biometric cryptosystems - carleton...
TRANSCRIPT
![Page 1: Biometric Cryptosystems - Carleton Universitypeople.scs.carleton.ca/~maheshwa/courses/4109/biometric.pdf · •Biometric authentication decoupled from the cryptographic part of the](https://reader036.vdocuments.site/reader036/viewer/2022070916/5fb6521baddb610ab35edf42/html5/thumbnails/1.jpg)
Biometric Cryptosystems
Seminar by Sylvain Blaisfor COMP4109
![Page 2: Biometric Cryptosystems - Carleton Universitypeople.scs.carleton.ca/~maheshwa/courses/4109/biometric.pdf · •Biometric authentication decoupled from the cryptographic part of the](https://reader036.vdocuments.site/reader036/viewer/2022070916/5fb6521baddb610ab35edf42/html5/thumbnails/2.jpg)
INTRODUCTION
• All cryptosystems requires some sort of user authentication
• Key management system needs a way to release a cryptographic key.
• Are current systems secure enough?
• Biometrics solves many security issues but it is very challenging
• Encryption/Decryption using biometrics
![Page 3: Biometric Cryptosystems - Carleton Universitypeople.scs.carleton.ca/~maheshwa/courses/4109/biometric.pdf · •Biometric authentication decoupled from the cryptographic part of the](https://reader036.vdocuments.site/reader036/viewer/2022070916/5fb6521baddb610ab35edf42/html5/thumbnails/3.jpg)
CONTENT
• Background on biometrics
• Overview of key concepts in biometric cryptosystems(BCS)
• Description of current schemes including examples
• Quiz
![Page 4: Biometric Cryptosystems - Carleton Universitypeople.scs.carleton.ca/~maheshwa/courses/4109/biometric.pdf · •Biometric authentication decoupled from the cryptographic part of the](https://reader036.vdocuments.site/reader036/viewer/2022070916/5fb6521baddb610ab35edf42/html5/thumbnails/4.jpg)
BACKGROUND ON BIOMETRICS • Science of measuring and analyzing human characteristics
• Physiological traits
• Behavioural traits
![Page 5: Biometric Cryptosystems - Carleton Universitypeople.scs.carleton.ca/~maheshwa/courses/4109/biometric.pdf · •Biometric authentication decoupled from the cryptographic part of the](https://reader036.vdocuments.site/reader036/viewer/2022070916/5fb6521baddb610ab35edf42/html5/thumbnails/5.jpg)
• Specific hardware are used to extract those features
• Mostly used as form of identity authentication
• They are UNIQUE!! and they CAN’T BE LOST!!
BACKGROUND ON BIOMETRICS
![Page 6: Biometric Cryptosystems - Carleton Universitypeople.scs.carleton.ca/~maheshwa/courses/4109/biometric.pdf · •Biometric authentication decoupled from the cryptographic part of the](https://reader036.vdocuments.site/reader036/viewer/2022070916/5fb6521baddb610ab35edf42/html5/thumbnails/6.jpg)
• Information need to be shared with a trusted 2nd-party
• Biometric data need to be stored in a secure database
• More than one biometric templates might be required
• No biometrics are optimal
BACKGROUND ON BIOMETRICS
![Page 7: Biometric Cryptosystems - Carleton Universitypeople.scs.carleton.ca/~maheshwa/courses/4109/biometric.pdf · •Biometric authentication decoupled from the cryptographic part of the](https://reader036.vdocuments.site/reader036/viewer/2022070916/5fb6521baddb610ab35edf42/html5/thumbnails/7.jpg)
Comparison of Various Biometric Technologies[2]High / Medium / Low
BACKGROUND ON BIOMETRICS
![Page 8: Biometric Cryptosystems - Carleton Universitypeople.scs.carleton.ca/~maheshwa/courses/4109/biometric.pdf · •Biometric authentication decoupled from the cryptographic part of the](https://reader036.vdocuments.site/reader036/viewer/2022070916/5fb6521baddb610ab35edf42/html5/thumbnails/8.jpg)
• New research field: Biometric cryptosystems
• Research goals:
• How to generate cryptographic keys out of biometric measurements
• how to hide and retrieve user-specific cryptographic keys in and out of biometric data
• how to generate several forms of biometric templates from a single biometric measurement
BACKGROUND ON BIOMETRICS
![Page 9: Biometric Cryptosystems - Carleton Universitypeople.scs.carleton.ca/~maheshwa/courses/4109/biometric.pdf · •Biometric authentication decoupled from the cryptographic part of the](https://reader036.vdocuments.site/reader036/viewer/2022070916/5fb6521baddb610ab35edf42/html5/thumbnails/9.jpg)
• Current cryptosystems depends on the secrecy of the secret or private key and authentication is possession-based
• Systems don’t know if the user is a legitimate person or an attacker.
