Anonymous Biometrics: Privacy Protection of Biometric Templates Pim Tuyls, E. Verbitskiy, D. Denteneer, J.P. Linnartz, J. Goseling, T. Ignatenko

Anonymous Biometrics: Privacy Protection of Biometric Templates Pim Tuyls, E. Verbitskiy, D. Denteneer, J.P. Linnartz, J. Goseling, T. Ignatenko
 Secure Authentication Using Biometric Data Karen Cui.

 Secure Authentication Using Biometric Data Karen Cui.
UCB Security Jean Walrand EECS. UCB Outline Threats Cryptography Basic Mechanisms Secret Key Public Key Hashing Security Systems Integrity Key Management.

UCB Security Jean Walrand EECS. UCB Outline Threats Cryptography Basic Mechanisms Secret Key Public Key Hashing Security Systems Integrity Key Management.
CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 7 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 7 Jonathan Katz.

Similar presentations

Ads by Google