Presentation is loading. Please wait.

Presentation is loading. Please wait.

Fuzzy Commitment Ari Juels RSA Laboratories DIMACS Workshop on Cryptography: Theory Meets Practice 15 October 2004.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Fuzzy Commitment Ari Juels RSA Laboratories DIMACS Workshop on Cryptography: Theory Meets Practice 15 October 2004."— Presentation transcript:

1 Fuzzy Commitment Ari Juels RSA Laboratories ajuels@rsasecurity.com DIMACS Workshop on Cryptography: Theory Meets Practice 15 October 2004

2 Part I: Data secrecy in biometric authentication systems

3 The Classical View of Biometric Authentication Is it Woody? Yes, it’s Woody!

4 The Classical View of Biometric Authentication Is it Woody? Yes, it’s Woody! Woody Allen = ?

5 The Classical View of Biometric Authentication Woody Allen = ? Hello, Mr. Woody Allen

6 In these scenarios, biometric data need not be kept secret Spoofing is difficult with human oversight Indeed, your face is public anyway (Assuming, of course, that passport is not a forgery) But what happens when…

7 A human-guided process Woody Allen = ?

8 Becomes automated? Woody Allen = ?

9 Secrecy of biometric data is now more important to security Reason 1: Automation will mean relaxation of human oversight –More opportunity for spoofing –Spoofing iris / face readers with printed images, “gummy” fingers, etc. Schiphol airport: Iris scanning

10 Secrecy of biometric data is now more important to security Reason 2: Spillover into remote / home authentication! Woody Allen Woody’s PC Server

11 And revocation is hard! First password Second password

12 Yet passports will transmit biometrics via RFID to any standard reader… Woody Allen Clandestine scanning 10cm range under legal conditions How much with a rogue reader? One meter? How much from eavesdropping on legitimate reader? Optical keys / Faraday cages? ICAO (International Civil Aviation Organization) standard – imminent adoption through DHS effort

13 But isn’t my face public anyway? Copying a biometric is somewhat like copying a painting… Facial images require special conditions for matching to work. In U.K., you’re not allowed to smile in passport photos any longer! Best for forger to have target image, i.e., one in passport serving as basis for authentication Iris and fingerprint are harder to capture than face Suppose you want to copy a painting… snapshot professional photo

14 Part II: Towards secrecy in biometric authentication systems

15 password Cryptographic tools for password secrecy

16 password Cryptographic tools for password secrecy h (password, salt) E password [key] Password-based key agreement

17 Cryptographic tools for biometric secrecy h (, salt) E [key] Finger-based key agreement? ?

18 Problem: Biometrics are variable, i.e., error-prone… Differing angles of presentation Differing amounts of pressure Chapped skin  and standard crypto does not tolerate errors! Woody Allen !

19 We want “fuzzy” cryptography Error-tolerant crypto primitives –E.g., E k [m] D k’ [ ] = m if k ≈ k’ Body of “fuzzy” crypto literature: –Davida, Frankel, & Matt ’98 –“Biometric encryption” (breakable) –Juels & Wattenberg ’99 (“fuzzy commitment”) Application of FJ ‘01 to “life questions” now in RSA product… –Monrose, Reiter, & Wetze l ’99 + follow-on –Juels & Sudan ’01 –Dodis, Rezyin, & Smith ’04 –Boyen in ten minutes… But no rigorous application to real biometrics yet!

20 Why everybody has nice eyes An iriscode has an estimated 250 bits of entropy! –Contrast 1/10,000 false acceptance for fingerprints… –Most people have two eyes! Hamming distance is the metric for iriscode similarity –E. g., fuzzy commitment applies directly… iris iriscode

21 Why it’s not so easy… An iriscode can be as long as 4096 bits –Where are those 250 bits of entropy hidden? –Bits are not independent… Signal processing data folded into iriscode Eyelids, eyelashes, and reflections can occlude much of iris We could get only 37 pairs of eyes for experiments…

22 A first attempt Tricks: 1.Use staggered samples: yields up to 75 independent bits 2.Use multiple scans to reduce error rate 3.Play some ad-hoc tricks with signal-processing data Result: Able to extract a 60-bit or so key from a pair of irises, but how much were methods fitted to data?

23 Conclusion Ongoing work (joint with Mike Szydlo & Brent Waters) –Trying to understand iriscode distribution –Need programming help! Other groups trying to apply fuzzy crypto to fingerprints Natural place where theory (crypto) meets practice (the human being) –… and error-prone devices too, e.g., POWFs, PUFs… With biometrics on the march, imminent surge of interest in these techniques?

Download ppt "Fuzzy Commitment Ari Juels RSA Laboratories DIMACS Workshop on Cryptography: Theory Meets Practice 15 October 2004."