• Biometrics replaces password-based authentication
• They can also be used to generate a cryptographic key or biometric hash
KEY CONCEPTS IN BCS
![Page 10: Biometric Cryptosystems - Carleton Universitypeople.scs.carleton.ca/~maheshwa/courses/4109/biometric.pdf · •Biometric authentication decoupled from the cryptographic part of the](https://reader036.vdocuments.site/reader036/viewer/2022070916/5fb6521baddb610ab35edf42/html5/thumbnails/10.jpg)
• Matching process in a password-based authentication system is not difficult to engineer because the result is perfectly calculated
• In biometrics, two measurements of the same person’s biometrics cannot be expected to be equal
• The challenge lies in finding the trade-off between amount of fuzziness the system can handle and the security it provides
• One way to deal with fuzziness => finding significant biometric features
- Biometric Variance -
KEY CONCEPTS IN BCS
![Page 11: Biometric Cryptosystems - Carleton Universitypeople.scs.carleton.ca/~maheshwa/courses/4109/biometric.pdf · •Biometric authentication decoupled from the cryptographic part of the](https://reader036.vdocuments.site/reader036/viewer/2022070916/5fb6521baddb610ab35edf42/html5/thumbnails/11.jpg)
• Biometric Sensor
• Feature Extraction
• Database
• Biometric Matcher
- Biometric Authentication Systems -
- Two processes are involved: Enrollment and Authentication
KEY CONCEPTS IN BCS
![Page 12: Biometric Cryptosystems - Carleton Universitypeople.scs.carleton.ca/~maheshwa/courses/4109/biometric.pdf · •Biometric authentication decoupled from the cryptographic part of the](https://reader036.vdocuments.site/reader036/viewer/2022070916/5fb6521baddb610ab35edf42/html5/thumbnails/12.jpg)
Biometric Authentication system diagram[4]
KEY CONCEPTS IN BCS
![Page 13: Biometric Cryptosystems - Carleton Universitypeople.scs.carleton.ca/~maheshwa/courses/4109/biometric.pdf · •Biometric authentication decoupled from the cryptographic part of the](https://reader036.vdocuments.site/reader036/viewer/2022070916/5fb6521baddb610ab35edf42/html5/thumbnails/13.jpg)
• Two type of errors: False Acceptance and False Rejection
- Performance Measurement -
Measure Description
False Acceptance Rate (FAR) Ratio between numbers truly non-matchingsamples which are matched by the systemand total number of tests (including to firsttwo rates as well)
False Rejection Rate (FRR) Ratio of truly matching samples, which arenot matched by the system and total numbersof tests (including to first two rates as well)
Equal Error Rate (EER) The point on the error rate diagrams whereFAR and FRR are equivalent.
KEY CONCEPTS IN BCS
![Page 14: Biometric Cryptosystems - Carleton Universitypeople.scs.carleton.ca/~maheshwa/courses/4109/biometric.pdf · •Biometric authentication decoupled from the cryptographic part of the](https://reader036.vdocuments.site/reader036/viewer/2022070916/5fb6521baddb610ab35edf42/html5/thumbnails/14.jpg)
• Biometric component performs user authentication while a generic cryptosystem handles the other components => Biometric key release
• But this can method creates a few issues...
- Biometric Key -
KEY CONCEPTS IN BCS
![Page 15: Biometric Cryptosystems - Carleton Universitypeople.scs.carleton.ca/~maheshwa/courses/4109/biometric.pdf · •Biometric authentication decoupled from the cryptographic part of the](https://reader036.vdocuments.site/reader036/viewer/2022070916/5fb6521baddb610ab35edf42/html5/thumbnails/15.jpg)
• Hide a cryptographic key within the user’s biometric template => Biometric key generation and key binding
• Again no solution is perfect
- Biometric Key -
KEY CONCEPTS IN BCS
![Page 16: Biometric Cryptosystems - Carleton Universitypeople.scs.carleton.ca/~maheshwa/courses/4109/biometric.pdf · •Biometric authentication decoupled from the cryptographic part of the](https://reader036.vdocuments.site/reader036/viewer/2022070916/5fb6521baddb610ab35edf42/html5/thumbnails/16.jpg)
• 3 type of schemes in BCS:
• Key Release Scheme
• Key Generation Scheme
• Key Binding Scheme
DESCRIPTION OF BCS SCHEMES
![Page 17: Biometric Cryptosystems - Carleton Universitypeople.scs.carleton.ca/~maheshwa/courses/4109/biometric.pdf · •Biometric authentication decoupled from the cryptographic part of the](https://reader036.vdocuments.site/reader036/viewer/2022070916/5fb6521baddb610ab35edf42/html5/thumbnails/17.jpg)
• Biometric authentication decoupled from the cryptographic part of the system.
