Download presentation

Presentation is loading. Please wait.

Published byChristopher Lynch Modified over 2 years ago

1
Ari Juels RSA Laboratories Marty Wattenberg 328 W. 19th Street, NYC A Fuzzy Commitment Scheme

2
Biometrics

3
Biometric authentication: Computer Authentication through Measurement of Biological Characteristics

4
u Fingerprint scanning u Iris scanning u Voice recognition Types of biometric authentication u Many others... u Face recognition u Body odor Authenticating...

5
Enrollment / Registration Template t Alice

6
Enrollment / Registration Alice Server

7
Authentication Server

8
Authentication Alice Server

9
Server verifies against template ?

10
The Problem...

11
Template theft

12
Limited password changes First password Second password

13
Templates represent intrinsic information about you Alice Theft of template is theft of identity

14
Towards a solution

15
password UNIX protection of passwords password h(password) Password

16
Template protection? h( )

17
Fingerprint is variable u Differing angles of presentation u Differing amounts of pressure u Chapped skin Don t have exact key!

18
We need fuzzy commitment ( )

19
Seems counterintuitive u Cryptographic (hash) function scrambles bits to produce random- looking structure, but uFuzziness or error resistance means high degree of local structure

20
Error Correcting Codes

21
Noisy channel Alice Bob Alice, I love… crypto s

22
Error correcting codes Alice Bob 110

23
g Function g adds redundancy Bob M 3 bits C 9 bits c Message space Codeword space g

24
Error correcting codes Alice Bob

25
f c C Function f corrects errors Alice f

26
Alice uses g -1 to retrieve message 9 bits C M 3 bits Alice g-1g-1 c Alice gets original, uncorrupted message 110

27
Constructing C

28
Idea: Treat template like message W g C(t) = h(g(t))

29
What do we get? uFuzziness of error-correcting code u Security of hash function-based commitment

30
Problems Davida, Frankel, and Matt (97) u Results in very large error-correcting code u Do not get good fuzziness u Cannot prove security easily u Dont really have access to message!

31
Our (counterintuitive) idea: Express template as corrupted codeword u Never use message space!

32
Express template as corrupted codeword W t w t = w +

33
t = w + h(w) Idea: hash most significant part for security Idea: leave some local information in clear for fuzziness

34
How we use fuzzy commitment...

35
Computing fuzzy hash of template t u Choose w at random u Compute = t - w u Store (h(w), ) as commitment (h(w), )

36
Verification of fingerprint t u Retrieve C(t) = (h(w), ) u Try to decommit using t: –Compute w = f(t - ) –Is h(w) = h(w)? ?

37
Characteristics of u Good fuzziness (say, 17%) u Simplicity u Provably strong security –I.e., nothing to steal

38
Open problems u What do template and error distributions really look like? u What other uses are there for fuzzy commitment? –Graphical passwords

39
Questions?

Similar presentations

© 2016 SlidePlayer.com Inc.

All rights reserved.

Ads by Google