a secure crypto-biometric verification protocol
TRANSCRIPT
BLIND AUTHENTICATION: A SECURE CRYPTO-BIOMETRIC VERIFICATION
PROTOCOL
Nishmitha.B
CONTENTS1. Biometrics
2. Biometric Authentication System
3. Comparison of Biometric systems
4. Privacy concerns in Biometric systems
5. What is Blind Authentication?
6. Previous work
7. Features of Blind Authentication
8. Enrollment
9. Authentication
10. Security, Privacy and Trust
11. Extensions to Kernels and Neural networks
12. Blind Secure Product Protocol
13. Implementation and analysis
14. Advantages
15. Conclusion
BIOMETRICS
A biometric is a physiological or behavioral characteristic of a human being that can distinguish one person from another and that theoretically can be used for identification or verification of identity.
AUTHENTICATION
WHAT YOU KNOW?
WHAT YOU HAVE?
WHAT YOU ARE?
Biometric Authentication System
COMPARISON OF BIOMETRIC SYSTEMS
PHYSIOLOGICAL BIOMETRICS
1. Fingerprint recognition
a) No two persons share the same fingerprints
b) Can go for thermal sensing, optical sensing, capacitance sensing,
ultrasound sensing etc.
c) Wet, dry, or dirty skin may create problems
2. Face Recognition
a) One of the most acceptable biometrics
b) Not accurate and dependable
3. Hand Geometry
a) Include length and width of fingers, different aspect
ratios of palm and fingers, thickness and width of the palm etc.
b) Existing hand geometry systems mostly use images of the
hand
4. Iris Recognition
a) Reliable and accurate
b) Believed to be unique in every individual
c) Not work for people who are missing both eyes or who have
serious eye illnesses that affect the iris.
BEHAVIORAL BIOMETRICS
1. Signature
a) High degree of acceptance
b) Signatures lack permanence
c) Static signature verification systems & Dynamic signature
verification systems
2. Voice
a) Depend on numerous characteristics of a human voice to identify
the speaker
b) Does not require expensive input devices
c) Issues- may skillfully imitate others' voices, record and replay
attacks
Primary Concerns in a Biometric System
Template Protection
User's privacy
Trust between user and
server
Network security
What is Blind Authentication?
A blind authentication protocol that does not reveal any:
information about the biometric samples to the authenticating server.
information regarding the classifier, employed by the server, to the user or client
PREVIOUS WORK
Categorization of template protection schemes by Jain
SALTINGDesign a classifier in the encrypted feature space
Specific to a biometric trait
Security using a transformation function seeded by a user
specific key
Do not offer well defined security
NON-INVERTIBLE TRANSFORMApply non-invertible function on the biometric template
Key must be available at the time of transformation
Eg. Robust hashing, Cancelable templates
KEY BINDING AND KEY GENERATIONIntegrate the advantages of biometrics and cryptography
Using the biometric as a protection for the secret key or to
generate secret key
FEATURES OF BLIND AUTHENTICATION
Strong encryption
Non-repudiable authentication
Protection against replay and
client-side attacks
Revocability
ENROLLMENT
Enrollment based on a trusted third party(TTP): At the time of registering with a website, the encrypted version of the user’s biometric template is made available to the website. The one-time classifier training is done on the plain biometrics, and hence requires a trusted server to handle training.
AUTHENTICATION
Blind Authentication Process: Linear kernel computation forencrypted feature vectors. At no point, the identity vectors x, w or the intermediate results xi · wi is revealed to anyone.
SECURITY PRIVACY AND TRUST
SYSTEM SECURITY
Server Security
Client Security
Network Security
PRIVACY
Concern of revealing personal
information
Concern of being tracked
Server security
Hacker gains access to the template database
Hacker is in the database server during the authentication
Impostor trying blind attacks from a remote machine
Client security
Hacker gains access to the user’s biometric or private key
Passive attack at the user’s computer
Network Security
Attacker gains access to the network
PRIVACY
Concern of revealing personal information-
Template is never revealed to the
server
Concern of being tracked-Use different keys
for different applications
EXTENSIONS TO KERNELS AND NEURAL NETWORKS
Kernel based classifier uses a discriminating function like
Similarly, in Neural Network the basic units are, for example perceptron and sigmoid
Model above functions as arithmetic circuits consisting of add and multiplication gates over a finite domain. Consider two encryptions E+ and E*
BLIND SECURE PRODUCT PROTOCOL
Receive from client
Server computes kn+k random numbers such that
Server computes
and send it to the client.Client decrypts it.
Client computes
to the server
Server computes
Send
IMPLEMENTATION AND ANALYSISExperiments designed to evaluate the efficiency and accuracy of proposed approach.For evaluation, an SVM based verifier based on client- server architecture was implemented.
Verification time for various key sizes and feature vector lengths
Variation of accuracy w.r.t. The precisionof representation
ROC CURVES FOR VERIFICATION
ADVANTAGES OF BLIND AUTHENTICATION
Fast and Provably Secure authentication without trading off accuracy.
Supports generic classifiers such as Neural Network and SVMs.
Useful with wide variety of fixed-length biometric- traits.
Ideal for applications such as biometric ATMs, login from public terminals.
CONCLUSION
Verification can be done in real-time with the help of available hardware
Keep the interaction between the user and the server to a
minimum
Extensions to this work includes secure enrollment
protocols and encryption methods to reduce computations
Dynamic warping based matching of variable length feature
vectors can further enhance the utility of the approach
REFERENCES
N. K. Ratha, J. H. Connell, and R. M. Bolle, “Enhancing security
and privacy in biometrics-based authentication systems”
Maneesh Upmanyu, Anoop M. Namboodiri, K. Srinathan and C.V.
Jawahar,“Blind authentication: A secure crypto-biometric
verification protocol”
