Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ari Juels RSA Laboratories Marty Wattenberg 328 W. 19th Street, NYC A Fuzzy Commitment Scheme.

Similar presentations


Presentation on theme: "Ari Juels RSA Laboratories Marty Wattenberg 328 W. 19th Street, NYC A Fuzzy Commitment Scheme."— Presentation transcript:

1 Ari Juels RSA Laboratories Marty Wattenberg 328 W. 19th Street, NYC A Fuzzy Commitment Scheme

2 Biometrics

3 Biometric authentication: Computer Authentication through Measurement of Biological Characteristics

4 u Fingerprint scanning u Iris scanning u Voice recognition Types of biometric authentication u Many others... u Face recognition u Body odor Authenticating...

5 Enrollment / Registration Template t Alice

6 Enrollment / Registration Alice Server

7 Authentication Server

8 Authentication Alice Server

9 Server verifies against template ?

10 The Problem...

11 Template theft

12 Limited password changes First password Second password

13 Templates represent intrinsic information about you Alice Theft of template is theft of identity

14 Towards a solution

15 password UNIX protection of passwords password h(password) Password

16 Template protection? h( )

17 Fingerprint is variable u Differing angles of presentation u Differing amounts of pressure u Chapped skin Don t have exact key!

18 We need fuzzy commitment ( )

19 Seems counterintuitive u Cryptographic (hash) function scrambles bits to produce random- looking structure, but uFuzziness or error resistance means high degree of local structure

20 Error Correcting Codes

21 Noisy channel Alice Bob Alice, I love… crypto s

22 Error correcting codes Alice Bob 110

23 g Function g adds redundancy Bob M 3 bits C 9 bits c Message space Codeword space g

24 Error correcting codes Alice Bob

25 f c C Function f corrects errors Alice f

26 Alice uses g -1 to retrieve message 9 bits C M 3 bits Alice g-1g-1 c Alice gets original, uncorrupted message 110

27 Constructing C

28 Idea: Treat template like message W g C(t) = h(g(t))

29 What do we get? uFuzziness of error-correcting code u Security of hash function-based commitment

30 Problems Davida, Frankel, and Matt (97) u Results in very large error-correcting code u Do not get good fuzziness u Cannot prove security easily u Dont really have access to message!

31 Our (counterintuitive) idea: Express template as corrupted codeword u Never use message space!

32 Express template as corrupted codeword W t w t = w +

33 t = w + h(w) Idea: hash most significant part for security Idea: leave some local information in clear for fuzziness

34 How we use fuzzy commitment...

35 Computing fuzzy hash of template t u Choose w at random u Compute = t - w u Store (h(w), ) as commitment (h(w), )

36 Verification of fingerprint t u Retrieve C(t) = (h(w), ) u Try to decommit using t: –Compute w = f(t - ) –Is h(w) = h(w)? ?

37 Characteristics of u Good fuzziness (say, 17%) u Simplicity u Provably strong security –I.e., nothing to steal

38 Open problems u What do template and error distributions really look like? u What other uses are there for fuzzy commitment? –Graphical passwords

39 Questions?


Download ppt "Ari Juels RSA Laboratories Marty Wattenberg 328 W. 19th Street, NYC A Fuzzy Commitment Scheme."

Similar presentations


Ads by Google