Fuzzy Commitment - DIMACS

licoricebedsSécurité

22 févr. 2014 (il y a 3 années et 3 mois)

71 vue(s)

Fuzzy Commitment

Ari Juels

RSA Laboratories

ajuels@rsasecurity.com

DIMACS Workshop on Cryptography: Theory Meets Practice

15 October 2004

Part I:

Data secrecy in biometric
authentication systems

The Classical View of Biometric
Authentication

Is it Woody? Yes, it’s Woody!

The Classical View of Biometric
Authentication

Is it Woody? Yes, it’s Woody!

=

?

The Classical View of Biometric
Authentication

=

?

Hello,

Mr. Woody Allen

In these scenarios, biometric
data need not be kept secret


Spoofing is difficult with human
oversight


Indeed, your face is public anyway


(Assuming, of course, that passport is
not a forgery)


But what happens when…

A human
-
guided process

=

?

Becomes automated?

=

?

Secrecy of biometric data is now
more important to security


Reason 1:

Automation
will mean relaxation
of human oversight


More opportunity for
spoofing


Spoofing iris / face
readers with printed
images, “gummy”
fingers, etc.

Schiphol airport: Iris scanning

Secrecy of biometric data is now
more important to security


Reason 2:

Spillover
into remote / home
authentication!

Woody’s PC

Server

And revocation is hard!

First password

Second password

Yet passports will transmit
biometrics via RFID to any
standard reader…

Clandestine scanning

10cm range under legal conditions

How much with a rogue reader?

One meter?

How much from eavesdropping
on legitimate reader?

Optical keys / Faraday cages?

ICAO (International Civil

Aviation Organization) standard


imminent adoption through DHS

effort

But isn’t my face public anyway?

Copying a biometric is somewhat like copying a painting…


Facial images require special conditions for matching to work. In U.K., you’re
not allowed to smile in passport photos any longer!


Best for forger to have
target

image, i.e., one in passport serving as basis for
authentication


Iris and fingerprint are harder to capture than face


Suppose you want to copy a painting…

snapshot

professional photo

Part II:

Towards secrecy in biometric
authentication systems

password

Cryptographic tools for
password secrecy

password

Cryptographic tools for
password secrecy

h
(
password, salt
)

E
password
[key]

Password
-
based

key agreement

Cryptographic tools for
biometric secrecy

h
(

, salt
)

E

[key]

Finger
-
based

key agreement?

?

Problem: Biometrics are variable,

i.e.,
error
-
prone…


Differing angles of
presentation


Differing amounts of pressure


Chapped skin



and standard crypto does not tolerate errors!

!

We want “fuzzy” cryptography


Error
-
tolerant crypto primitives


E.g., E
k
[
m
]

D
k’
[ ]

=
m

if
k


k’


Body of “fuzzy” crypto literature:


Davida, Frankel, & Matt ’98


“Biometric encryption” (breakable)


Juels & Wattenberg ’99 (“fuzzy commitment”)

Application of FJ ‘01 to “life questions” now in RSA product…


Monrose, Reiter, & Wetze
l ’99 + follow
-
on


Juels & Sudan ’01


Dodis, Rezyin, & Smith ’04


Boyen in ten minutes…

But no rigorous application to real biometrics yet!


Why everybody has nice eyes


An iriscode has an
estimated 250 bits of
entropy!


Contrast 1/10,000 false
acceptance for
fingerprints…


Most people have two eyes!


Hamming distance is the
metric for iriscode
similarity


E. g. , fuzzy commitment
applies directly…

iris

iriscode

Why it’s not so easy…


An iriscode can be as long as 4096 bits


Where are those 250 bits of entropy hidden?


Bits are not independent…


Signal processing data folded into iriscode


Eyelids, eyelashes, and reflections can
occlude much of iris


We could get only 37 pairs of eyes for
experiments…



A first attempt

Tricks:

1.
Use staggered samples: yields up to 75 independent bits

2.
Use multiple scans to reduce error rate

3.
Play some ad
-
hoc tricks with signal
-
processing data


Result: Able to extract a 60
-
bit or so key from a pair of irises,


but how much were methods fitted to data?

Conclusion


Ongoing work (joint with Mike Szydlo & Brent
Waters)


Trying to understand iriscode distribution


Need programming help!


Other groups trying to apply fuzzy crypto to
fingerprints



Natural place where
theory

(crypto) meets
practice

(the human being)


… and error
-
prone devices too, e.g., POWFs, PUFs…


With biometrics on the march, imminent
surge of interest in these techniques?