Presentation is loading. Please wait.

Presentation is loading. Please wait.

Biometric Cryptosystems Presenters: Yeh Po-Yin Yang Yi-Lun.

Published byDorothy Davidson Modified over 9 years ago

Similar presentations

Presentation on theme: "Biometric Cryptosystems Presenters: Yeh Po-Yin Yang Yi-Lun."— Presentation transcript:

1 Biometric Cryptosystems Presenters: Yeh Po-Yin Yang Yi-Lun

2 Cryptosystem User authentication Cryptographic keys Login password RSA Public keys

3 Cryptographic Keys Long and random Stored somewhere Computer Smart card Released base on user password

4 User password Short and simple Easily guessed “password” Same as account Birth date Tel # Use the same password everywhere

5 What if? A single password is compromised while user uses the same password across different applications? A complex password is written down some easily accessible locations? The device which stores the cryptographic keys had been cracked?

6 Traditional cryptosystems Base on secret keys Forgotten Lost Stolen Repudiation

7 Biometric authentication More reliable Can not be lost or forgotten Difficult to copy, share, and distribute Hard to forge Unlikely to repudiate Relatively equal security level

8 Biometric No biometric is optimal Depends on the requirement of the application

9 Comparison of biometrics Properties Universality Distinctiveness Permanence Collect ability Attributes Performance Acceptability Circumvention

10

11 Biometric signal variations Inconsistent presentation Irreproducible presentation Imperfect signal acquisition

12

13

14 Biometric Matcher Exact match is not very useful Aligning Matching score Fingerprint Identify minutiae neighbors

15

16 Performance Two type of errors False match ( false accept ) False non-match ( false reject ) Error rates False match rate ( FMR ) False non-match rate ( FNMR ) Tradeoff relation

17 Biometric keys Biometric-based authentication User authentication Biometric component Cryptographic system Key release on positive match

18 Biometric key database Cryptographic key User name Biometric template Access privileges Other personal information

19 What if? The theft of biometric data crack into the biometric key database?

20 Hacking Attack

21 Definition Hacker Cracker Attack Disturbance Block Incursion

22 Attacking Step Decide target Easy Worth Purpose Gain information Firewall System

23 Detect path Ping Traceroute Hopping site Bot Make incursion

24 Types of attack Interruption attack on availability Interception attack on confidentiality Modification attack on integrity Fabrication attack in authentication

25 Reference 資安演習防護講義 資安演習防護講義

26 Common form of attack Denial of Service (DoS) attacks Distributed Denial of Service (DDoS) attacks Trojan Horse Virus Websites Worm

27 Sniffing Spoofing Bug Buffer overflow

28 Protection Firewall Antivirus program Update Close non-necessary program Close non-necessary internet service Scan computer

29 Back to biometric keys Is it possible to issue a new biometric template if the biometric template in an application is compromised? Is it possible to use different template on different applications? Is it possible to generate a cryptographic key using biometric information?

30 Solving Q1 and Q2 Store H(x) instead of x H is the transform function x is the original biometric signal

31 Solving Q3 Hide the key within the user’s biometric template Biometric key generation or binding Bind a private key into the user biometric information Both key and biometric are inaccessible to attacker No biometric matching at all

32 Conclusion Combining difficulties Existing biometric authentication technologies is not perfect Difficult to align the representations in the encrypted domain Should not have systematic correlation between the identity and the key

33 Reference Umut Uludag, Sharath Pankanti, Salil Probhakar, and Anil K. Jain “Biometric Cryptosystems: Issues and Challenges”, Proceedings of IEEE, 2004 Uludag U, Anil Jain “ Securing Fingerprint Template: Fuzzy Vault with Helper Data”, Computer Vision and Pattern Recognition Workshop, 2006 Conference on http://www.crucialp.com/resources/tutorials/website-web- page-site-optimization/hacking-attacks-how-and-why.php 資安演習防護講義 http://www.hacker.org.tw/?c=articles_show&articleid=882 http://www.gamez.com.tw/viewthread.php?tid=58607 http://www.symantec.com/region/tw/enterprise/article/todays_ hack.html

Download ppt "Biometric Cryptosystems Presenters: Yeh Po-Yin Yang Yi-Lun."

Similar presentations

CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.

CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.
Fuzzy Vaults: Toward Secure Client-Side Matching Ari Juels RSA Laboratories 10th CACR Information Security Workshop 8 May 2002 LABORATORIES.

Fuzzy Vaults: Toward Secure Client-Side Matching Ari Juels RSA Laboratories 10th CACR Information Security Workshop 8 May 2002 LABORATORIES.
Securing Fingerprint Template - Fuzzy Vault with Helper Data

Securing Fingerprint Template - Fuzzy Vault with Helper Data
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Is There a Security Problem in Computing? Network Security / G. Steffen1.

Is There a Security Problem in Computing? Network Security / G. Steffen1.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
Access Control Methodologies

Access Control Methodologies
Creating and Maintaining Databases Dr. Pushkin Kachroo.

Creating and Maintaining Databases Dr. Pushkin Kachroo.
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.

Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
Authors: Anil K. Jain, Arun Ross and Sharath Pankanti Presented By: Payas Gupta.

Authors: Anil K. Jain, Arun Ross and Sharath Pankanti Presented By: Payas Gupta.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts The Security Problem A system is secure iff its resources are used and accessed as.

Silberschatz, Galvin and Gagne  Operating System Concepts The Security Problem A system is secure iff its resources are used and accessed as.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
BIOMETRICS AND NETWORK AUTHENTICATION Security Innovators.

BIOMETRICS AND NETWORK AUTHENTICATION Security Innovators.
Introduction to Fingerprint Biometrics By Tamar Bar.

Introduction to Fingerprint Biometrics By Tamar Bar.
Biometrics II CUBS, University at Buffalo

Biometrics II CUBS, University at Buffalo
Biometric Authentication: Security Issues M. Fahim Zibran February 23, 2009.

Biometric Authentication: Security Issues M. Fahim Zibran February 23, 2009.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

Similar presentations

Ads by Google