Ari Juels
RSA Laboratories
Marty Wattenberg
328 W. 19th Street,
NYC
A Fuzzy Commitment
Scheme
Biometrics
Biometric authentication
:
Computer Authentication through
Measurement of Biological Characteristics
u
Fingerprint scanning
u
Iris scanning
u
Voice recognition
Types of biometric authentication
u
Many others...
u
Face recognition
u
Body odor
Authenticating...
Enrollment / Registration
Template
t
Alice
Enrollment / Registration
Alice
Server
Authentication
Server
Authentication
Alice
Server
Server verifies against template
?
The Problem...
Template theft
Limited password changes
First password
Second password
Templates represent
intrinsic
information about
you
Alice
Theft of template is theft of identity
Towards a solution
“
password
”
UNIX protection of passwords
“
password
”
h(
“
password
”
)
“
Password
”
Template protection?
h( )
Fingerprint is variable
u
Differing angles of presentation
u
Differing amounts of pressure
u
Chapped skin
Don
’
t have exact key!
We need
“
fuzzy
”
commitment
( )
Seems counterintuitive
Cryptographic (hash) function
scrambles bits to produce
random
-
looking structure,
but
“
Fuzziness
”
or error resistance means
high degree of local structure
Error Correcting Codes
Noisy channel
Alice
Bob
“
Alice, I love… crypto
”
s
Error correcting codes
Alice
Bob
“
110
”
g
110
111 111 000
Function
g
adds redundancy
Bob
M
3 bits
C
9 bits
c
Message space
Codeword space
g
Error correcting codes
Alice
Bob
“
111 111 000
”
0
1
1
0
1 111
1
00
111 111 000
f
c
C
Function
f
corrects errors
Alice
f
Alice uses
g
-
1
to retrieve message
9 bits
C
M
3 bits
Alice
g
-
1
c
Alice gets original, uncorrupted message
110
Constructing C
Idea:
Treat template like message
W
g
C(t) = h(g(t))
What do we get?
“
Fuzziness
”
of error
-
correcting code
Security of hash function
-
based
commitment
Problems
Davida, Frankel, and Matt (
‘
㤷9
Results in very large error
-
correcting
code
Do not get good fuzziness
Cannot prove security easily
Don
’
t really have access to
“
message
”
!
Our (counterintuitive) idea:
Express template as
“
corrupted
”
codeword
Never use message space!
Express template as
“
corrupted
”
codeword
W
t
w
t = w +
t = w +
h(w)
Idea: hash most significant part
for security
Idea: leave some local information in clear
for
“
fuzziness
”
How we use fuzzy
commitment...
Computing fuzzy hash of
template
t
Choose w at random
Compute
= t
-
w
Store (h(w),
) as commitment
(h(w),
)
Verification of fingerprint
t
’
Retrieve C(t) =
(h(w),
)
Try to decommit using t
’
:
–
Compute
w
’
= f(t
’
-
)
–
Is h(w
’
) = h(w)?
?
Characteristics of
Good fuzziness (say, 17%)
Simplicity
Provably strong security
–
I.e., nothing to steal
Open problems
What do template and error distributions
really look like?
What other uses are there for fuzzy
commitment?
–
Graphical passwords
Questions?
Enter the password to open this PDF file:
File name:
-
File size:
-
Title:
-
Author:
-
Subject:
-
Keywords:
-
Creation Date:
-
Modification Date:
-
Creator:
-
PDF Producer:
-
PDF Version:
-
Page Count:
-
Preparing document for printing…
0%
Σχόλια 0
Συνδεθείτε για να κοινοποιήσετε σχόλιο