• Easy to implement but not used frequently because of major vulnerabilities:
• Template needs to be stored in database which means it can be stolen
• Change to the biometric matching process
• Cryptographic key has to be stored as part of the template
• Not appropriate for high security application
- Key Release Scheme -
DESCRIPTION OF BCS SCHEMES
![Page 18: Biometric Cryptosystems - Carleton Universitypeople.scs.carleton.ca/~maheshwa/courses/4109/biometric.pdf · •Biometric authentication decoupled from the cryptographic part of the](https://reader036.vdocuments.site/reader036/viewer/2022070916/5fb6521baddb610ab35edf42/html5/thumbnails/18.jpg)
• User’s key is directly derived from the user’s biometric data so it doesn’t have to be stored anywhere!
• Helper data: public biometric-dependent information
• Helper data doesn’t contain anything about the original biometric template
• Helper data are derived using either Key Generation systems or Key Binding systems
- Key Generation and Binding Schemes -
DESCRIPTION OF BCS SCHEMES
![Page 19: Biometric Cryptosystems - Carleton Universitypeople.scs.carleton.ca/~maheshwa/courses/4109/biometric.pdf · •Biometric authentication decoupled from the cryptographic part of the](https://reader036.vdocuments.site/reader036/viewer/2022070916/5fb6521baddb610ab35edf42/html5/thumbnails/19.jpg)
• Helper data are obtained by binding a secret key to a biometric template.
• Keys are obtained at authentication by applying a key retrieval algorithm
• One of the most popular BCS is a key binding system called Fuzzy Vault
- Key Binding Scheme -
DESCRIPTION OF BCS SCHEMES
![Page 20: Biometric Cryptosystems - Carleton Universitypeople.scs.carleton.ca/~maheshwa/courses/4109/biometric.pdf · •Biometric authentication decoupled from the cryptographic part of the](https://reader036.vdocuments.site/reader036/viewer/2022070916/5fb6521baddb610ab35edf42/html5/thumbnails/20.jpg)
• Introduced by Ari Juels and Madhu Sudan from RSA Laboratories in 2002.
• Alice place a secret value k in a fuzzy vault and ‘lock’ it using a set of A elements from some public universe U.
• If Bob tries to ‘unlock’ the vault using a set B of similar length, he obtains k only if B overlap substantially over A.
• Fuzzy vault is a form of error-tolerant encryption operation where keys consists of sets which are biometric templates in a biometric implementation.
- Key Binding Scheme: Fuzzy Vault -
DESCRIPTION OF BCS SCHEMES
![Page 21: Biometric Cryptosystems - Carleton Universitypeople.scs.carleton.ca/~maheshwa/courses/4109/biometric.pdf · •Biometric authentication decoupled from the cryptographic part of the](https://reader036.vdocuments.site/reader036/viewer/2022070916/5fb6521baddb610ab35edf42/html5/thumbnails/21.jpg)
- Key Binding Scheme: Fuzzy Vault -
Enrollment Authentication
Biometric Input Biometric Input
Feature Set A
Feature Set B
Secret k
Polynom p
Secret k’Polynom p’
Vault
Error Correcting
Code Chaff Points
Template
DESCRIPTION OF BCS SCHEMES
![Page 22: Biometric Cryptosystems - Carleton Universitypeople.scs.carleton.ca/~maheshwa/courses/4109/biometric.pdf · •Biometric authentication decoupled from the cryptographic part of the](https://reader036.vdocuments.site/reader036/viewer/2022070916/5fb6521baddb610ab35edf42/html5/thumbnails/22.jpg)
• The security of the whole scheme lies with the unfeasibility of the polynomial reconstruction and the number of applied chaff points.
• Multiple schemes based on Fuzzy Vault have been proposed using different biometrics.
