Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security with Noisy Data Boris Škorić TU Eindhoven Ei/Ψ anniversary, 24 April 2009 1.

Similar presentations


Presentation on theme: "Security with Noisy Data Boris Škorić TU Eindhoven Ei/Ψ anniversary, 24 April 2009 1."— Presentation transcript:

1 Security with Noisy Data Boris Škorić TU Eindhoven Ei/Ψ anniversary, 24 April

2 OUTLINE 1.Private biometrics 2.Physical Unclonable Functions (PUFs) PUFs for anti-counterfeiting PUFs for secure key storage 3.Fuzzy extractors 4.General remarks 2

3 Private biometrics: intro What's so private? fingerprints everywhere easily photographed no secrecy! Biometrics database access control identification Insider attacks db encryption not enough! How to abuse the database? impersonation identity theft cross-db linking detectable pathologies... yet undiscovered attacks 3

4 How to preserve privacy? Don't store biometric itself Store a one-way hash (like UNIX password file) Attacker has to invert hash Problem: noise Measurement never the same twice Any bit flip  hash totally changed Need error correction Redundancy data may leak! one-way function Private biometrics: noisy biometrics

5 Secure Sketch Recover hash compare Gen [Dodis et al., 2003] "Fuzzy Extractor" Uniform string: Efficient storage Quick db search Efficient processing 5 Helper Data Reproduce "extracted string" compare Gen Private biometrics: secure error correction

6 6 OUTLINE 1.Private biometrics 2.Physical Unclonable Functions (PUFs) PUFs for anti-counterfeiting PUFs for secure key storage 3.Fuzzy extractors 4.General remarks

7 The counterfeiting problem Frightening numbers: 10% of all medication 10% aircraft spare parts Short history of paper money 800 AD: China, first bills 1450 AD: China abolishes paper money 1601 AD: introduction in Sweden 7 Anti-counterfeiting: introduction

8 8 Anti-counterfeiting: think big

9 [Source: Kirovski 2007] Anti-counterfeiting, more voodoo than science Lots of obscurity 9

10 Traditional approach: add authenticity mark to product hard to forge all marks are identical Er,... WTF? 10 Alternative: [Bauder, Simmons < 1991] unique marks -uncontrollable process -even manufacturer cannot clone digitally signed two-step verification -check sig., then check mark forgery ← cloning / fake signature allows "open" approach - product info - expiry date - mark details Digital signature by Authority XYZ - product info - expiry date - mark details Digital signature by Authority XYZ Anti-counterfeiting: a new approach

11 Physical Unclonable Function (PUF) [Pappu et al. 2001] physical object unpredictable challenge-response behaviour hard to scrutinize without damaging hard to model mathematically hard ($) to clone physically, even for manufacturer Use PUF as anti-counterfeiting mark Anti-counterfeiting: PUFs

12 Examples of anti-counterfeiting PUFs Kirovski et al Microsoft research Škorić et al Philips research Pappu et al Buchanan et al MIT, Ingenia, Philips research Anti-counterfeiting: PUF types

13 Simplest case: mark is not secret use "distance" between measurements no error correction Just like biometrics. Use fuzzy extractor! Without added mark: mark is part of product mark not really secret but... preserve "privacy" of product noisy measurements Anti-counterfeiting: analogy with biometrics

14 OUTLINE 1.Private biometrics 2.Physical Unclonable Functions (PUFs) PUFs for anti-counterfeiting PUFs for secure key storage 3.Fuzzy extractors 4.General remarks

15 Secure key storage: intro Problem: Many devices need secret keys -authentication -encryption / decryption -signing Digital key storage -0/1 often distinguishable -invasive attacks Alternative approach: Derive key from PUF more opaque than digital memory extract key when needed, then wipe from RAM invasive attack  key destroyed

16 Physical Unclonable Function (PUF) physical object unpredictable challenge-response behaviour hard to scrutinize without damaging hard to model mathematically hard ($) to clone physically, even for manufacturer "Physically Obscured Key" (POK) [Gassend et al. 2003] 16 EEPROM - Helper data - E K [Device secrets] PUF Sensor reproduce K Crypto processor Integrated Secure key storage: PUFs

17 TiN TiO 2 S-RAM PUF [Guajardo et al., Su et al. 2007] Coating PUF [Posch 1998; Tuyls et al. 2006] Integrated optical PUF [Ophey et al. 2006] Silicon PUF [Gassend et al. 2002] FPGA "butterfly" [Kumar et al. 2008] Secure key storage: PUF types

18 OUTLINE 1.Private biometrics 2.Physical Unclonable Functions (PUFs) PUFs for anti-counterfeiting PUFs for secure key storage 3.Fuzzy extractors 4.General remarks

19 Required for e.g. privacy preserving biometrics anti-counterfeiting with "product privacy" PUF-based key storage Properties Secrecy and uniformity: Δ(WS; WU) ≤ ε. "S given W is almost uniform" Correctness: If X' sufficiently close to X, then S'=S. Robustness [Boyen et al. 2005]: Detection of active attack against W noisy Dodis et al Juels+Wattenberg 1999 Linnartz+Tuyls 2003 Fuzzy Extractors: intro

20 Fuzzy Extractors: high-level look at helper data X W Enrolment phase X: measurementW: helper dataS: region index (extracted secret) S Gen(X) = {S, W} X sufficiently "smooth"  W reveals little or nothing about S

21 Fuzzy Extractors: high-level look at helper data X' Reproduction phase W S Rep(X',W) = S

22 You need helper data. You really do. Fuzzy Extractors: necessity of helper data Enrolments happen after fixing grid Some X inevitably on boundary -noise can go either way Helper data removes the ambiguity

23 Fuzzy Extractors: active attacks Active Attack: Modify W  accept wrong X'  accept key S' ≠ S Defense: 1.TTP's signature on W. 2.But... what if there's no PKI? Use secret S itself to authenticate W ! a.hash(W||S). [Boyen 2005] random oracle assumption b.Sacrifice part of S as authentication key. S = S 1 || S 2. MAC(S 1, W) (sort of) [Dodis et al. 2006] information-theoretic security if X has sufficient entropy rate

24 24 Fuzzy Extractors & PUFs: variety of disciplines FUZZY EXTRACTION FROM PUF physics information theory crypto error-correcting codes security engineering

25 OUTLINE 1.Private biometrics 2.Physical Unclonable Functions (PUFs) PUFs for anti-counterfeiting PUFs for secure key storage 3.Fuzzy extractors 4.General remarks

26 General remarks: PUF proliferation optical PUF coating PUF Silicon PUF optical fiber PUF RF COA LC-PUF S-RAM PUF Arbiter PUF fluorescent PUF Delay PUF Butterfly PUF diode breakdown PUF reconfigurable PUF acoustic PUF controlled PUF phosphor PUF...

27 General remarks: PUF family tree MvD

28 General remarks: after years of preaching the PUF gospel...

29 29 General remarks: ¥€££$ Making money from security with noisy data Philips spin-off MIT spin-off Imperial College London spin-off

30 Noisy sources of key material -privacy preserving storage of biometric data -anti-counterfeiting -secure key storage with PUFs Fuzzy extractors -extract key from noisy source -reproducibility -secrecy of output -resilience against attacks on helper data Subject becoming more popular Not just theory, also $$$ Summary


Download ppt "Security with Noisy Data Boris Škorić TU Eindhoven Ei/Ψ anniversary, 24 April 2009 1."

Similar presentations


Ads by Google