Biometric Cryptosystems Seminar by Sylvain Blais for COMP4109
INTRODUCTION All cryptosystems requires some sort of user authentication Key management system needs a way to release a cryptographic key. Are current systems secure enough? Biometrics solves many security issues but it is very challenging Encryption/Decryption using biometrics
CONTENT Background on biometrics Overview of key concepts in biometric cryptosystems(bcs) Description of current schemes including examples Quiz
BACKGROUND ON BIOMETRICS Science of measuring and analyzing human characteristics Physiological traits Behavioural traits
BACKGROUND ON BIOMETRICS Specific hardware are used to extract those features Mostly used as form of identity authentication They are UNIQUE!! and they CAN T BE LOST!!
BACKGROUND ON BIOMETRICS Information need to be shared with a trusted 2nd-party Biometric data need to be stored in a secure database More than one biometric templates might be required No biometrics are optimal
BACKGROUND ON BIOMETRICS Comparison of Various Biometric Technologies[2] High / Medium / Low
BACKGROUND ON BIOMETRICS New research field: Biometric cryptosystems Research goals: How to generate cryptographic keys out of biometric measurements how to hide and retrieve user-specific cryptographic keys in and out of biometric data how to generate several forms of biometric templates from a single biometric measurement
KEY CONCEPTS IN BCS Current cryptosystems depends on the secrecy of the secret or private key and authentication is possession-based Systems don t know if the user is a legitimate person or an attacker. Biometrics replaces password-based authentication They can also be used to generate a cryptographic key or biometric hash
KEY CONCEPTS IN BCS - Biometric Variance - Matching process in a password-based authentication system is not difficult to engineer because the result is perfectly calculated In biometrics, two measurements of the same person s biometrics cannot be expected to be equal The challenge lies in finding the trade-off between amount of fuzziness the system can handle and the security it provides One way to deal with fuzziness => finding significant biometric features
KEY CONCEPTS IN BCS - Biometric Authentication Systems - Biometric Sensor Feature Extraction Database Biometric Matcher - Two processes are involved: Enrollment and Authentication
KEY CONCEPTS IN BCS Biometric Authentication system diagram[4]
KEY CONCEPTS IN BCS - Performance Measurement - Two type of errors: False Acceptance and False Rejection Measure Description False Acceptance Rate (FAR) Ratio between numbers truly non-matching samples which are matched by the system and total number of tests (including to first two rates as well) False Rejection Rate (FRR) Ratio of truly matching samples, which are not matched by the system and total numbers of tests (including to first two rates as well) Equal Error Rate (EER) The point on the error rate diagrams where FAR and FRR are equivalent.
KEY CONCEPTS IN BCS - Biometric Key - Biometric component performs user authentication while a generic cryptosystem handles the other components => Biometric key release But this can method creates a few issues...
KEY CONCEPTS IN BCS - Biometric Key - Hide a cryptographic key within the user s biometric template => Biometric key generation and key binding Again no solution is perfect
DESCRIPTION OF BCS SCHEMES 3 type of schemes in BCS: Key Release Scheme Key Binding Scheme Key Generation Scheme
DESCRIPTION OF BCS SCHEMES - Key Release Scheme - Biometric authentication decoupled from the cryptographic part of the system. Easy to implement but not used frequently because of major vulnerabilities: Template needs to be stored in database which means it can be stolen Change to the biometric matching process Cryptographic key has to be stored as part of the template Not appropriate for high security application
DESCRIPTION OF BCS SCHEMES - Key Generation and Binding Schemes - User s key is directly derived from the user s biometric data so it doesn t have to be stored anywhere! Helper data: public biometric-dependent information Helper data doesn t contain anything about the original biometric template Helper data are derived using either Key Generation systems or Key Binding systems
DESCRIPTION OF BCS SCHEMES - Key Binding Scheme - Helper data are obtained by binding a secret key to a biometric template. Keys are obtained at authentication by applying a key retrieval algorithm One of the most popular BCS is a key binding system called Fuzzy Vault
DESCRIPTION OF BCS SCHEMES - Key Binding Scheme: Fuzzy Vault - Introduced by Ari Juels and Madhu Sudan from RSA Laboratories in 2002. Alice place a secret value k in a fuzzy vault and lock it using a set of A elements from some public universe U. If Bob tries to unlock the vault using a set B of similar length, he obtains k only if B overlap substantially over A. Fuzzy vault is a form of error-tolerant encryption operation where keys consists of sets which are biometric templates in a biometric implementation.
DESCRIPTION OF BCS SCHEMES - Key Binding Scheme: Fuzzy Vault - Enrollment Authentication Secret k Biometric Input Template Biometric Input Feature Set A Polynom p Vault Feature Set B Error Correcting Code Chaff Points Polynom p Secret k
DESCRIPTION OF BCS SCHEMES - Key Binding Scheme: Fuzzy Vault - The security of the whole scheme lies with the unfeasibility of the polynomial reconstruction and the number of applied chaff points. Multiple schemes based on Fuzzy Vault have been proposed using different biometrics. Results are measured using FRR and FAR
DESCRIPTION OF BCS SCHEMES - Key Generation Schemes - Generating keys directly out of biometric templates No implementation of this scheme as of now exist Biometric characteristics doesn t provide enough information to extract a reliable, updatable key without the use of any helper data. The Quantization schemes were proposed by various authors, each using the same basics idea.
DESCRIPTION OF BCS SCHEMES - Quantization Schemes - Enrollment Authentication Biometric Inputs Template Hash or Key Biometric Input Feature Extraction Interval Definition Intervals Interval Mapping Feature Extraction Interval Encoding
CONCLUSION There are other concepts and approaches in biometric cryptography which are currently researched. Ex. Cancelable biometric Most BCS are still in the development phases but some first deployments are available. Ex Genkey - fingerprint-key generation solutions Identity theft and fraud will rise the demands for stronger security schemes involving biometrics Research still need to be conducted in the field of biometric cryptosystems
Questions?
REFERENCES [1] Uludag U., Pankanti S., Prabhakar S., Jain A.K. Biometric Cryptosystems: Issues and Challenges, Preceeding of the IEEE, vol 92, no.6 June 2004 [2] Rathgeb C., Uhl C., A survey on biometric cryptosystems and cancelable biometrics, EURASIP Journal on Information Security, 2011 [3] Rathgeb C., Iris-based Biometric Cryptosystems Doctorat thesis presented to the Department of Computer Science at the University of Salzburg, Autria, November 2008 [4]Biometric system diagram.png from Wikimedia Commons. Permission granted under the GNU Free Documentation Licence. http://en.wikipedia.org/wiki/file:biometric_system_diagram.png
QUIZ 1. Name 1 physiological and 1 behavioural trait used in biometric cryptosystems? 2. Name the 2 main processes involved in biometric cryptosystems? 3. True or False. You improved your biometric cryptosystem algorithm by adjusting your error threshold to lower both your false acceptance rate(far) and false rejecting rate(frr). 4. What is one of the greatest challenge when dealing with biometric cryptosystems? (hint: think about biometrics measurements) 5. In the biometric cryptosystem Fuzzy Vault scheme, how is the vault created?