Similar presentations

Client Puzzles A Cryptographic Defense Against Connection Depletion Attacks Ari Juels and John Brainard RSA Laboratories.

Client Puzzles A Cryptographic Defense Against Connection Depletion Attacks Ari Juels and John Brainard RSA Laboratories.
Ari Juels RSA Laboratories Marty Wattenberg 328 W. 19th Street, NYC A Fuzzy Commitment Scheme.

Ari Juels RSA Laboratories Marty Wattenberg 328 W. 19th Street, NYC A Fuzzy Commitment Scheme.
Lessons for Biometrics from SSNs & Identity Fraud Peter P. Swire Ohio State University National Academy of Sciences March 15, 2005.

Lessons for Biometrics from SSNs & Identity Fraud Peter P. Swire Ohio State University National Academy of Sciences March 15, 2005.
Client Puzzles A Cryptographic Defense Against Connection Depletion Attacks Most of slides come from Ari Juels and John Brainard RSA Laboratories.

Client Puzzles A Cryptographic Defense Against Connection Depletion Attacks Most of slides come from Ari Juels and John Brainard RSA Laboratories.
ECE 5367 – Presentation Prepared by: Adnan Khan Pulin Patel

ECE 5367 – Presentation Prepared by: Adnan Khan Pulin Patel
Fuzzy Vaults: Toward Secure Client-Side Matching Ari Juels RSA Laboratories 10th CACR Information Security Workshop 8 May 2002 LABORATORIES.

Fuzzy Vaults: Toward Secure Client-Side Matching Ari Juels RSA Laboratories 10th CACR Information Security Workshop 8 May 2002 LABORATORIES.
Securing Fingerprint Template - Fuzzy Vault with Helper Data

Securing Fingerprint Template - Fuzzy Vault with Helper Data
Fuzzy Stuff 6.857 Lecture 24, 2006. Outline Motivation: Biometric Architectures Motivation: Biometric Architectures New Tool (for us): Error Correcting.

Fuzzy Stuff Lecture 24, Outline Motivation: Biometric Architectures Motivation: Biometric Architectures New Tool (for us): Error Correcting.
Non-Text Passwords CRyptography Applications Bistro Jessica Greer February 12, 2004.

Non-Text Passwords CRyptography Applications Bistro Jessica Greer February 12, 2004.
AN OVERVIEW OF BIOMETRIC ATMs. WHY ? CONVENTIONAL ATMs -> BIOMETRIC ATMs Environmental Concerns Environmental Concerns Security Concerns Security Concerns.

AN OVERVIEW OF BIOMETRIC ATMs. WHY ? CONVENTIONAL ATMs -> BIOMETRIC ATMs Environmental Concerns Environmental Concerns Security Concerns Security Concerns.
Pattern Recognition 1/6/2009 Instructor: Wen-Hung Liao, Ph.D. Biometrics.

Pattern Recognition 1/6/2009 Instructor: Wen-Hung Liao, Ph.D. Biometrics.
Randomized Radon Transforms for Biometric Authentication via Fingerprint Hashing 2007 ACM Digital Rights Management Workshop Alexandria, VA (USA) October.

Randomized Radon Transforms for Biometric Authentication via Fingerprint Hashing 2007 ACM Digital Rights Management Workshop Alexandria, VA (USA) October.
3D-password A more secured authentication G.Suresh babu Roll no:08H71A05C2 Computer science & engineering Mic college of technology Guide:Mrs A.Jaya Lakshmi.

3D-password A more secured authentication G.Suresh babu Roll no:08H71A05C2 Computer science & engineering Mic college of technology Guide:Mrs A.Jaya Lakshmi.
Biometrics & Security Tutorial 7. 1 (a) Please compare two different kinds of biometrics technologies: Retina and Iris. (P8:2-3)

Biometrics & Security Tutorial 7. 1 (a) Please compare two different kinds of biometrics technologies: Retina and Iris. (P8:2-3)
BIOMETRICS AND NETWORK AUTHENTICATION Security Innovators.

BIOMETRICS AND NETWORK AUTHENTICATION Security Innovators.
Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science ©2002-2004 Matt.

Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science © Matt.
 Secure Authentication Using Biometric Data Karen Cui.

 Secure Authentication Using Biometric Data Karen Cui.
Dr. Sarbari Gupta Electrosoft Services Tel: (703)757-9096 Security Characteristics of Cryptographic.

Dr. Sarbari Gupta Electrosoft Services Tel: (703) Security Characteristics of Cryptographic.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
FIT3105 Biometric based authentication and identity management

FIT3105 Biometric based authentication and identity management

Similar presentations

Ads by Google