Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ari Juels RSA Laboratories Marty Wattenberg 328 W. 19th Street, NYC A Fuzzy Commitment Scheme.

Published byChristopher Lynch Modified over 11 years ago

Similar presentations

Presentation on theme: "Ari Juels RSA Laboratories Marty Wattenberg 328 W. 19th Street, NYC A Fuzzy Commitment Scheme."— Presentation transcript:

1 Ari Juels RSA Laboratories Marty Wattenberg 328 W. 19th Street, NYC A Fuzzy Commitment Scheme

2 Biometrics

3 Biometric authentication: Computer Authentication through Measurement of Biological Characteristics

4 u Fingerprint scanning u Iris scanning u Voice recognition Types of biometric authentication u Many others... u Face recognition u Body odor Authenticating...

5 Enrollment / Registration Template t Alice

6 Enrollment / Registration Alice Server

7 Authentication Server

8 Authentication Alice Server

9 Server verifies against template ?

10 The Problem...

11 Template theft

12 Limited password changes First password Second password

13 Templates represent intrinsic information about you Alice Theft of template is theft of identity

14 Towards a solution

15 password UNIX protection of passwords password h(password) Password

16 Template protection? h( )

17 Fingerprint is variable u Differing angles of presentation u Differing amounts of pressure u Chapped skin Don t have exact key!

18 We need fuzzy commitment ( )

19 Seems counterintuitive u Cryptographic (hash) function scrambles bits to produce random- looking structure, but uFuzziness or error resistance means high degree of local structure

20 Error Correcting Codes

21 Noisy channel Alice Bob Alice, I love… crypto s

22 Error correcting codes Alice Bob 110

23 g 111 111 000 Function g adds redundancy Bob M 3 bits C 9 bits c Message space Codeword space g

24 Error correcting codes Alice Bob 111 111 000 0 1

25 101 111 100 111 111 000 f c C Function f corrects errors Alice f

26 Alice uses g -1 to retrieve message 9 bits C M 3 bits Alice g-1g-1 c Alice gets original, uncorrupted message 110

27 Constructing C

28 Idea: Treat template like message W g C(t) = h(g(t))

29 What do we get? uFuzziness of error-correcting code u Security of hash function-based commitment

30 Problems Davida, Frankel, and Matt (97) u Results in very large error-correcting code u Do not get good fuzziness u Cannot prove security easily u Dont really have access to message!

31 Our (counterintuitive) idea: Express template as corrupted codeword u Never use message space!

32 Express template as corrupted codeword W t w t = w +

33 t = w + h(w) Idea: hash most significant part for security Idea: leave some local information in clear for fuzziness

34 How we use fuzzy commitment...

35 Computing fuzzy hash of template t u Choose w at random u Compute = t - w u Store (h(w), ) as commitment (h(w), )

36 Verification of fingerprint t u Retrieve C(t) = (h(w), ) u Try to decommit using t: –Compute w = f(t - ) –Is h(w) = h(w)? ?

37 Characteristics of u Good fuzziness (say, 17%) u Simplicity u Provably strong security –I.e., nothing to steal

38 Open problems u What do template and error distributions really look like? u What other uses are there for fuzzy commitment? –Graphical passwords

39 Questions?

Download ppt "Ari Juels RSA Laboratories Marty Wattenberg 328 W. 19th Street, NYC A Fuzzy Commitment Scheme."

Similar presentations

Error-Tolerant Password Recovery Niklas Frykholm and Ari Juels RSA Laboratories.

Error-Tolerant Password Recovery Niklas Frykholm and Ari Juels RSA Laboratories.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
RPC Mixing: Making Mix-Nets Robust for Electronic Voting Ron Rivest MIT Markus Jakobsson Ari Juels RSA Laboratories.

RPC Mixing: Making Mix-Nets Robust for Electronic Voting Ron Rivest MIT Markus Jakobsson Ari Juels RSA Laboratories.
Hash Function. What are hash functions? Just a method of compressing strings – E.g., H : {0,1}*  {0,1} 160 – Input is called “message”, output is “digest”

Hash Function. What are hash functions? Just a method of compressing strings – E.g., H : {0,1}*  {0,1} 160 – Input is called “message”, output is “digest”
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.

Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Biometry and Security: Secure Biometric Authentication for Weak Computational Devices Author: Zelenevskiy Vladimir Based on the research by M.J. Atallah.

Biometry and Security: Secure Biometric Authentication for Weak Computational Devices Author: Zelenevskiy Vladimir Based on the research by M.J. Atallah.
CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.

CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.
Fuzzy Vaults: Toward Secure Client-Side Matching Ari Juels RSA Laboratories 10th CACR Information Security Workshop 8 May 2002 LABORATORIES.

Fuzzy Vaults: Toward Secure Client-Side Matching Ari Juels RSA Laboratories 10th CACR Information Security Workshop 8 May 2002 LABORATORIES.
Securing Fingerprint Template - Fuzzy Vault with Helper Data

Securing Fingerprint Template - Fuzzy Vault with Helper Data
Fuzzy Stuff 6.857 Lecture 24, 2006. Outline Motivation: Biometric Architectures Motivation: Biometric Architectures New Tool (for us): Error Correcting.

Fuzzy Stuff Lecture 24, Outline Motivation: Biometric Architectures Motivation: Biometric Architectures New Tool (for us): Error Correcting.
Cryptology Passwords and Authentication Prof. David Singer Dept. of Mathematics Case Western Reserve University.

Cryptology Passwords and Authentication Prof. David Singer Dept. of Mathematics Case Western Reserve University.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
Anonymous Biometrics: Privacy Protection of Biometric Templates Pim Tuyls, E. Verbitskiy, D. Denteneer, J.P. Linnartz, J. Goseling, T. Ignatenko

Anonymous Biometrics: Privacy Protection of Biometric Templates Pim Tuyls, E. Verbitskiy, D. Denteneer, J.P. Linnartz, J. Goseling, T. Ignatenko
Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science ©2002-2004 Matt.

Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science © Matt.
 Secure Authentication Using Biometric Data Karen Cui.

 Secure Authentication Using Biometric Data Karen Cui.
Class on Security Raghu. Current state of Security Cracks appear all the time Band Aid solutions Applications are not designed properly OS designs are.

Class on Security Raghu. Current state of Security Cracks appear all the time Band Aid solutions Applications are not designed properly OS designs are.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
Chap 3: Key exchange protocols In most systems, we distinguish the short term keys from the long term ones: –A short term key (session key) is used to.

Chap 3: Key exchange protocols In most systems, we distinguish the short term keys from the long term ones: –A short term key (session key) is used to.

Similar presentations

Ads by Google