• Results are measured using FRR and FAR
- Key Binding Scheme: Fuzzy Vault -
DESCRIPTION OF BCS SCHEMES
![Page 23: Biometric Cryptosystems - Carleton Universitypeople.scs.carleton.ca/~maheshwa/courses/4109/biometric.pdf · •Biometric authentication decoupled from the cryptographic part of the](https://reader036.vdocuments.site/reader036/viewer/2022070916/5fb6521baddb610ab35edf42/html5/thumbnails/23.jpg)
• Generating keys directly out of biometric templates
• No implementation of this scheme as of now exist
• Biometric characteristics doesn’t provide enough information to extract a reliable, updatable key without the use of any helper data.
• The Quantization schemes were proposed by various authors, each using the same basics idea.
- Key Generation Schemes -
DESCRIPTION OF BCS SCHEMES
![Page 24: Biometric Cryptosystems - Carleton Universitypeople.scs.carleton.ca/~maheshwa/courses/4109/biometric.pdf · •Biometric authentication decoupled from the cryptographic part of the](https://reader036.vdocuments.site/reader036/viewer/2022070916/5fb6521baddb610ab35edf42/html5/thumbnails/24.jpg)
- Quantization Schemes -
EnrollmentAuthentication
Biometric Inputs
Biometric Input
Feature Extraction
Interval Mapping
Interval Definition
Feature Extraction
Intervals
Interval Encoding
Template
Hash or Key
DESCRIPTION OF BCS SCHEMES
![Page 25: Biometric Cryptosystems - Carleton Universitypeople.scs.carleton.ca/~maheshwa/courses/4109/biometric.pdf · •Biometric authentication decoupled from the cryptographic part of the](https://reader036.vdocuments.site/reader036/viewer/2022070916/5fb6521baddb610ab35edf42/html5/thumbnails/25.jpg)
• There are other concepts and approaches in biometric cryptography which are currently researched. Ex. Cancelable biometric
• Most BCS are still in the development phases but some first deployments are available. Ex Genkey - fingerprint-key generation solutions
• Identity theft and fraud will rise the demands for stronger security schemes involving biometrics
• Research still need to be conducted in the field of biometric cryptosystems
CONCLUSION
![Page 26: Biometric Cryptosystems - Carleton Universitypeople.scs.carleton.ca/~maheshwa/courses/4109/biometric.pdf · •Biometric authentication decoupled from the cryptographic part of the](https://reader036.vdocuments.site/reader036/viewer/2022070916/5fb6521baddb610ab35edf42/html5/thumbnails/26.jpg)
Questions?
![Page 27: Biometric Cryptosystems - Carleton Universitypeople.scs.carleton.ca/~maheshwa/courses/4109/biometric.pdf · •Biometric authentication decoupled from the cryptographic part of the](https://reader036.vdocuments.site/reader036/viewer/2022070916/5fb6521baddb610ab35edf42/html5/thumbnails/27.jpg)
REFERENCES
[1] Uludag U., Pankanti S., Prabhakar S., Jain A.K. “Biometric Cryptosystems: Issues and Challenges”, Preceeding of the IEEE, vol 92, no.6 June 2004
[2] Rathgeb C., Uhl C., “A survey on biometric cryptosystems and cancelable biometrics”, EURASIP Journal on Information Security, 2011
[3] Rathgeb C., “Iris-based Biometric Cryptosystems” Doctorat thesis presented to the Department of Computer Science at the University of Salzburg, Autria, November 2008
[4]Biometric system diagram.png from Wikimedia Commons. Permission granted under the GNU Free Documentation Licence.http://en.wikipedia.org/wiki/File:Biometric_system_diagram.png
![Page 28: Biometric Cryptosystems - Carleton Universitypeople.scs.carleton.ca/~maheshwa/courses/4109/biometric.pdf · •Biometric authentication decoupled from the cryptographic part of the](https://reader036.vdocuments.site/reader036/viewer/2022070916/5fb6521baddb610ab35edf42/html5/thumbnails/28.jpg)
QUIZ
1. Name 1 physiological and 1 behavioural trait used in biometric cryptosystems?
2. Name the 2 main processes involved in biometric cryptosystems?
3. True or False. You improved your biometric cryptosystem algorithm by adjusting your error threshold to lower both your false acceptance rate(FAR) and false rejecting rate(FRR).
5. In the biometric cryptosystem Fuzzy Vault scheme, how is the ‘vault’ created?
4. What is one of the greatest challenge when dealing with biometric cryptosystems?(hint: think about biometrics measurements)